Intercepting functions in the Linux kernel using ftrace

Intercepting functions in the Linux kernel using ftrace
 
In one project related to the security of Linux systems, we needed to intercept calls to important functions inside the kernel (such as opening files and running processes) to enable monitoring of activity in the system and preventive activity blocking of suspicious processes.
 
 
In the development process, we managed to invent a fairly good approach, which makes it convenient to intercept any function in the kernel by name and execute its code around its calls. The interceptor can be installed from the bootable GPL-module, without rebuilding the kernel. The approach supports kernels of versions ???+ for ...
+ 0 -

Two-factor authentication in Windows and data encryption without a CA and domain

Two-factor authentication in Windows and data encryption without a CA and domainToday we will describe how you can quickly and easily configure two-factor authentication and encrypt important data, even with the possibility of using biometrics. The solution will be relevant for small companies or simply for a personal computer or laptop. It is important that for this we do not need a public key infrastructure (PKI), a server with a Certificate Services role, or even a domain (Active Directory). All system requirements will be reduced to the Windows operating system and the user has an electronic key, and in the case of biometric authentication, the fingerprint reader, which...
+ 0 -

Using std :: optional in C ++ 17

Using std :: optional in C ++ 17
 
Let's take a couple of the two types - What can you do with a composition of this kind?
 

In this article I will tell you about std :: optional - A new helper type added to C ++ 17. This is a wrapper for your type and the flag indicates whether your value is initialized or not. Let's see where this can be useful.


 

Introduction


 

By adding logical flags to other types, you can achieve what is called "Nullable types". As mentioned earlier, the flag is used to indicate whether a value is available or not. Such a wrapper expressively represents an object that can be empty (not through ...

+ 0 -

Refactoring using C ++ 17 std :: optional

Refactoring using C ++ 17 std :: optional
 
In development, there are many situations when you need to express something using " optional " - an object that may contain some value, or may not contain it. You can implement the optional type with several options, but with C ++ 17 you can implement it using the most convenient option: std :: optional.
 

Today I have prepared for you one refactoring task, to which you can learn how to apply the new C ++ feature 17.


 

Introduction


 

Let's quickly immerse ourselves in the code.


 

Imagine that there is a function that takes the object ObjSelection , which is...

+ 0 -

The Arbitrary Code Guard (ACG) mechanism is an example of Microsoft Edge

The Arbitrary Code Guard (ACG) mechanism is an example of Microsoft EdgeDisclaimer [/b]
 
This publication is a translation of part of document "Bypassing Mitigations by Attacking JIT Server in Microsoft Edge" from Ivan Fratric (Google Project Zero). The part that contains the description of the ACG mechanism and its application in the Microsoft Edge browser is translated. Beyond this translation, there is a more detailed description of the inside of the JIT in the Chakra (Microsoft Edge jаvascript Engine) and the vectors of the attack on it (describing the vulnerabilities found corrected by the time the document was published).
 
By the nature of my professional ...
+ 0 -

Operating systems from scratch; level 3 (the older half)

Operating systems from scratch; level 3 (the older half) In this part, we'll add the interrupt processing and take on the scheduler. Finally, we will have the elements of a multitasking operating system! Of course this is only the beginning of the topic. One timer interrupt, one system call, the basic part of a simple thread scheduler. Nothing complicated. However, by this we will prepare a springboard for the creation of a full-fledged system that will deal with the most real processes without any "buts." Just like in these your lines and others. Until the end of
this
course is already a little less than half.
 
Zero lab
 
The f...
+ 0 -

Let's make Windows slower! Part one: file access

Let's make Windows slower! Part one: file access Windows has long been reproached for the slowness of its file operations and the slow creation of processes. Why not try to make them even slower? This article will show how to slow down file operations in Windows by about 10 times from their normal speed (or even more), and these methods are practically not amenable to tracking by a normal user.
 
 
And, of course, we will learn to detect and correct such situations. The whole text is written on the basis of the problem I encountered a couple of months ago, so everything written below is completely real.
 
file system...
+ 0 -

Operating systems from scratch; level 3 (lower half)

Operating systems from scratch; level 3 (lower half)
 
In this lab, we will implement the ability to run custom programs. Those. processes and the entire dependent infrastructure. In the beginning, we'll figure out how to switch from privileged code, how to switch process contexts. Then we implement a simple round-robin scheduler, system calls and virtual memory management. In the end, we will remove our shell from the kernel space into the user space.
 
original
 
Zero lab
 
The first lab: the younger half and ...
+ 0 -

Implementation of processing of commands on CallTable with modules on modern C ++

In this article I will describe the process of developing a class "call tables" and applying the resulting class to extend the functionality of the program using modules.
 

On the problem


 
There is a server that accepts commands. At the input, it gets the index of the command and its parameters, performs the actions, and returns the result. Command indexes are consistent: ???? etc. At startup, the server has several basic commands (in my case 20), the others are added by modules during operation. To solve this problem, CallTable is well suited.
 
...[/h]
+ 0 -

Web installer on pure WINAPI with Hi-DPI support and

Web installer on pure WINAPI with Hi-DPI support andvector logo.In our time, this is probably one of the main applications for applications written in pure WINAPI. Write something more serious than a few simple windows on a clean WINAPI is not so fun, but a small installer - the most it.  Since in the courtyard of 201? just writing an application is not very good. Let's meet the trends of the times - the installer will support Hi-DPI modes. Even in laptops already 4K screens are not uncommon, what can we say about desktops. Well, since the installer - this is something that should quickly boot up we will save on what is really not difficult to do yourself...
+ 0 -