Jump to content

hacksoft

Members
  • Posts

    46
  • Joined

  • Last visited

About hacksoft

  • Birthday 12/16/1995

Converted

  • Location
    Vagin

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

hacksoft's Achievements

Newbie

Newbie (1/14)

19

Reputation

  1. Salut , bine ai venit ! .
  2. e cont cu username gen steam**@computergames.ro ..... lasa-te
  3. Este scam am incercat eu , sa nu dati la importati contacte la Y!M este scam , le vin id si pass ta daca le scrii.
  4. In the last blog post, we looked at the structure of Hive Bins and Hives, in this blog post I will looking into Cell Indexes and Cell Index Mapping. Cells are containers for information, such as keys, thus the reason for the different type of cells explained in the last post. In order to make the logical structure of the registry clearer, it's important for me to state how all the different parts I've been discussing fit together to form one complete picture of the Windows Registry. Hives are split into Bins, and the Bins are then split into Cells. A Empty Bin will not contain any cells, whereas, a Bin with Cells will obviously contains Cells which will contain registry data. This brings around the point about Cell Indexes and Cell Mappings, and some of the data structures will can explore with WinDbg. Cell Indexes are essentially pointers which link cells from different hives together, to make easier and more efficient for the Configuration Manager to load information which it is searching for. More specifically, the Cell Index is a offset into the cell with the subtraction of the size of the base block for the selected hive. The tables which the Cell Indexes are used to index into, can be found within the Storage.Map member of the _DUAL data structure of the appropriate _HHIVE data structure. We can expand the _DUAL data structure and examine this member. The _HMAP_DIRECTORY is a array of pointers to table entries, which then contain the information for a specific Block and Bin. The FreeDisplay field is used to for free cells within memory. Since Hives are allocated from Paged Pool, they will need to be mapped since paged pool isn't guaranteed to be contiguous. This leads to the concept of Cell Index Mapping, which is very much the same as Virtual Address Translation on x86 systems; remember that x64 had a additional table of directory pointers. Using the diagram above, it may become more apparent what the pointers within the mentioned data structures are being used to index into. As we can see, the Directory Index pointer is being used to point to the Hive Cell Map Directory, which is then used to point to the Cell Map Table with a Table Index pointer, and then the Byte Offset is used to point to the specific Cell within the Hive Block. There is a additional bit which is either 0 or 1, and is used to determine if the Hive is Volatile or Stable, and which table type to begin searching with. This translation is used for Hives in memory. 1 is Volatile and 0 is Stable. Directory Index = 10 bits Table Index = 9 bits Byte Offset = 12 bits Since Hives usually reside on the hard disk, and are then mapped into memory, in order to avoid excessive consumption of the Cache Manager's address space. The number of mapped views for a hive is limited to 256 views. The LRU (Least Recently Used) views list is consulted when this has been reached, and when a new mapping is required because the Configuration Manager requires a hive to be mapped into memory. The LRU mapping will be removed from the list. This data structure is allocated with Paged Pool. There is some interesting WinDbg extensions we can use to find additional information related to Cell Indexes such as the !reg cellindex extension. The extension shows the virtual address associated with the Cell Index. The first address is the Hive Address and the 40 is the offset which we are looking for. I've used the SYSTEM hive in this example. source : BSODTutorials: Exploring the Windows Registry Part 3
      • 1
      • Upvote
  5. Each Hive is divided into a number of allocation units called Blocks, the first block of a Hive is called the Base Block. The information which is stored within a Hive is then organized into Cells which contain active registry data such as keys, values, security descriptors and subkeys. The Hive Blocks are allocated in 4096 byte allocation sizes, and are called Hive Bins. The Base Block may also be referred to as the Registry Header, with the other blocks being called Hive Bins. Each Hive Bin is then divided further into Cells as explained above. A Hive Bin will have the hbin signature which can be found with WinDbg. Firstly, use the !reg hivelist extension, and then use the !reg viewlist extension with a desired Hive Address. The !reg viewlist extension will list the Mapped Views for the selected Hive. I wasn't able to find a dump file which had any mapped views, therefore I won't be able to show you the steps completely. Once you have used the !reg viewlist extension, then use