Translating Virtual to Physical Address on Windows: PAE, Virtual and Linear Addresses
Checking if PAE is Enabled This was discussed in the first portion of this tutorial: please review before proceeding. Getting the Virtual Address The next thing we need to do is to compile and run the program, which we'll debug, on Windows. When running the program on Windows, the ...
Translating Virtual to Physical Address on Windows: Segmentation
Introduction In this tutorial, we'll go over the process of translating a virtual address to physical address the way a processor does it. To begin, let's present a short overview of how segmentation and paging is done on operating systems. At first, the virtual or logical address must ...
MSDOS and the Interrupt Vector Table (IVT)
Introduction Upon booting up MSDOS, we can observe the memory using the "mem /d /p " command, which will show us exactly which part of memory is used by the system, processes, or for IVT, etc. For this article, we're particularly interested with the IVT table that contains the interrupt ...
Memory Models
Memory We know about user mode and kernel mode, and how programs in user-mode can only use the memory from 0x00000000 to 0x7FFFFFFF, while the system uses the memory from 0x80000000 to 0xFFFFFFFF. Let's talk about physical memory for a bit. Each computer must have a memory chip in ...
Presenting Registers
Introduction Let's present all of the registers, as seen in OllyDbg: Let's explain this picture a little better. At the top of the picture, the general purpose registers are given. The EBP and ESP registers are generally used with stack frames, while the other registers can be used ...
Introduction to Kernel Debugging
Introduction Before trying to debug the kernel, we must first understand a few things. We must know what the Rings in computer security are. Let's take a look at the picture taken from [1]: On the picture above, we can see four protection rings, which are mechanisms to protect ...
Introduction to SoftICE
It's often the case that we need to debug a kernel application, like device driverS, system calls, interrupt routines, or some other kernel application. In this article we'll talk about SoftICE kernel debugger. Installing and Configuring the SoftICE Debugger We need to download the SoftICE, presumably the trial ...
Facebook Hacker Cup 2013 Qualification Round: Find the Min
In the last two days, I described on this page my efforts at cracking the Facebook Hacker Cup 2013 challenge – three separate puzzles. Today we will examine the final one: Find the Min. The actual problem is described below: After sending smileys, John decided to play with arrays. Did you ...
Facebook Hacker Cup 2013 Qualification Round: Beautiful strings
Here's my follow-on to the Facebook Hacker Cup. Yesterday, I told you about my take on the Balanced Smileys puzzle. Today, we'll discuss the easiest challenge, Beautiful Strings. The actual problem is described below: no internet, no Facebook, and no programs. So he did the only thing he ...
Facebook Hacker Cup 2013 Qualification Round: Balanced Smileys
I must admit that I was a little bit hesitant whether or not I should enter the Facebook Hacker Cup, but I did it anyway just for the fun of it. There were three problems that needed to be solved and they were named "Beautiful Strings," "Balanced Smileys" and "Find ...