computer-forensics | 易学教程

LiME Kernel Module Cross Compilation Fails

阅读更多关于 LiME Kernel Module Cross Compilation Fails

问题 I'm trying to cross-compile the LiME Kernel Module for the android-goldfish-3.10-n-dev ( commit: 3a3b199582a68ba0688a099147738d6c99f3282d ) Linux Kernel version with the following Makefile: obj-m := lime.o lime-objs := tcp.o disk.o main.o KDIR_GOLD := /path/to/goldfish PWD := $(shell pwd) CCPATH :=/path/to/x86_64-linux-android-4.9/bin default: # cross-compile for Android emulator $(MAKE) ARCH=x86_64 CROSS_COMPILE=$(CCPATH)/x86_64-linux-android- -C $(KDIR_GOLD) M="$(PWD)" modules $(CCPATH)/x86

Find Programming Language Used

阅读更多关于 Find Programming Language Used

问题 Whats the easiest way to find out what programming language an application was written in? I would like to know if its vb or c++ or delphi or .net etc from the program exe file. 回答1: Try PEiD of course if they used a packer, some unpacking will need to be done first :) 回答2: Start it up and check what run-time DLLs it uses with Process Explorer. If that doesn't make it immediately obvious, search the web for references to those DLLs. Most disassemblers (including Olly I think) can easily show

Read output from a Python Executed Script

阅读更多关于 Read output from a Python Executed Script

问题 I am currently creating a program to extract file from drives. I would like to ask how I read an output that is displayed using python shell? For example: while i<len(drives): print 'Searching for file in:', drives[i] print '' for root, dirs, files in os.walk(drives[i]): for file in files: if file.endswith(".vmdk"): print os.path.join(root, file) if file.endswith(".vbox"): print os.path.join(root,file) i+=1 I would like to read the output of print os.path.join(root,file) input this to another

Malicious code found in PHP files. What does it do?

阅读更多关于 Malicious code found in PHP files. What does it do?

问题 I discovered this code inserted at the top of every single PHP file on My PHP server. I want to figure out what this script was doing, but I don't know how to decipher the main hidden code. Can someone with experience in these matters decrypt it, because I'm not a programmer? Thank you very much!! link to a sample infected php file: https://drive.google.com/open?id=0B8PYE4BruOdMa2dWZDBLY09VRTA The code is <?php $tdzueclt = 'tvctus)% x24- x24b!>!%y((strstr($uas," x6d 163 x69 145")) or (strstrR

Extracting jpegs from a disk dump

阅读更多关于 Extracting jpegs from a disk dump

问题 I've got a 16GB memory card off someone that won't load properly (asks to be reformatted). I'm trying to get jpegs off it. I've run dd to dump the contents to a file, which worked splendidly. The file won't mount and be read, so the contents are corrupt in someway. Opening the dump in a hex editor shows that there is data on there, and by looking for the markers for the start and end of a jpeg (FFD8 and FFD9), I've been able to manually extract the first 3 jpegs. Before I go and write some

Text editor capable of viewing invisibles?

阅读更多关于 Text editor capable of viewing invisibles?

问题 A recent problem* left me wondering whether there is a text editor out there that lets you see every single character of the file, even if they are invisible? Specifically, I'm not looking for hex editing capabilities, I am interested in a text editor that'll show me all of the invisible characters (not just the common whitespace / line break characters). The BOM marker is just one example, others are e.g. mathematical invisibles or possibly unsupported characters. I'm not looking for a text

How Can I Find Out HOW My Site Was Hacked? How Do I Find Site Vulnerabilities?

阅读更多关于 How Can I Find Out *HOW* My Site Was Hacked? How Do I Find Site Vulnerabilities?

问题 One of my custom developed ASP.NET sites was hacked today: "Hacked By Swan (Please Stop Wars !.. )" It is using ASP.NET and SQL Server 2005 and IIS 6.0 and Windows 2003 server. I am not using Ajax and I think I am using stored procedures everywhere I am connecting to the database so I dont think it is SQL injection. I have now removed the write permission on the folders. How can I find out what they did to hack the site and what to do to prevent it from happening again? The server is up to

Extracting jpegs from a disk dump

阅读更多关于 Extracting jpegs from a disk dump

I've got a 16GB memory card off someone that won't load properly (asks to be reformatted). I'm trying to get jpegs off it. I've run dd to dump the contents to a file, which worked splendidly. The file won't mount and be read, so the contents are corrupt in someway. Opening the dump in a hex editor shows that there is data on there, and by looking for the markers for the start and end of a jpeg (FFD8 and FFD9), I've been able to manually extract the first 3 jpegs. Before I go and write some code to stream the file, find the offsets and dump the files, is there any existing way to do this? I can

How Can I Find Out HOW My Site Was Hacked? How Do I Find Site Vulnerabilities?

阅读更多关于 How Can I Find Out *HOW* My Site Was Hacked? How Do I Find Site Vulnerabilities?

One of my custom developed ASP.NET sites was hacked today: "Hacked By Swan (Please Stop Wars !.. )" It is using ASP.NET and SQL Server 2005 and IIS 6.0 and Windows 2003 server. I am not using Ajax and I think I am using stored procedures everywhere I am connecting to the database so I dont think it is SQL injection . I have now removed the write permission on the folders. How can I find out what they did to hack the site and what to do to prevent it from happening again? The server is up to date with all Windows updates. What they have done is uploading 6 files (index.asp, index.html, index

Text editor capable of viewing invisibles?

阅读更多关于 Text editor capable of viewing invisibles?

A recent problem* left me wondering whether there is a text editor out there that lets you see every single character of the file, even if they are invisible? Specifically, I'm not looking for hex editing capabilities, I am interested in a text editor that'll show me all of the invisible characters (not just the common whitespace / line break characters). The BOM marker is just one example, others are e.g. mathematical invisibles or possibly unsupported characters . I'm not looking for a text editor that simply supports a large variety of text encoding / translations between encodings. All