ejes consulting

Techincal Consulting Design and Automation

Archive for the ‘Commentary’ Category

Mac OS X Swap File Optimization

leave a comment »

So I like OS X.  It’s a UNIX desktop done well, it’s well designed, beautiful and easy to use.

With all I love about OS X, there are things that I absolutely HATE.  They could, for example, use the Unix Filesystem Hierarchy (https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard) but this article is more about how there is no easy way to modify your swap file and it’s usage.

I understand the desire to keep these kinds of settings under the covers from users who may be in experienced or not know exactly what they’re doing, but they could make it a little simpler to get your hands on.

Nevertheless, it’s not impossible.  During my research, I came upon this guys site (http://osxdaily.com/2010/10/08/mac-virtual-memory-swap/) and with this info (read it, it’s short) you can re-mount your swap files on a new filesystem.

In OS X, swap files are stored at /private/var/vm, so that’s where we’ll concentrate our filesystem changes.

First things first, though, we have to disable the swap files.  Thankfully, this can be done from the command prompt, but before you do disable virtual memory, you should not be running any applications.  If possible disable all network services, and close all programs before releasing all virtual memory, if you leave programs, (especially swapped, unfocused or background ones) open, you may have problems, otherwise consider yourself warned.

Disable “Dynamic Pager” (swap):

Mac-Mini:~ root# launchctl unload -w /System/Library/LaunchDaemons/com.apple.dynamic_pager.plist

After this command is done, you can safely delete everything in the /private/var/vm/ directory.

Mac-Mini:~ root# rm /private/var/vm/*

Then simply mount your new filesystem.  Mine is “msdos”, I figured that having less overhead would make it slightly quicker.   Though a security remember: these files would be readable by perhaps the wrong people, and could be used for malicious reasons or for information gathering purposes (ex. http://www.linuxjournal.com/content/doing-reverse-hex-dump).

Mac-Mini:~ root# mount -t msdos /dev/disk1s1 /private/var/vm

Then you can re-enable dynamic pager (swap, virtual memory), don’t forget the “-wF” the F probably means “force”:

Mac-Mini:~ root# launchctl load -wF /System/Library/LaunchDaemons/com.apple.dynamic_pager.plist

There you have it, your swap file will grow on this partition.

Please remember that you have to be root to run these, if you are unable to become root, please consult the manual pages for “sudo” on OS X.

Advertisements

Written by ejes

December 28, 2013 at 10:58 pm

I call Phoney

leave a comment »

So today I was stumbling around on the internet, and found this kids site:

http://cyberfreax.in/2011/11/15/how-to-create-a-virus-2/

which features “how to create a virus”  Who could help themselves but read?

It turns out that this kid is completely full of it.  He tells you to copy this:

01100110011011110111001001101101011000010111010000
100000011000110011101001011100 0010000000101111010100010010111101011000

into a text file and rename it to something.exe and then run it.

Of course anyone with a bit of understanding on how the binary loader works would know that the loader wouldn’t recognize this as an executable program; ALL executable programs in windows start with either “MZ” or “PE”.  These are the “magic numbers” that tell the binary loader that these are, in fact, executable.

There is a lot going on behind the scenes here so let me explain WHY this won’t work.

Inside of a regular “exe” program is a structure to help the operating system determine how to load this program.  The structure looks like this (in C notation):

(info from: http://www.delorie.com/djgpp/doc/exe/)

struct EXE {
  unsigned short signature; /* == 0x5a4D */
  unsigned short bytes_in_last_block;
  unsigned short blocks_in_file;
  unsigned short num_relocs;
  unsigned short header_paragraphs;
  unsigned short min_extra_paragraphs;
  unsigned short max_extra_paragraphs;
  unsigned short ss;
  unsigned short sp;
  unsigned short checksum;
  unsigned short ip;
  unsigned short cs;
  unsigned short reloc_table_offset;
  unsigned short overlay_number;
};

The first short integer ‘signature’ is always 5a4d in MZ executables (by far less complex than PE executables) this is how the loader knows that this is a valid executable.

The first 16-bit integer is the number of bytes in the last block, unless it’s set to zero, which means the whole last block (152 bytes) is used.

The next 16-bit integer is total number of blocks in the executable file, and if the previous short integer is not zero, that number of the last block is used.

The next short is the number of relocation entries in the header, and the next is the number of “paragraphs” in the header.  Followed by the number of paragraphs of additional memory the program would need (that is, if there isn’t at least this many bytes free the loader will not try to load this program) most programmers know this as the BBS size. And finally, following that, is the maximum number of paragraphs of additional memory.

