PDA

View Full Version : Binary-Auditing Solutions.


BanMe
September 4th, 2009, 00:18
I am Currently working on the C++ Fundementals,and will be presenting my solutions here. As the Downloads have just been released.. I currently dont have any solutions ready,but I'm working on the PH of Coffee and that solution should be ready tommorow..this will be updated soon with further posts and solutions soon, hopefully I will be able to complete 'most' solutions in code that only uses ntdll,but I know that not 'all solutions' will be allow me to take this route.

If you are also working on this line of learning,
Contact me and maybe we can do it together..

BanMe

BanMe
September 5th, 2009, 00:47
yea wtf im slow..

but its harder then anticiapated..or i make it harder.. lol..

here what ive got for PHOfCoffee so far...and damned if NtOpen\CreateFile Dont always cause me problems, but I wanna get this one.. so no help plz!! here is what ive got for the first solution so far..the target file to parse 'has' to be in the CurrentDirectory for now,ill change that later.. this is most certainly incomplete..and im tired..I should definitly have the rest of it done by tommorow...

Code:

HANDLE hFile = INVALID_HANDLE_VALUE;
wchar_t wDosName[MAX_PATH] = {0};
UNICODE_STRING wNtName = {0};
char aFileName[MAX_PATH] = {0};
OBJECT_ATTRIBUTES oa = {0};
IO_STATUS_BLOCK ios = {0};
NTSTATUS Status = 0;
size_t wLen = 0;
cout<<"This is the Solution for Finding the Average of a random set of values"<<endl;
cout<<"Please Input File Name"<<endl;
cin >>aFileName;
GetCurrentDirectory(MAX_PATH,(wchar_t*)wDosName);
wLen = wcslen((wchar_t*)wDosName);
wcsncpy((wchar_t*)(ULONG)wDosName+wLen,L"\\",2);
wLen = wcslen((wchar_t*)wDosName);
wLen += wLen;
mbstowcs((wchar_t*)((ULONG)wDosName+wLen),(char*)&aFileName,strlen(aFileName));
RtlDosPathNameToNtPathName_U(wDosName,&wNtName,0,0);
InitializeObjectAttributes(&oa,&wNtName,OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE,0,0);
Status = NtOpenFile(&hFile,GENERIC_READ|SYNCHRONIZE,&oa,&ios,0,FILE_NON_DIRECTORY_FILE|FILE_SYNCHRONOUS_IO_ALERT);

BanMe
September 16th, 2009, 12:04
I'm still not done with the first solution yet..I guess I would fail if this was a real course in a college, but w/e..this is pretty close to my final solution for this problem,so here is the updated version..I havent completed adding all the references to the used API or added any explanation to why I did things this way..but I am getting there.. I hope someone learns something from this

Code:

#include <windows.h>
#include <ntdll.h>
#include <commdlg.h>
#include <stdlib.h>
#include <iostream>
using namespace std;
#pragma comment(lib,"Comdlg32.lib"
int __cdecl Main(int argc,char *argv[])
{
wchar_t wFullPath[MAX_PATH] = {0};
wchar_t wFileName[MAX_PATH] = {0};
wchar_t wFileExt[MAX_PATH] = {0};
char ReadBuffer[MAX_PATH] = {0};
OPENFILENAME ofn = {0};
HANDLE hFile = 0;
ULONG BytesRead = 0;
char *StrBuf = 0;
char *InpBuf = 0;
int NumInputs = 0;
int sIndex = 0;
float Inputs[100] = {0};
wcout<<L"This is the solution for finding the average of a random set of values."<<endl;
wcout<<L"Please select input file"<<endl;
memset(&Inputs,0,sizeof(float)*100);
ofn.lStructSize = sizeof(OPENFILENAME);
ofn.hwndOwner = NULL;
ofn.lpstrFile = wFullPath;
ofn.lpstrFile[0] = '\0';
ofn.nMaxFile = sizeof( wFullPath );
ofn.lpstrFilter = L"Text\0*.TXT\0";
ofn.nFilterIndex =1;
ofn.lpstrFileTitle = NULL;
ofn.nMaxFileTitle = 0;
ofn.lpstrInitialDir=NULL;
ofn.Flags = OFN_PATHMUSTEXIST|OFN_FILEMUSTEXIST;
//http://msdn.microsoft.com/en-us/library/ms646927(VS.85).aspx
GetOpenFileName(&ofn);
//http://msdn.microsoft.com/en-us/library/e737s6tf.aspx
_wsplitpath(wFullPath,0,0,wFileName,wFileExt);
wcout<<wFileName<<wFileExt<<L" selected"<<endl;
wcout<<L"Beginning processing of file."<<endl;
wcout<<L"Now validating file structure."<<endl;
//http://msdn.microsoft.com/en-us/library/bb540534(VS.85).aspx
hFile = CreateFile(wFullPath,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
if(hFile == INVALID_HANDLE_VALUE)
{
wcout<<L"Failed to open file.."<<endl;
return 1;
}
if(ReadFile(hFile,ReadBuffer,MAX_PATH,&BytesRead,0) == FALSE)
{
wcout<<L"Failed to read file.."<<endl;
CloseHandle(hFile);
return 2;
}
if(BytesRead > 0)
{
//http://msdn.microsoft.com/en-us/library/zkx076cy(VS.80).aspx
if(!sscanf(ReadBuffer,"%d",&NumInputs))
{
wcout<<L"Failed Validation"<<endl;
return 3;
}
if(NumInputs > 98)
{
wcout<<L"Inputs to high"<<endl;
return 4;
}
wcout<<L"Successful Validation of File Structure."<<endl;
wcout<<L"Number of Inputs:"<<NumInputs<<endl;
wcout<<L"Begin parsing of file data."<<endl;
StrBuf = strstr(ReadBuffer,"\r\n";
InpBuf = strtok(StrBuf,"\r\n";
for(int i = 0;i<NumInputs;i++)
{
Inputs[I] = atof(InpBuf);
Inputs[NumInputs+1] += Inputs[I];
InpBuf = strtok(NULL,"\r\n";
}

