Showing posts from 2010

C modules unit-testing in Linux

In spite of its age, C programming language is still very popular, especially for developing system or low-level software like drivers, compilers, virtual machines etc. And as any software, it have to be tested. Let me show brief introduction in unit-testing for C modules.

There are many unit-testing frameworks for C, and one of the most well-known is cmockery. But I'll show the usage of much more simpler "framework" - FCTX. The main advantage of it is that it consists of just one header file, so it can be easily used for test tasks, small projects and examples.

For calculating code coverage I use gcov/lcov tools. Gcov is included in GCC, so you don't have to install it. Lcov is a graphical front-end for Gcov and should be installed from the repository:

$ sudo apt-get install lcov
As a sample code for testing I'll use a simple hash function from Robert Sedgwicks Algorithms in C book:

#include "hash.h" unsigned int RSHash(char* str, unsigned int len) { …

Is Python appropriate language for the developing high-load systems?

The short answer - yes. The reasons are below:
There are well-knows systems (like YouTube) that shows Python suitability: YouTube ArchitectureThe most performance problems are related with not a language speed, but with communication and databases speed. Let me show the example from my own experience: I've worked on project that process a huge amount of data (about inserting 100-200k records a day, and selecting from about 100-200 million records 10-20 times per second). The bottleneck was a database, not the language speed. All indexes were pretty complex, and selecting can take up to 30-90 seconds which was inappropriate. We had to change architecture: use data pool, caches, AMQP (with RabbitMQ server), and after that we don't know any problems at all with performance.Right tools means everything. For example, if you have to serve enormous web-requests, just use the suitable webserver like Tornado. Especially it is useful for serving Comet-based web applications. And of cours…

Explaination of JavaScript "The Da Vinci Code"

Novice security researchers can reach an impasse analyzing the such-like JS-code (it generates an alert):

(É=[Å=[],µ=!Å+Å][µ[È=-~-~++Å]+({}+Å) [Ç=!!Å+µ,ª=Ç[Å]+Ç[+!Å],Å]+ª])() [µ[Å]+µ[Å+Å]+Ç[È]+ª](Å) 
I would like to remove the veil of secrecy, and explain how it works. It uses several JS-rules:
implicit type conversion;arrays indexing;string and arithmetic operations (unary and binary);JSON-based object creation;referencing the global object (window) using some functions with invalid or empty parameters;accessing properties by bracket notation. Let me show it in action via JavaScript Shell:
[] //explicit empty array declaration ![] //implicit conversion to the Boolean value false []+![] //implicit conversion to the String value false ([]+![])[3] //get a char by index 3 s a=[],++a //implicit conversion to the Integer value 1 ([]+![])[a=[],++a] //use several implicit conversion, get a char by index 1 a {} //explicit empty object creation via JSON-declaration ({}+[]) //implicit conversion tho th…

Settling in Canada

I'm now in Vancouver, BC, handling all the issues related with immigration. My laptop went out of order right before the departure, so I can't be online all the time I want. But anyway I'll try to get a new one as soon as possible and continue working.

I'm publishing all the materials related to the immigration and settling down in Vancouver at my microblog on the Tumblr (in Russian):

Thunderbird Grammar Checker 0.5 is released


Now it's compatible with Thunderbird 3.x. The language for checking is correlated with the Spell Checker language. Sorry for delay, but my work load can't give me enough time to support it well.

Future plans:
Support inline highlighting. Backend is almost ready, but there are some problems with frontend - I just don't know how to properly modify DOM of the opened message compose window. Looks like I have to use/hook some JS-events, but my current research gives nothing.Move to After The Deadline server instead of LT server-mode. LT is integrated to AtD server (see the News section on However, there is a problem with the current AtD server - it doesn't work locally now: Until they fix the problem, I can't recommend to use it.Implement pure JS-based Grammar Checker engine. See below the notes. All of these require some time and e…

Shellcode detection using libemu

Shellcode can be seen as a list of instructions that has been developed in a manner that allows it to be injected in an application during runtime. Each security researcher face the shellcodes during their work, and in this article I'll show how to detect shellcodes using Python (via libemu Python binding).

Few words about libemu:
libemu is a small library written in C offering basic x86 emulation and shellcode detection using GetPC heuristics. Intended use is within network intrusion/prevention detections and honeypots. The information on the site is not actual in some places, so I'll give direct and clear instruction how to get and install libemu.

Clone the git repository:

$ git clone git://
Firstly, configure, make and install libemu itself (without binding):

$ autoreconf -v -i $ ./configure --prefix=/opt/libemu $ make $ sudo make install
If you set up prefix as shown above, you have to add the library path to /etc/ file. It should loo…

Metasploit Browser Autopwn module

In previous article I've shown the using of windows/browser/ms10_018_ie_behaviors exploit. In many cases trying exploits one by one is not acceptable, so the auxiliary modules have been created. One of these - server/browser_autopwn:

This module uses a combination of client-side and server-side techniques to fingerprint HTTP clients and then automatically exploit them. After successful attack it creates Meterpreter session, so you can gain a full access to target. Meterpreter is a set of tools for interacting with processes, networking, and the file system of the target. In this article we will dump the SAM hash of the target system and decrypt it using ophcrack.

