Search Results

Search found 9387 results on 376 pages for 'double byte'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 201/376 | < Previous Page | 197 198 199 200 201 202 203 204 205 206 207 208  | Next Page >

  • Jumping into argv?

    - by jth
    Hi, I`am experimenting with shellcode and stumbled upon the nop-slide technique. I wrote a little tool that takes buffer-size as a parameter and constructs a buffer like this: [ NOP | SC | RET ], with NOP taking half of the buffer, followed by the shellcode and the rest filled with the (guessed) return address. Its very similar to the tool aleph1 described in his famous paper. My vulnerable test-app is the same as in his paper: int main(int argc, char **argv) { char little_array[512]; if(argc>1) strcpy(little_array,argv[1]); return 0; } I tested it and well, it works: jth@insecure:~/no_nx_no_aslr$ ./victim $(./exploit 604 0) $ exit But honestly, I have no idea why. Okay, the saved eip was overwritten as intended, but instead of jumping somewhere into the buffer, it jumped into argv, I think. gdb showed up the following addresses before strcpy() was called: (gdb) i f Stack level 0, frame at 0xbffff1f0: eip = 0x80483ed in main (victim.c:7); saved eip 0x154b56 source language c. Arglist at 0xbffff1e8, args: argc=2, argv=0xbffff294 Locals at 0xbffff1e8, Previous frame's sp is 0xbffff1f0 Saved registers: ebp at 0xbffff1e8, eip at 0xbffff1ec Address of little_array: (gdb) print &little_array[0] $1 = 0xbfffefe8 "\020" After strcpy(): (gdb) i f Stack level 0, frame at 0xbffff1f0: eip = 0x804840d in main (victim.c:10); saved eip 0xbffff458 source language c. Arglist at 0xbffff1e8, args: argc=-1073744808, argv=0xbffff458 Locals at 0xbffff1e8, Previous frame's sp is 0xbffff1f0 Saved registers: ebp at 0xbffff1e8, eip at 0xbffff1ec So, what happened here? I used a 604 byte buffer to overflow little_array, so he certainly overwrote saved ebp, saved eip and argc and also argv with the guessed address 0xbffff458. Then, after returning, EIP pointed at 0xbffff458. But little_buffer resides at 0xbfffefe8, that`s a difference of 1136 byte, so he certainly isn't executing little_array. I followed execution with the stepi command and well, at 0xbffff458 and onwards, he executes NOPs and reaches the shellcode. I'am not quite sure why this is happening. First of all, am I correct that he executes my shellcode in argv, not little_array? And where does the loader(?) place argv onto the stack? I thought it follows immediately after argc, but between argc and 0xbffff458, there is a gap of 620 bytes. How is it possible that he successfully "lands" in the NOP-Pad at Address 0xbffff458, which is way above the saved eip at 0xbffff1ec? Can someone clarify this? I have actually no idea why this is working. My test-machine is an Ubuntu 9.10 32-Bit Machine without ASLR. victim has an executable stack, set with execstack -s. Thanks in advance.

    Read the article

  • How to handle when SSRS does not automatically update fields based on database query?

    - by badpanda
    So I am trying to change the number of fields in my dataset in SSRS and the refresh button is not picking up the added field from the SQL server. The query is definitely returning the correct data, as I have double checked in the server engine itself. Also, I have tried manually adding the field using the SSRS menu, but as soon as I execute it disappears. Any suggestions or similar experiences?

    Read the article

  • jQuery action being called when selector isn't met?

    - by dougoftheabaci
    I've been working on a prototype for a client's web site and I've run into a rather significant snag. You can view the prototype here. As you can see, the way it works is you can scroll a set of slides horizontally and, by clicking one, open a stack containing yet more slides. If you then click again on an image in that stack it opens up a lightbox. Clicking on another stack or the close button will close that stack (and open another, as case may be). That all works great. However you get some weird behavior if you do the following: Click to open any stack. Click to open an image's light box (this works best if you click on the image that's level with the main list). Close the light box and the stack either by clicking the close button or clicking on another stack. Click back to the first stack. Instead of reopening the stack, you get the lightbox. This confuses me as the light box should only ever be called if there is a class on the containing UL and that class is removed when the lightbox is closed. I've checked and double-checked this, it's definitely missing. Here are the respective functions: $("ul.hide a.lightbox").live("click",function(){ $("ul.show").removeClass("show").addClass("hide"); $(this).parent().parent().removeClass("hide").addClass("show"); $("ul.hide").animate({opacity: 0.2}); $("ul.show").animate({opacity: 1}); $("#next").animate({opacity: 0.2}); $("#prev").animate({opacity: 0.2}); return false; }); $("ul.show a.lightbox").live("click",function(){ $(this).fancybox().trigger("click"); return false; }); As you can see, in order for the lightbox to be called the containing UL has to have the class of show. However, if you check it with Firebug it won't. For those who are curious, the added .trigger("click"); is because the lightbox will require a double-click to launch otherwise. Any idea how I can fix this?