}
CloseHandle(hFile);
return 0;
}


this produces code that will not be executes in part..can you see it?
also here is a sample output of from my 'current' source ..

Code:

This is the solution for finding the average of a random set of values.
Please select input file
test.txt selected
Beginning processing of file.
Now validating file structure.
Successful Validation of File Structure.
Number of Inputs:13
Begin parsing of file data.
Data[0] = 5.6
Data[1] = 6.2
Data[2] = 6
Data[3] = 5.5
Data[4] = 5.7
Data[5] = 6.1
Data[6] = 7.4
Data[7] = 5.5
Data[8] = 5.5
Data[9] = 6.3
Data[10] = 6.4
Data[11] = 4
Data[12] = 6.9
Prelimanary Result: 5.93077


I think i need to use the floating point precision option to attain the presented result of 5.930769230769231 in the cpp_fundementals pdf..but ill get to that ;P

also im being 'followed'..someone is tracking me.. o0 I dont even know what a trackback is..but it sounds scary

owl
September 18th, 2009, 07:28
I am working on this too. However, I still haven't started any of the programs, instead, I decided to read the book first. My C++ programing skills are very basic/rustic so I don't expect to be of any help, and I see this more like an opportunity to learn the language of the same time.

Thanks for posting your solutions as you are working on it. It is very instructive.

BanMe
September 18th, 2009, 10:25
This is heartening and emboldening
Thank you for your kind words and open response, that above all else I value.

If ever you need help, or have questions, I would be glad to help,don't hesitate to contact me in any way you see fit

regards BanMe

BanMe
September 21st, 2009, 20:01
I'm finally finished 1.1..here is my code..it also reflects the point made by kilchen in x64 Calling convention thread..admittedly this is a 'hack and a half' but wtf it works.. :}

I havent read the book yet so this could be all wrong...

Code:

#include <windows.h>
#include <ntdll.h>
#include <commdlg.h>
#include <stdlib.h>
#include <iostream>
using namespace std;
#pragma comment(lib,"Comdlg32.lib"
int __cdecl Main(int argc,char *argv[])
{
//vars for file path
wchar_t wFullPath[MAX_PATH] = {0};
wchar_t wFileName[MAX_PATH] = {0};
wchar_t wFileExt[MAX_PATH] = {0};
//var for storage of text..I know I should do a chunk at a time
//approach for this..but gimme a brake..this was hard enough.. :}
char ReadBuffer[MAX_PATH] = {0};
//structure for GetOpenFileName()
OPENFILENAME ofn = {0};
//Handle to the selected file
HANDLE hFile = 0;
//var that stores the bytes read from the selected file
ULONG BytesRead = 0;
//string tokenize vars
char *StrBuf = 0;
char *InpBuf = 0;
//var that hold the number of inputs that come with interpretting this data structure
int NumInputs = 0;
//interators and storage indexers
int i = 0,x = 0;
//vars for data testing storage and results
float fData,tData = 0;
float fResult = 0;
float Inputs[100] = {0};
//program run modifyier
bool fRun = 0;
wcout<<L"This is the solution for finding the average of a random set of values."<<endl;
wcout<<L"Please select input file"<<endl;
//set the storage to all 0's
memset(&Inputs,0,sizeof(float)*100);
//setup the structure for GetOpenFileName
ofn.lStructSize = sizeof(OPENFILENAME);
ofn.hwndOwner = NULL;
ofn.lpstrFile = wFullPath;
ofn.lpstrFile[0] = '\0';
ofn.nMaxFile = sizeof( wFullPath );
ofn.lpstrFilter = L"Text\0*.TXT\0";
ofn.nFilterIndex =1;
ofn.lpstrFileTitle = NULL;
ofn.nMaxFileTitle = 0;
ofn.lpstrInitialDir=NULL;
ofn.Flags = OFN_PATHMUSTEXIST|OFN_FILEMUSTEXIST;
//http://msdn.microsoft.com/en-us/library/ms646927(VS.85).aspx
GetOpenFileName(&ofn);
//http://msdn.microsoft.com/en-us/library/e737s6tf.aspx
_wsplitpath(wFullPath,0,0,wFileName,wFileExt);
wcout<<wFileName<<wFileExt<<L" selected"<<endl;
wcout<<L"Beginning processing of file."<<endl;
wcout<<L"Now validating file structure."<<endl;
//http://msdn.microsoft.com/en-us/library/bb540534(VS.85).aspx
//Open the selected file
hFile = CreateFile(wFullPath,GENERIC_READ,FILE_SHARE_READ,0,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,0);
if(hFile == INVALID_HANDLE_VALUE)
{
wcout<<L"Failed to open file.."<<endl;
return 1;
}
//Read the file into ReadBuffer
if(ReadFile(hFile,ReadBuffer,MAX_PATH,&BytesRead,0) == FALSE)
{
wcout<<L"Failed to read file.."<<endl;
CloseHandle(hFile);
return 2;
}
//test if we read anything
if(BytesRead > 0)
{
//http://msdn.microsoft.com/en-us/library/zkx076cy(VS.80).aspx
if(!sscanf(ReadBuffer,"%d",&NumInputs))
{
wcout<<L"Failed Validation"<<endl;
return 3;
}
if(NumInputs > 98)
{
wcout<<L"Inputs to high"<<endl;
return 4;
}
wcout<<L"Successful Validation of File Structure."<<endl;
wcout<<L"Number of Inputs:"<<NumInputs<<endl;
wcout<<L"Begin parsing of file data."<<endl;
//http://msdn.microsoft.com/en-us/library/z9da80kz(VS.80).aspx
//get past the first carriage return and newline separators.
StrBuf = strstr(ReadBuffer,"\r\n";
//http://msdn.microsoft.com/en-us/library/2c8d19sb(VS.71).aspx
//tokenize the string to separate out the data
InpBuf = strtok(StrBuf,"\r\n";
Digest:
//make sure result = 0 so no tainting occurs..(bug #3)
fResult = 0;
for(i = 0;i<NumInputs;i++)
{
if(!fRun)
{
//change the ascii to floats(really doubles..)
Inputs[I] = atof(InpBuf);
}
//add up the result and check for -1 that signifies faulty data.
fResult += Inputs[I] != -1 ? Inputs[I] : 0;
if(!fRun)
{
wcout<<L"Data["<<i<<L"]"<<L" = "<<Inputs[I]<<endl;
//get next tokenized string part
InpBuf = strtok(NULL,"\r\n";
}
}
if(!fRun)
{
//caclulate the prelimanary result added
//up result divided by the number of inputs
fResult = fResult/NumInputs;
wcout<<L"Prelimanary average result: "<<fResult<<endl;
wcout<<L"Scanning array for faulty data"<<endl;
i = 0;
//x equals NumInputs + 1 because we want 2 unused areas
x = NumInputs + 1;
do
{
//check storage for current farthest value
if(Inputs[x - 1] == 0)
{
//calculate the proper subtraction sequence
fData = Inputs[I] > fResult ? Inputs[I] - fResult : fResult - Inputs[I];
}
else
{
//set fData to current farthest value..(unneeded..but w/e)
fData = Inputs[x - 1];
}
//increment i to calculate next subtraction sequence
i++;
tData = Inputs[I] > fResult ? Inputs[I] - fResult : fResult - Inputs[I];
//if current fData > tData and i == 1 the index of fData = i - 1 or 0..
if(fData > tData && i == 1)
{
Inputs[x] = i - 1;
//store the fartherest data in NumInputs or x - 1..for all those following..
Inputs[x - 1] = fData;
}
//blah blah blah see above adjust as seen below ;p
if(tData > fData)
{
Inputs[x] = i;
Inputs[x - 1] = tData;
}
}while(i < NumInputs -1);
i = Inputs[x];
wcout<<L"Faulty data: "<<Inputs[I]<<L" Index:"<<i<<endl;
wcout<<L"Modifying faulty data."<<endl;
Inputs[I] = -1;
fRun++;
goto Digest;
}
else
{
//calculate the final result,
//Result = sum of array divided by NumInputs - 1
//to account for the removed data..
fResult = fResult/(NumInputs - 1);
wcout<<L"Final average result: "<<fResult<<endl;
}
}
wcout<<L"Finished"<<endl;
CloseHandle(hFile);
return 0;
}


sample output
Code:

This is the solution for finding the average of a random set of values.
Please select input file
test.txt selected
Beginning processing of file.
Now validating file structure.
Successful Validation of File Structure.
Number of Inputs:13
Begin parsing of file data.
Data[0] = 5.6
Data[1] = 6.2
Data[2] = 6
Data[3] = 5.5
Data[4] = 5.7
Data[5] = 6.1
Data[6] = 7.4
Data[7] = 5.5
Data[8] = 5.5
Data[9] = 6.3
Data[10] = 6.4
Data[11] = 4
Data[12] = 6.9
Prelimanary average result: 5.93077
Scanning array for faulty data
Faulty data: 4 Index:11
Modifying faulty data.
Final average result: 6.09167




I hope you learn something cause I definitly did in the making of this..

BanMe

owl
September 24th, 2009, 08:57
yes, that I have a lot to do when I start tacking the problems.

BanMe
September 24th, 2009, 13:07
I am having trouble understandin how to get solution 1.2 done in just 3 lines..
a double for loop and a cout is what I seem to be heading for..

something like this..Im (trying) to do this off the top of my head, so bear with me..and ignore the ugliness
Code:

void main(void)
{
for(int i = 0;i<64;i+8)
{
for(int x = 0;x<8*64;x++)
{
cout<<i<<endl;
}
}
}


that still looks wrong to me..

BanMe

BanMe
September 24th, 2009, 14:32
Code:

#include <windows.h>
#include <stdlib.h>
#include <iostream>
using namespace std;
int __cdecl Main(int argc,char *argv[])
{
for(int i=0;i<=64;i+=8)
{
for(int x = 0;x<8*64;x++)
{
cout<<i<<endl;
}
}
return 0;
}


to obtain output compile as console and place breakpoint at return 0..

also to obtain the required text file,I did this in command prompt 64x64-image > img.txt

|edit|
turns out that is wrong..
Code:

for(int i=0;i<=8*64;i+=8)
{
for(int x = 0;x<8*64;x++)
{
cout<<i<<endl;
}
}


This should provide the 'correct' output file for excercise 1.2,this file seems to be necessary input for the next excercise..next 1.3
|/edit|

regards BanMe

BanMe
September 27th, 2009, 22:46
Code:

#include <iostream>
using namespace std;
// my own way for 1.2 and 1.3 excercises xD
int __cdecl Main(int argc,char *argv[])
{
int i = 0,x = 0,e = 0;
int Data[32768] = {0};
do
{
for(x = 0;x<512;x++)
{
Data[e] = i;
e++;
}
i+=8;
}while(e!=32768);
i = x = e = 0;
do
{
for(i = 0;i<128;i++)
{
x = Data[e];
e++;
x = (x != 0) ? x/8:0;
switch(x)
{
case 0:
case 1:
case 2:
case 3:
case 4:
case 5:
case 6:
case 7:
{
cout<<" ";
break;
}
case 8:
case 9:
case 10:
case 11:
case 12:
case 13:
case 14:
case 15:
{
cout<<".";
break;
}
case 16:
case 17:
case 18:
case 19:
case 20:
case 21:
case 22:
case 23:
{
cout<<",";
break;
}
case 24:
case 25:
case 26:
case 27:
case 28:
case 29:
case 30:
case 31:
{
cout<<"-";
break;
}
case 32:
case 33:
case 34:
case 35:
case 36:
case 37:
case 38:
case 39:
{
cout<<"+";
break;
}
case 40:
case 41:
case 42:
case 43:
case 44:
case 45:
case 46:
case 47:
{
cout<<"o";
break;
}
case 48:
case 49:
case 50:
case 51:
case 52:
case 53:
case 54:
case 55:
{
cout<<"O";
break;
}
default:
{
cout<<"X";
break;
}
}
}
cout<<endl;
}while(e<= 32640);
return 0;
}


this is basicly useless..as I dont count it as a valid solution..for myself and just wanted to show it here..

regards BanMe