Posts Tagged ‘Programming C’

Syscall Hijacking: OpenBSD

November 26, 2011 14 comments

in this post I show you how to hijack the system calls in the latest OpenBSD kernel versions.
The way in which syscalls can be hijacked in OpenBSD kernel is very similar to that used in the Linux kernel 2.4 versions. The syscall table is exported and it is accessible by an external kernel module. So a syscall address can be overwritten by the address of an our function. Read more…

Syscall Hijacking: Dynamically obtain syscall table address (kernel 2.6.x) #2

March 18, 2011 36 comments

Hi. In this brief post I’ll show you another way to get the syscall table address dinamically.
This post is only an expansion of this one. Read more…

Syscall Hijacking: Anti Fork-Bomb LKM (kernel 2.6.x)

February 10, 2011 3 comments

Hi. In this post I’ll show you how to implement a simple anti fork-bomb LKM.
There is already a kernel method to prevent the fork bomb: you can search online about this stuff.
Instead I’ll show you how prevent a fork bomb attack through a simple loadable kernel module, in order to better understand how a new process is created and how we can prevent its creation. Read more…

Syscall Hijacking: Dynamically obtain syscall table address (kernel 2.6.x)

January 20, 2011 34 comments

Hi. In this post I’ll show you how to obtain dynamically the syscall table address. In the last posts (this and this) I wrote codes in which the syscall table address was hardcoded (as suggested by sj).
Now I’ll show you how to dinamically obtain it. Read more…

Syscall Hijacking: Simple Rootkit (kernel 2.6.x)

December 28, 2010 20 comments

Hi. In this post I’ll show you how to change the process credentials through kernel modules. In a such way you can make your own rootkit(s): i.e. when you performs a pre-established action, the module will give you a root access.
First of all we need to know where these credentials are kept: in the kernel versions < 2.6.29 we find all this informations in the “task_struct” structure. This structure is defined in “linux/sched.h”: Read more…

GNU C: Extensions to the C Language Family

November 6, 2010 2 comments

Hi. Today I’ll talk about the extensions to the C language family introduced by the GNU C.
The GNU C provides several language features not found in ANSI standard C. These extensions are available both in C and C++. The `-pedantic’ option directs GNU CC to print a warning message if any of these features is used.
The list of these features is very long: often we use them implicitly. I will show to you only those I consider most useful and “strange”: Read more…

Win32 API: Passing Socket with IPC method

October 13, 2010 3 comments

Hi. In this post I talk to you how to correctly pass a socket created in a parent process to a child process in Microsoft 9x systems.
If you have ever written a multi-process concurrent server in a Unix environment, you may have noticed that the passage of the socket between parent and son processes takes place directly. That is, the child inherits the variables of his parent, also including the file descriptor associated with the socket.

Read more…

Hello World! – Brain mode

October 12, 2010 5 comments

Hi. How can we write an “hello world!” in brain-mode?
When we want to greet someone, the brain is activated and set as a greeting a phrase known to us: in our case, “hello world!”.
Read more…

Categories: Bullshit, C/C++ Tags: ,

inet_ntop() for Win32

October 9, 2010 4 comments

Like 4 years ago I made a little project for the operating system 2 class. I had to write an application capable of handling multiple file transfers for both Win32 and Linux. During the coding of the socket-side of the application I encountered an awkward problem: why the hell win32 does not have a compatibility function for the inet_ntop()?

Only recently, for Vista and 7, Microsoft introduced the InetNtop() function:

If you have to write something that needs to run on XP too (that still seems to be the most used operating system for home users: ) just try this code :)

const char* inet_ntop(int af, const void* src, char* dst, int cnt){

	struct sockaddr_in srcaddr;

	memset(&srcaddr, 0, sizeof(struct sockaddr_in));
	memcpy(&(srcaddr.sin_addr), src, sizeof(srcaddr.sin_addr));

	srcaddr.sin_family = af;
	if (WSAAddressToString((struct sockaddr*) &srcaddr, sizeof(struct sockaddr_in), 0, dst, (LPDWORD) &cnt) != 0) {
		DWORD rv = WSAGetLastError();
		printf("WSAAddressToString() : %d\n",rv);
		return NULL;
	return dst;

Timeout on Named Pipes

October 8, 2010 2 comments

Hi. In this post, I will show you how make a timeouted namedpipe with the WIN32 API: the msdn’s manual doesn’t explain how to do it.
The named pipes are an IPC’s method by which we can send data to an other process (like a son process).
Read more…