IRC Networks
Irc Logs Stats
Start date: 2007-09-27 02:48:27
Last update: 2008-10-24 20:19:38
Channels: 41
Logged Lines: 6230436
Size: 1825.67 MB
Powered by
Channel Info
Network: freenodeChannel: #csharp |
Search in www.irclog.org
Log from #csharp at freenode 2006-07-27
[09:44]<cjmgrug>hey
[09:44]<cjmgrug>pks: go on
[09:45]<lcs>its about "security" in vista
[09:45]<lcs>#v+
[09:45]<lcs>Function pointers are obfuscated by XOR-ing with a random number, so that the actual address pointed to is hard to retrieve. So would be to manually change a pointer, as the obfuscation key used for the pointer would be very hard to retrieve. Thus, it is made hard for any unauthorized user of the function pointer to be able to actually use it. Also metadata for heap blocks are XOR-ed with random numbers. In addition, check-sums for heap blocks are maintained, which
[09:45]<lcs>#v-
[09:46]<lcs>in other words, they are making something like a grsecurity patch for linux kernel
[09:46]<lcs>actualy, it real name should be, grobfuscity
[09:47]<svlnvnz>there is some support in .net2.0 for ole property pages?
[09:47]<cjmgrug>ok.. what does that mean in layman's terms? i mean, whats the significance of obfucating the function pointer ?
[09:48]<lcs>CodeRun: when you load the binary you have to assign addresses for each function
[09:48]<lcs>CodeRun: i think, that they mean, that the assigned address wont be static, but in certain sense random
[09:49]<lcs>i think that it has more to do with symbol table, than with function pointer, but anyway, its terribly stupid
[09:49]<cjmgrug>ok.. so thats useful for..?
[09:49]<lcs>instead of fixing bugs, they are finding way of removing bad effects of their bugs
[09:50]<lcs>.. that will harder the exploitation
[09:50]<lcs>harden*
[09:50]<cjmgrug>i see
[09:50]<lcs>but still it wont protect against it
[09:51]<lcs>as i said, there is simmilar patch for linux, it randomises everything that it can, so that app keeps up working
[09:51]<cjmgrug>ah
[09:51]<lcs>its virtualy impossible to make a buffer overfow exploit, but it has some drawback
[09:51]<lcs>drawbacks*
[09:51]<svlnvnz>HRESULT Activate(HWND hWndParent,LPCRECT prc,BOOL bModal); ==
[09:51]<svlnvnz>[PreserveSig] int Activate([In] IntPtr hwndParent,[In] ref RECT prc,[In,MarshalAs(UnmanagedType.Bool)] bool bModal); ??
[09:52]<lcs>the main one is, that you are not able to debug anything
[09:52]<lcs>;p
[09:52]<cjmgrug>oh, thats real bad for the coders
[09:52]<lcs>yea
[09:53]<svlnvnz>i get memory corruption exception when i call it
[09:53]<lcs>probably there will be special falg in the header, togling the randomization of 'the stuff'
[09:53]<cjmgrug>heh..
[09:53]<lcs>so its broken by design :)
[09:54]<lcs>ms will never learn that obsuscation will prevent attackers for some time
[09:54]<cjmgrug>there you go, you've already started finding holes in the new 'obfuscation'
[09:54]<lcs>*only for some time*
[09:54]<lcs>its nothing new
[09:54]<lcs>they just steal the idea :)
[09:54]<cjmgrug>yea, the 'idiots' will always win ..
[09:55]<cjmgrug>hmm i see
[09:55]<lcs>and make fuse about it
[09:55]<myryvrfljjl>fuss*
[09:55]<svlnvnz>there is some marshal attribute for const pointers? i think the problem is related to LPCRECT
[09:55]<lcs>digitalpoop: yeap fuss :>
[09:56]<svlnvnz>i use other function with LPRECT and all works
[09:56]<lcs>fuse its the thing that burns out when circuit gets overloaded, right?