    Read the article

  • c++ templates: problem with member specialization

    - by ChAoS
    I am attempting to create a template "AutoClass" that create an arbitrary class with an arbitrary set of members, such as: AutoClass<int,int,double,double> a; a.set(1,1); a.set(0,2); a.set(3,99.7); std::cout << "Hello world! " << a.get(0) << " " << a.get(1) << " " << a.get(3) << std::endl; By now I have an AutoClass with a working "set" member: class nothing {}; template < typename T1 = nothing, typename T2 = nothing, typename T3 = nothing, typename T4 = nothing, typename T5 = nothing, typename T6 = nothing> class AutoClass; template <> class AutoClass<nothing, nothing, nothing, nothing, nothing, nothing> { public: template <typename U> void set(int n,U v){} }; template < typename T1, typename T2, typename T3, typename T4, typename T5, typename T6> class AutoClass: AutoClass<T2,T3,T4,T5,T6> { public: T1 V; template <typename U> void set(int n,U v) { if (n <= 0) V = v; else AutoClass<T2,T3,T4,T5,T6>::set(n-1,v); } }; and I started to have problems implementing the corresponding "get". This approach doesn't compile: template < typename T1, typename T2, typename T3, typename T4, typename T5, typename T6> class AutoClass: AutoClass<T2,T3,T4,T5,T6> { public: T1 V; template <typename U> void set(int n,U v) { if (n <= 0) V = v; else AutoClass<T2,T3,T4,T5,T6>::set(n-1,v); } template <typename W> W get(int n) { if (n <= 0) return V; else return AutoClass<T2,T3,T4,T5,T6>::get(n-1); } template <> T1 get(int n) { if (n <= 0) return V; else return AutoClass<T2,T3,T4,T5,T6>::get(n-1); } }; Besides, it seems I need to implement get for the <nothing, nothing, nothing, nothing, nothing, nothing> specialization. Any Idea on how to solve this?

    Read the article

  • google maps in android

    - by user367121
    Hello friends, I am a new user of google maps API in android OS. I have made a small application in which i am using google maps. I want to add a functionality that when i double click (multi touch) on a map the map should zoom in. IS there anybody who has an idea how to do this or if it is possible please provid a code example. Thanks in advance. BR, SilentCoders

    Read the article

  • How Do I grep For non-ASCII Characters in UNIX

    - by Peter Conrey
    I have several very large XML files and I'm trying to find the lines that contain non-ASCII characters. I've tried the following: grep -e "[\x{00FF}-\x{FFFF}]" file.xml But this returns every line in the file, regardless of whether the line contains a character in the range specified. Do I have the syntax wrong or am I doing something else wrong? I've also tried: egrep "[\x{00FF}-\x{FFFF}]" file.xml (with both single and double quotes surrounding the pattern).

    Read the article

  • Read/Write Excel Files Directly To/From Memory

    - by Corey O.
    Several people have asked, in a roundabout way, but I have yet to see a workable solution. Is there any way to open an excel file from directly memory (like a byte[]) ? Likewise is there a way to write a file directly to memory? I am looking for solutions that will not involve the hard disk or juggling temporary files. Thanks in advance for any suggestions.

    Read the article

  • Writing " to a file in bash.

    - by S1syphus
    Simply I need to write "echo" t${count} = "$"t${count}" To a text file, including all the So the output would be something like: echo " t1 = $t1" With " as they are. So I have tried: count=1 saveIFS="$IFS" IFS=$'\n' array=($(<TEST.txt)) IFS="$saveIFS" for i in "${array[@]}" do echo "echo" t${count} = "$"t${count}"" (( count++ )) done >> long1.txt And variations on this such as: echo "echo" """"" t${count} = "$"t${count}"" But I guess the wrapping in double " is only for variables. Ideas?