Let's go directly to the actions (set the LHOST parameter according to your environment):

$ msfconsole

                _                  _       _ _
               | |                | |     (_) |
 _ __ ___   ___| |_ __ _ ___ _ __ | | ___  _| |_
| '_ ` _ \ / _ \ __/ _` / __| '_ \| |/ _ \| | __|
| | | | | |  __/ ||…

Brief introduction to Metasploit

As a part of increasing IT-infrastructure security, penetration testing is one of the most valuable tools. Of course, system updates, using firewalls, IDS/IPS, right ACL and other methods are very efficient, but you can't be 100% assured that everything is fine. Security is a battle between defenders and attackers, and usually attackers are one step ahead in this battle.

To be a good security professional, you have to know how attackers work, which tools and methods they are using, you have to be an attacker (of course, white-hat) - embrace Dark Side, but not be dominated by it and stay with Light Side.

So, the Metasploit is one of must-be-known tool for every security professional:
Metasploit provides useful information and tools for penetration testers, security researchers, and IDS signature developers. This project was created to provide information on exploit techniques and to create a functional knowledgebase for exploit developers and security professionals. The tools a…

Cross-compilation in Linux

Sometimes it is necessary to create Windows application from Linux. I will briefly introduce the method for it in the article.

The basic principle is simple and common for all cross-compilations (e.g., creating Symbian applications in Linux/Windows or other desktop OS):
Get and install a toolchain for target platform (compiler, linker and other tools);Compile all required frameworks using this toolchain (for example, GStreamer, Qt, wxWidgets etc)Compile your own project with this toolchain and precompiled frameworks. For creating Windows applications from Linux you can use MingWG: Minimalist GNU for Windows. The installation is pretty easy:

$ sudo apt-get install mingw32

As an example, let's compile a simple Windows application with a message box (msgbox.c file):

#include <windows.h>

INT WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
                   LPSTR lpCmdLine, int nCmdShow)
  MessageBoxW(0, L"Hello from Linux!\n", L"MinGW app", MB_ICONEX…

CodeExample plugin for Trac version 1.0 has been released

The CodeExample renders a code example box that supports syntax highlighting. It support three types of examples: simple, correct, and incorrect.

I've made the major changes to the plugin and now it is fully compatible with Trac 0.11 and Trac 0.12.

Changelog from version 0.3:

Support for multiply repositories (Trac 0.12 and upper) has been added.Collapsing/expanding code blocks have been implemented.Ability to change title has been added.Options using has been reimplemented.
Two examples (the first gets source from repository, the second contains the code inside):
{{{ #!CodeExample ## type = good ## title = GPGData sample code ## repo = MacGPGME ## path=GPGData.m ## regex="static void releaseCallback\(.*" ## lines=4 #!objective-c }}}
{{{ #!CodeExample ## type = bad #!haskell fibs = 0 : 1 : [ a + b | a <- fibs | b <- tail fibs ] }}}
These will be rendered as:

See details on trac-hacks CodeExampleMacro page.

Using Farstream for videoconferencing

I see a lot of comments about Gstreamer videoconferencing abilities, so I want to continue this topic and say a few words about the Farstream project.

Gstreamer is the one of Collabora's flagship projects. This company is developing other projects based on Gstreamer, and Farstream is exact project for audio and video conferencing. With Farstream, businesses can easily create a multi-platform, multi-user audio/video conference solution that supports a wide range of codecs. Simply put, Farstream (formerly Farsight) is an advanced VoIP/video streaming engine capable of dealing with all known audio/video conferencing protocols.

Quote from the project description:

Philippe Kalaf began the Farstream project in 2005. He was aiming to create a simple-to-use framework that implemented multiple audio/video streaming protocols. Most of the initial work on Farstream focused on the protocol agnostic API and the RTP plugin. Over the years, the RTP plugin has matured into a very complete RTP…

Monitoring network bandwidth usage

During the development of my monitoring tool, I've faced a little challenge - find a crossplatform (Linux/FreeBSD) way to monitor network bandwidth usage. Surprisingly, there is no simple way to do it. In this post I'll reveal my research and the solution I've found and implemented.


One of the ways to do it is using ifconfig output:

$ ifconfig eth0
eth0      Link encap:Ethernet  HWaddr 00:23:54:15:54:96
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::223:54ff:fe15:5496/64 Scope:Link
          RX packets:23242 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22369 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
RX bytes:24061454 (24.0 MB)  TX bytes:3265008 (3.2 MB)
          Interrupt:30 Base address:0xe000
We can ask for RX (received) and TX (transmitted) bytes each second, and the differences give us the required …