the db command with a desired view to view the contents of a bin. The _HHIVE data structure seems to contain a Signature field and BaseBlock field as described earlier. Each Hive Bin contains a pointer to the next Hive Bin and the first Hive Bin. We can find free Hive Bins with the !reg freebins extension and the Hive address. These Hive Bins are only really containers for Cells which hold registry information such as keys, security descriptors, subkey lists and key values. There a few different types of Cells: Key Cell Value Cell Subkey-list Cell Value-list Cell Security-Descriptor Cell The Key Cell contains the registry key and may be called the Key Node. A Key Cell will contain the kn signature for Keys and kl for Link Nodes. Furthermore, the Key Cell will maintain timestamp information about the latest update to that key, and various Cell Indexes which will describe additional information. The Value Cell contains information about the key's value, and will have a Cell Index into what the cell which contains such data about the key. The signature will be kv. The Subkey-List Cell contains a list of Cell Indexes for Key Cells in which all share a common Parent Key. The Value-List Cell is the same as above, but applies to Value Cells rather than Key Cells. The Security Descriptor Cell will contain the ks signature and a reference count which maintains a count of the number of Key Nodes or Key Cells which share the Security Descriptor. This cell will contain a Security Descriptor. We can view Cell data structures with the _CM_CELL_DATA and then using the -r switch to dump all the hidden sub data structures. The -r switch is really useful for data structures in general, especially since Microsoft won't document some sub fields fully. Since we are the topic of keys, I thought it would be appropriate to look at the concept of Keys and how we can investigate into Keys further with WinDbg. We can firstly use the !reg openkeys extension, and then view any open keys. Please note that I've omitted the output of the extension to one Hive. However, we can gather more interesting information by looking into a few data structures. Each key will have a Key Control Block (KCB), we can use the _CM_KEY_CONTROL_BLOCK data structure to view the information about the open key. This is similar information to which can be found with the !reg kcb extension, you will need to use the !reg findkcb extension with the full registry path, in order to find the kcb address. However, with the open keys case, you can simply use the !reg kcb extension since the KCB address is already given. The Configuration Manager maintains open keys within a table for fast name lookups, the table can be found with two global variables called CmpCacheTable and CmpHashTableSize. The CmpCacheTable is a pointer to a hash table which explains the _CM_KEY_HASH data structure within the KCB. Each entry within the table is a pointer to the _CM_KEY_HASH data structure. The NextHash field points to the next structure within the table. In my next blog post I'll discuss Cells and Cell Index Translation. source : BSODTutorials: Exploring the Windows Registry Part 2
  6. The Registry is a key component of the Windows operating system, and it's always been recommended that you should never careless run Registry Cleaners or start to change keys or delete keys which do not fully understand the purpose of. You never to seem to find much information about the Registry in general, unless it's in Specialist blogs or computer science papers. In this blog post I hope to show how to explore the Registry using WinDbg and look at some of the internal workings. The Registry tends to be referred less commonly as the Configuration Manager, and the Configuration Manager is the technical name for it. As the name suggests, the Configuration Manager mainly maintains the state of the configuration data for the operating system and any programs which may have been installed. The Registry is divided into several sections called Rootkeys. The Rootkeys are defined as follows: HKEY_LOCAL_MACHINE HKEY_CURRENT_CONFIG HKEY_CLASSES_ROOT HKEY_CURRENT_USER HKEY_PERFORMANCE_DATA HKEY_USERS Each Rootkey has a number of Hives which are subdivided into Keys and Values. This can be seen when viewing the Registry with the Registry Editor. Configuration Data), COMPONENTS, HARDWARE, SAM, SECURITY, SOFTWARE and SYSTEM. Any changes here will apply to the entire system. The HKEY_CURRENT_CONFIG contains information relating to Hardware Profiles, which enables configuration driver settings. A Hardware Profile may change from boot to boot, and will be used by any programs which require it. The HKEY_CLASSES_ROOT contains information for file extension associations, COM Class reregistration and UAC (User Account Control). The HKEY_CURRENT_USER contains the configuration data regarding the locally logged on user. The Root Key is mapped to the Ntuser.dat file which is present on the hard drive. Some of the local configuration data examples include: Environment Variables, Network Settings, Software Settings and Session Information. The HKEY_USERS contains data required each loaded user profile, and will be used by Winlogin to implement any specific user changes. This section will also contain keys relating to user security identifiers for that profile. The HKEY_PERFORMANCE_DATA contains operating system and server performance counters, and will not be visible through the Registry Editor. These performance counters are only available through the Windows Registry API. The HKEY is used to represent a handle to the rootkey. Now we have looked at the general logical structure of the Windows Registry, will need to examine it's actual implementation onto the hard disk. This is achieved through the concept of Hives, Cells and Bins. It is possible to be examine to parts of the Registry in Physical Memory. The structure of a Configuration Manager Hive can be seen with WinDbg using the _CMHIVE data structure. It's a large data structure, and therefore I have omitted some of the fields. The above data structure contains a larger sub structure called _HHIVE, which contains some very useful information. The _CMHIVE structure is allocated from paged pool, and has the pool tag of CM10. You can view this pool allocation information with !pooltag and !poolfin Using the !poolfind extension with the pooltag and specifying the pool type as paged pool with the 1 switch, we can see all the pool allocations for that specific pool tag. A Hive is simply the on disk representation of the Registry, each one of these has it's own registry tree which serves as a root. The hives are then loads the Hives which can be found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\hivelist. These Hives are stored on the hard disk, and are then linked to the Registry file paths as seen below. Most of the hives reside in the System32 folder, whereas, the others will reside in the UserProfiles and Users folder. Alternatively, we can view the Hivelist within WinDbg using the !reg hivelist extension. You may have noticed that the HARDWARE hive not does have a folder path, this is because it is updated every time the computer is booted, and therefore is only present within memory. We can even view the current paged pool consumption of the Registry Hives using the !reg dumppool extension. Again I've had to omit some information due to the size limitations. Using Process Explorer, and then selecting the System process, we can view the Hive Handles which are currently opened by the System Process. Going back to the general structure of how Hives are organized, Hives are linked together within a doubly linked list, the Head of this linked list can be found with WinDbg, the address is 8336e44c on x86, I'm sure if there is any difference on x64. We can also see this with the _CMHIVE structure and the HiveList field. The addresses within the linked list are all virtual addresses. In the second part I have be taking a closer look at the structure of Hives and some more forensic analysis techniques. source : BSODTutorials: Exploring the Windows Registry Part 1
  7. Umbla vorba-n targ ca Facebook se pregateste sa intre pe piata serviciilor financiare electronice. Deocamdata nu e nimic sigur dar sursele spun ca sunt la cateva saptamani distanta de lansarea unei monede electronice. Pe de o parte, ideea lor nu e rea, cont de Facebook are multa lume, de ce nu l-ar folosi ca sa plateasca lucruri pe internet? Pe de alta parte ramane problema securitatii, eu parca n-as avea incredere sa-mi tin niste bani in contul de Facebook. sursa : Zvon: Facebook pregateste o moneda electronica | Arena IT
  8. Compania finlandeza a anuntat ca retrage de la vanzare tableta Lumia 2520 din cauza unor probleme care pot aparea cu incarcatorul acesteia, utilizatorii riscand sa se electrocuteze. Vanzarea va fi suspendata doar in unele tari. Mai precis, este vorba despre UK, Austria, Danemarca, Finlanda, Germania, Rusia si Elvetia. Chiar si asa, s-au vandut deja peste 30.000 de tablete cu incarcatorul problematic, asa ca firma a pus si un site 2520 charger - Nokia . Nu s-au inregistrat pana acum cazuri de electrocutare dar incarcatorul are o problema la capac, care ar putea sa se desfaca si sa dezvaluie partile electrice ale acestuia. Oficialii au spus ca nu ei fac incarcatorul si ca alte dispozitive nu sunt afectate de problema. Probabil il vor repara si o vor repune in vanzare. Daca stam bine si ne gandim, cate gadget-uri chinezesti nu risca aceeasi problema? sursa : http://www.arenait.net/2014/04/18/nokia-retrage-tableta-lumia-2520-din-vanzare-utilizatorii-s-ar-putea-curenta.html
      • 1
      • Downvote