[09:56]<cjmgrug>stpeter: its people like you, who paste wierd things on IRC and make me feel as if i cont know a word in c# !
[09:57]<cjmgrug>yea, pks
[09:57]<svlnvnz>CodeRun: why weird?
[09:57]<cjmgrug>ah, nevermind
[09:57]<lcs>the same thing is with ipv6
[09:58]<lcs>vista will support ipv6, hooray
[09:58]<cjmgrug>heh
[09:58]<cjmgrug>what happened to ipv5?
[09:58]<lcs>hm, good question
[09:59]<zgzzcygnv>it wasnt stable :P
[09:59]<lcs>www.oreillynet.com/onlamp/blog/2003/06/what_ever_happened_to_ipv5.html
[10:00]<lcs>ah, they stared working on something better than ipv4
[10:00]<lcs>and they have called it ipv5
[10:00]<lcs>it was in 1970 ;)
[10:01]<cjmgrug>hmm
[10:01]<lcs>ms likes to reinvent things
[10:01]<lcs>and its very good at it
[10:01]<cjmgrug>hehe
[10:02]<lcs>once, my friend told my pro-ms that web services are great thing, coz you will be able to fetch interesting things from the other websites
[10:02]<lcs>as example (probably he read that example on some ms blog) he gave the the webservice that will be returning you current exchange rates
[10:03]<lcs>he said that now, you would have to parse the site and look for the exchange rates in html code
[10:03]<svlnvnz>lol
[10:03]<cjmgrug>people often say that if you're working to build up all your programming skills around microsoft technologies( .NET suppose).. and you even get a good idea and launch your project.. its equivallent of doing market research for microsoft for FREE. as, they can pick it up, put a new twist and make money out of it. Is that true?
[10:04]<lcs>unfortunetely he missed the part, that most of the banks use rss channels
[10:04]<lcs>the same with all the sites :)
[10:04]<cjmgrug>ah
[10:05]<lcs>and that technology is very old
[10:05]<lcs>obviously the example he gave was horrible
[10:05]<lcs>;p
[10:06]<cjmgrug>haha
[10:08]<lcs>'two commodore 64 class computers where required to put man on the moon, now you need to have two p4 class processors to start windowd vista, i think that there is error ....'
[10:09]<lcs>isnt it strange? :)
[10:09]<cjmgrug>heh
[10:09]<zgzzcygnv>erm
[10:10]<zgzzcygnv>thats totally stupid
[10:10]<ceredtuw>lol
[10:10]<zgzzcygnv>the tasks we do now are millions of times more complex
[10:11]<zgzzcygnv>fuck, even the process of something that "seems" pretty simple to us like playing an mp3 actual requires a rediculous amount of stuff to make that happen
[10:11]<zgzzcygnv>far more advanced than a man on the moon
[10:11]<zgzzcygnv>also
[10:11]<zgzzcygnv>space travel is physical....windows vista is just a software program
[10:11]<lcs>actualy, you are right, to the certain point
[10:12]<lcs>the part about playing mp3 is true :)
[10:13]<zgzzcygnv>all the computer needs to do on a spacecraft is navigational things
[10:13]<zgzzcygnv>ie, lots of mathematic computations
[10:13]<zgzzcygnv>don't get me wrong, that shit is still really complex
[10:13]<lcs>far more complex then it should be
[10:14]<zgzzcygnv>but it takes VERY little processing power and it doesnt *NEED* to be done in a fraction of a millisecond like rendering frames to the screen or decoding audio so that it doesnt skip, for example
[10:14]<lcs>apple created new look for the os, now everyone wants to create their own system with simmilar look
[10:15]<lcs>now matter what the costs are
[10:16]<fyfuym-syfggag>brb
[10:17]<lcs>hehehe, bee flown into fan
[10:17]<lcs>poor one
[10:20]<zgzzcygnv>by the way...blog updated: http://blog.nwiki.org/