The next part is the relative value of the stack segment.  This value is added to the segment the program is loaded into, and used to initialize the SS (stack segment) register.

The next value is the initial value of the SP (stack pointer) register.  Then a word which is a checksum, which is usually not used.

The next is the initial value of the IP (instruction pointer) register, and then the CS (code segment) register (which is relative to the segment of the program loaded).  Then the offset of the first relocation item in the file, and finally ending with the overlay number.

If you examine the “binary” that Srivathsan provided, obviously none of this structure “fits.”

So what IS Srivathsan trying to pull?  Let’s take the binary, and bring it to a Binary-to-Ascii conversion site.  I used this one:

http://www.roubaixinteractive.com/PlayGround/Binary_Conversion/Binary_To_Text.asp

I pasted the “binary”, and pressed “To Text” and it comes back with:

format c:\ /Q/X

Oh!!  So he just encoded a “format” command and expected it to run.

This will NOT work.

So, what will work then?

There’s an older format, called “.COM” format that does still run in windows (XP tested).  A Com file (http://en.wikipedia.org/wiki/COM_file) is far less complex, it contains no header information, no relocation and no far jumps.

So it looks to me like you CAN use a .COM file in this way.  So now, to find some executable information you can place in this .com file.

To do this, I did a quick Google for “printable shellcode” and came back with a whole slew of stuff.  I chose this (i got it here(http://r00tsecurity.org/forums/topic/12019-16-bit-printable-shellcode-hello-world/):

X5))%@IP5YI5Y@5P!%PAP[55!5e 5O!54(P^)7CC)7SZBBXPSRABCABCABCABCABCABCABCABCABCZ[XH+H*hello world!$

As you might suspect from the final string, this is simply a “hello world” program; in printable ASCII!!

So, all you have to do is copy the above code, paste it into a text file, and rename the .txt extension to .com and ‘ta-da’ instant executable binary.

Nice try http://cyberfreax.in LOL

Written by ejes

November 17, 2011 at 1:30 pm

Simple Timesharing for ALL ANSI-C programs

leave a comment »

A client of mine asked that I write a simple co-operative timesharing engine to be used in an embedded project.  Timesharing is quite an easy multitasking system and is frequently used in the embedded space because each process must willingly give up cpu control.  This is good if you have a critical task that must not be interrupted before it completes.  Modern, more powerful cpus have the ability to turn off interrupts during execution (the instructions are sti and cli in the x86 world)  but not all processors support this.

Because I cannot be guaranteed that the microcontroller that i’m using has this, i opted to use a software interrupt that i call “swi”.  Realistically, you can turn this into a preemptive multitasking system by assigning the programmable interrupt to my “swi” function and have it execute at a pre-determined time.

anyway, i also wanted this to be somewhat compliant with normal POSIX programming, so I created a “fork” function.

It uses “setjmp” and “longjmp” to create save points in the “swi” and then call the next call on the process stack.  I was going to include a simple prioritizing system, but really it didn’t require it – i might still.

Anyway, the source is posted in my source code area. 

(terms of use) This software is given to you without warrantee and warning that it worked for me, doesn’t mean it’ll work for you.  Feel free to use and modify it, and send me patches, I will gladly post them and of course give you full credit, as I expect you’d give me credit as well.

Written by ejes

August 5, 2010 at 9:47 am

Posted in Commentary, Hacking

Amazing One Line Script

leave a comment »

I was stumbling around on the internet this morning and I found this awesome site… (http://www.centerkey.com/tree/)

This guy posted an amazing one line script that will graphically show your directory tree with a simple one line command:

ls -R | grep ":$" | sed -e 's/:$//' -e 's/[^-][^\/]*\//--/g' -e 's/^/ /' -e 's/-/|/'

and that’s all!!! It works great!

Written by ejes

March 17, 2010 at 11:42 am

Happy Holidays

leave a comment »

Happy Holidays :)

and have a great new year.

Written by ejes

December 29, 2009 at 4:11 pm

Posted in Commentary

Video Capture Card Driver Woes

leave a comment »

So lately I’ve been working on copying my old VHS movies to digital format so that my NAS can serve them up to my XBMC.

In my stumbles around the internet I found this really great project.

It seems to include EVERY older Video Capture Card for Windows drivers all into 1 beautiful fast and easy to install package.

Since I don’t use windows, I don’t really have much to do with it, but it’s good for those of you who do.

Fun
http://btwincap.sourceforge.net/
Take a look

Written by ejes

November 4, 2009 at 3:29 pm

Happy Thanksgiving

leave a comment »

Happy thanksgiving to my Canadian friends :)

Written by ejes

October 13, 2009 at 4:26 pm

Posted in Commentary

Tagged with