    Read the article

  • a console code editor with CUA (ctrl-x ctrl-v ...) key bindings (unlike vi)

    - by clyfe
    I'm searching for a console code editor with CUA key bindings (ctrl-x c v etc.) Right now i'm toying mcedit but i don't really like it. My desired features are: * be fast * CUA key bindings (ctrl-x c v etc.) * toggle show line numbers * find/replace/goto line * bind custom keys to action( ctrl-shift-arrowdown to double the curent line etc.) * nice simple vi-like interface (no pointless menus) * be able to programatically extend it ... etc.

    Read the article

  • Help with XML SerializableDictionary in C#

    - by psilos
    Hi I am using the class public class SerializableDictionary : Dictionary, IXmlSerializable in order to serialize a dictionary. However it doesnt work when as values I have collelctions (eg List) or tyes other than the primitive types (eg. int, double, string....). My question is which types the TKey, TValue imply or can hold, and if there is way to have a serializable dictionary which collections as values.

    Read the article

  • lock-free memory reclamation with 64bit pointers

    - by JDonner
    Herlihy and Shavit's book (The Art of Multiprocessor Programming) solution to memory reclamation uses Java's AtomicStampedReference<T>;. To write one in C++ for the x86_64 I imagine requires at least a 12 byte swap operation - 8 for a 64bit pointer and 4 for the int. Is there x86 hardware support for this and if not, any pointers on how to do wait-free memory reclamation without it?

    Read the article

  • text from a file turned into a variable?

    - by b3y4z1d
    If I made a program that stores strings on a text file using the "list"-function(#include ), and then I want to copy all of the text from that file and call it something(so I can tell the program to type in all of the text I copied somewhere by using that one variable to refer to the text), do I use a string,double,int or what do I declare that chunk of text as? I'm making the program using c++ in a simple console application.

    Read the article

  • XmlSerializer.Deserialize blocks over NetworkStream

    - by Luca
    I'm trying to sends XML serializable objects over a network stream. I've already used this on an UDP broadcast server, where it receive UDP messages from the local network. Here a snippet of the server side: while (mServiceStopFlag == false) { if (mSocket.Available > 0) { IPEndPoint ipEndPoint = new IPEndPoint(IPAddress.Any, DiscoveryPort); byte[] bData; // Receive discovery message bData = mSocket.Receive(ref ipEndPoint); // Handle discovery message HandleDiscoveryMessage(ipEndPoint.Address, bData); ... Instead this is the client side: IPEndPoint ipEndPoint = new IPEndPoint(IPAddress.Broadcast, DiscoveryPort); MemoryStream mStream = new MemoryStream(); byte[] bData; // Create broadcast UDP server mSocket = new UdpClient(); mSocket.EnableBroadcast = true; // Create datagram data foreach (NetService s in ctx.Services) XmlHelper.SerializeClass<NetService>(mStream, s); bData = mStream.GetBuffer(); // Notify the services while (mServiceStopFlag == false) { mSocket.Send(bData, (int)mStream.Length, ipEndPoint); Thread.Sleep(DefaultServiceLatency); } It works very fine. But now i'me trying to get the same result, but on a TcpClient socket, but the using directly an XMLSerializer instance: On server side: TcpClient sSocket = k.Key; ServiceContext sContext = k.Value; Message msg = new Message(); while (sSocket.Connected == true) { if (sSocket.Available > 0) { StreamReader tr = new StreamReader(sSocket.GetStream()); msg = (Message)mXmlSerialize.Deserialize(tr); // Handle message msg = sContext.Handler(msg); // Reply with another message if (msg != null) mXmlSerialize.Serialize(sSocket.GetStream(), msg); } else Thread.Sleep(40); } And on client side: NetworkStream mSocketStream; Message rMessage; // Network stream mSocketStream = mSocket.GetStream(); // Send the message mXmlSerialize.Serialize(mSocketStream, msg); // Receive the answer rMessage = (Message)mXmlSerialize.Deserialize(mSocketStream); return (rMessage); The data is sent (Available property is greater then 0), but the method XmlSerialize.Deserialize (which should deserialize the Message class) blocks. What am I missing?

    Read the article

  • Name the pattern - Create, Set, Execute, Destroy?

    - by Seb Nilsson
    I somewhere heard that the .NET Framework was built around specific pattern, which they tried to uphold as much as possible. var rsa = new RSACryptoServiceProvider(); // Create rsa.ImportParameters(GetParameters()); // Set byte[] encrypted = rsa.Encrypt(data, true); // Execute // Destroyed by garbage-collector Are there any variants of this? What are the general pros and cons?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 197 198 199 200 201 202 203 204 205 206 207 208  | Next Page >