|
Nah, thats too hard. It is easier to type an entire question into CP than those two switches into google....
==============================
Nothing to say.
|
|
|
|
|
In this case I went direct to MSDN, so no need for Google. Who said TINA?
|
|
|
|
|
Hi Guys! I'm a newbie here. I wanna match the PID in Windows Task Manager with the checksum/hash value generated by dynamic base ASLR in Visual Studio 2010? I have already enabled the ASLR in Visual Studio 2010 but no data is received. Any idea how?
<b>Clues:</b>
1. Windows functions CreateToolhelp32Snapshot
2. MODULEENTRY32
3. Windows function OpenProcess
Appreciate it very much guys.
Giggsey
|
|
|
|
|
Giggsey73 wrote: <b>Clues:</b>
1. Windows functions CreateToolhelp32Snapshot
2. MODULEENTRY32
3. Windows function OpenProcess
Are you wanting to know how to use these functions/structures?
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"Show me a community that obeys the Ten Commandments and I'll show you a less crowded prison system." - Anonymous
|
|
|
|
|
Yes please. I'm rushing in the middle of a project & need to use this functions? I aint got a clue.
Thanx.
|
|
|
|
|
Google was of no help? What exactly did you search for? Did you try this? Another example can be found here.
"One man's wage rise is another man's price increase." - Harold Wilson
"Fireproof doesn't mean the fire will never come. It means when the fire comes that you will be able to withstand it." - Michael Simmons
"Show me a community that obeys the Ten Commandments and I'll show you a less crowded prison system." - Anonymous
|
|
|
|
|
Sori, i need to go to sleep. Will discuss tmrow then.
Good night.
|
|
|
|
|
Hi David. With reference to yday's question,how is it possible to link process_checksum enabled by ASLR in Visual Studio 2010 to the command prompt?
Example:
c:Users\User\Documents\Visual Studio 2010\Projects\process_checksum\Debug>process_checksum.exe
Appreciate it very much.
Giggsey
|
|
|
|
|
Giggsey,
I am having trouble comprehending the question you are asking. Don't worry... I know that English is not your mother tongue. Your original question appears to be gibberish. Could you be more specific?
The problem is that the acronym 'ASLR' is security related... pertaining to randomization of DLL base addresses and stack/heap allocation randomizations to help mitigate aurora attacks (heap-spraying) and ROP shell code.
Are you asking how to enable ASLR in your project? If so... you would want to enable /DYNAMICBASE[^]
Best Wishes,
-David Delaune
|
|
|
|
|
Hi. Actually I am a novice to computing.
BTW, I got the cmd line from other sources.
c:Users\User\Documents\Visual Studio 2010\Projects\process_checksum\Debug>process_checksum.exe
By right, if u run the cmd, it will prompt u to enter PID.
Then the following data will be generated:
Name, Path, Image Base, PE Signature,...., and finally hash/checksum value which i'm so desperately looking for.
I have difficulty in finding/linking(whatever) this process_checksum. Bcoz in the end I would be able get the hash or checksum value of the file. That's all.
Many thanks.
Giggsey
|
|
|
|
|
Giggsey,
No problem. I completely understand that you are a novice and looking for guidance. It sounds to me as if you need to do quite a bit more research so that you can build a more complete understanding of these topics.
If you are looking to understand more about the PE hash algorithm then you should have a look at the article: An Analysis of the Windows PE Checksum Algorithm[^].
If you want to list the characteristics of arbitrary PE images (executable files) then have a look at the article: XPEInfo - a non-MFC class to get info from PE file[^].
I understand that you are working with a particular Visual Studio project named process_checksum. If you are having trouble compiling the application feel free to describe the exact details of the problem you are having.
I still do not understand the details of your problem. I suspect that it is because you do not know the verbiage to properly form the question.
Best Wishes,
-David Delaune
|
|
|
|
|
Hi David.
Yeah, u r right. I have problem in compiling the application especially. I had read the articles but still a bit confused.
So, what should I be doing then? Can u shed some light into this?
Appreciate it very much.
Giggsey
|
|
|
|
|
Giggsey73 wrote: Yeah, u r right. I have problem in compiling the application especially. I had read the articles but still a bit confused.
So, what should I be doing then? Can u shed some light into this?
No, I cannot help you without knowing the problem. If you are receiving a compilation or linking error then you should paste the error message here.
Best Wishes,
-David Delaune
|
|
|
|
|
I need to create a process_checksum.exe first before I can compile.
How do i go about creating it?
Regards,
Giggesy
|
|
|
|
|
Giggsey73 wrote: I need to create a process_checksum.exe first before I can compile.
<layer>How do i go about creating it?
Giggesy,
I am sorry but I can no longer help you. You continue to give paradoxical statements that are without a clear meaning.
Good luck with your project.
Best Wishes,
-David Delaune
|
|
|
|
|
Hi!
Is it possible to write a program with out main() function in C++?
If yes, Erom where the execution begins for such a program?
|
|
|
|
|
Yes, you can by using the Linker /ENTRY[^] option. However, you will not have the full C library initialised so it is your program's responsibility to set the environment correctly.
|
|
|
|
|
Richard MacCutchan wrote:
using the Linker /ENTRY[^]
I checked the project property pages. It's also empty. From where it comes?
|
|
|
|
|
Go to the Linker section, click on Advanced, and add your start label name to the Entry Point item.
|
|
|
|
|
In standard C++ it isn't possible.
As Richard mentioned you can specify an entry point for MSVC and other linkers allow you to do the same thing but you'll have a few hurdles to jump:
- The parameters to whatever function you define as the entry point will probably not be argc and argv
- Depending on the start-up code you're avoiding static and global objects may not be initialised (no great loss though)
- The language runtime library, even if linked, probably won't be initialised
- Anything that relies on the OS interacting with the language might go screwy (e.g. if new/delete expects allocations to come out of a heap the runtime allocates on start-up)
About the only place I've used this trick, had it work and be useful was back programming for Windows 3.1 when I was trying to keep the size of code down to a minimum and I was willing to pay the price for having an emasculated language. Basically if you're happy programming in assembler and using the OS and your own code for everything then then it may have some use.
|
|
|
|
|
Hi Mr. Univoter, any chance you can tell me why you voted me down? This is so I can either/or:
- improve my answer and perhaps leaarn how to express myself better next time
- learn something
- disagree with you and say why and let other people make up their mind
I don't do tit for tat univoting so don't let that stand in your way!
Ash
|
|
|
|
|
Hello All,
I have a hang dump from client. But the corresponding pdb are not available as it is a legacy project.
Is it possible to know whether my components are responsible for this hang without pdb's.
Thanks in advance.
|
|
|
|
|
It is possible, but without the PDB file, you will have to deal with memory addresses instead of symbols during analysis.
It would take more time and patience, but it is definitely possible.
All the best.
|
|
|
|
|
Hi,
is there any good tutorial on how to analyze hang dump when there is no PDB. I googled but failed to get good one.
Thanks for your help
|
|
|
|
|
To a certain extent, yes.
You need to set windbg to use Microsofts public symbol server, look in Windbg Help for symsrv.
this will suck down pdbs for all MS components leaving yours and third party ones. Hopefully, you can see in the stack where your code is calling into MS code and therefore what part is hanging.
of course you should archive all pdb files with the built exes.
==============================
Nothing to say.
|
|
|
|