  9. Citeam de curand un studiu care arata ca WhatsApp-ul, chiar si dupa ce a fost cumparat de catre cei de la Facebook, continua sa aiba milioane de utilizatori. Toate bune si frumoase, dar ce ne facem cand se afla un bug care nu este reparat in timp util? Milioanele de utilizatori ale aplicatiei pot deveni tinte pentru hackerii online, dar si pentru infractorii reali. Vulnerabilitatea permite hackerilor sa aiba acces la pozitia geografica trimisa cuiva, pentru ca datele pot ajunge la anumite persoane necriptate. O echipa de cercetare si educatie ciber-judiciara de la universitatea New Haven, SUA, a descoperit bugul si a trimis un raport catre noua achizitie a lui Zuckerberg, dar acestia nu l-au rezolvat, spunand ca bugul se va rezolva intr-un timp cat mai scurt. Voi mai folositi aceasta aplicatie pnetru telefoane inteligente? V-ar influenta acest bug? sursa : Un nou bug nerezolvat de catre cei de la WhatsApp | Arena IT
  10. Pe data de 26 octombrie 2012 Microsoft a lansat sistemul de operare Windows 8. Acesta a sosit dupa apreciatul Windows 7, si pentru ca isi obliga utilizatorii sa foloseasca interfata Metro, gandita pentru ecrane tactile, a devenit rapid la fel de iubit ca Vista. Aproape un an mai tarziu, pe 17 octombrie 2013, primul sau update major a venit, sub numele de Windows 8.1. Acesta a corectat o parte dintre geselile initiale, insa nu a reusit sa remedieze situatia complet. Iar acum Microsoft este intr-un proces de conformare cu cerintele clientilor sai, dupa cum s-a vazut si prin Windows 8.1 Update 1, introdus pe data de 8 aprilie 2014. Aceasta revizie a rezolvat la randul sau o serie de neajunsuri, insa a lasat o mare lipsa, in ciuda promisiunilor: butonul de start. Acum acesta, in forma sa hibrida cu icoane si live tiles, ne este promis in Windows 8.2, versiune programata pentru aceasta toamna. Dupa care, pana la Windows 9 nu va mai veni un alt update major pentru Windows 8. Insa aceasta situatie s-ar putea schimba daca nici 8.2 nu solutioneaza toate problemele, si nu reuseste sa creasca adoptia acestui sistem de operare. sursa : http://www.arenait.net/2014/04/23/windows-8-2-vine-la-toamna.html
  11. Un virus care a inceput sa faca tot mai des probleme utilizatorilor de PC din Romania, virus care in momentul de fata este destul de usor de sters. Cum poti sa te devirusezi de virusul POLITIA ROMANA ? “Atentie! PC-ul Dvs este blocat din cauza cel putin a unuia dintre motivele specificate mai jos”. Acesta este mesajul pe care zeci de romani l-au primit pe calculatoarele lor. Motivul ? Folosirea programelor piratate. Multi romani si-au luat ‘teapa’ si au platit acea suma de bani pentru a evita sa ajunga dupa gratii si au constatat ca de fapt nu s-a intamplat nimic, decat sa ramana fara bani. Virusul Politia Romana este unul de tip ransomware ce blocheaza accesul utilizatorului la calculatorul infectat pana la efectuarea unei plati. Din pacate, mesajul fiind facut sa para ca este de la Politia Romana si de frica pedepselor pentru pirateria online, zeci de oameni au cazut in capcana. Hackerii trimit mesaje in numele Politiei Romane. Un nou virus care circula pe internet, au atras o multime de romani in plasa. Creatorii virusului chiar te invata cum poti sa faci plata si unde trebuie sa te duci, ca sa se asigure ca veti ajunge sa faceti plata chiar daca nu stiti cum puteti plati on-line. Aces virus profita de o vulnerabilitate in java, tocmai de aceea este recomandat sa faceti un update la java daca nu ati facut pana acum. Virusul poate fi scos din sistem dupa ce intrati in Safe Mode si folositi tool-ul BitDefender . sursa: POLITIA ROMANA | PC-ul dumneavoastra este blocat. Cum ma devirusez? - ITfeed.net | ITfeed.net
  12. Microsoft a inceput o campania de amploare pentru a-si promova serviciul sau de e-mail imbunatatit Outlook.com. Astfel, este posibil sa intalniti in dese randuri anunturi cu privire la Outlook.com, cum functioneaza acesta si ce imbunatatiri i-au fost aduse. Fara indoiala, dupa ce a trecut de varianta beta, Outlook.com a devenit cel mai bun serviciu de mesagerie online, trecand peste rivalele Gmail si Yahoo Mail. Serviciul ofera facilitati pe care nu le intalnim la Gmail sau Yahoo Mail, cum ar fi spatiu de stocare nelimitat sau optiuni de integrare pentru retele de socializare. Partea amuzanta in toata aceasta poveste este o reclama care apare chiar pe YouTube, site detinut de marea rivala Google, in care utilizatorii sunt informati ca daca vor accepta sa se inscrie pe serviciul de mesagerie online Outlook.com, ei vor putea viziona filmulete si clipuri de pe YouTube chiar in casuta postala. In multe randuri, compania Microsoft a descris Outlook.com ca fiind mult mai bun decat serviciul de mesagerie online al rivalului Google, Gmail. Asa se face ca Microsoft indeamna fiecare utilizator sa renunte la orice alt serviciu de e-mail si sa treaca la Outlook.com. Nu toate eforturile au fost in zadar, Microsoft inregistrand deja peste 1,5 milioane de noi utilizatori ai Outlook.com, dupa ce a trecut de varianta beta. sursa : Outlook.com mai bun decat Gmail sau Yahoo Mail | TehnoIT | stiri IT
  13. Smart Security 6 extinde protec?ia dincolo de grani?ele digitale prin integrarea func?ia Anti-Theft ( anti-furt), care este proiectata pentru a v? ajuta s? prelua?i dispozitivul furat sau pierdut daca pe el este instalata suita de programe de securitate ESET. Instalarea in sistemul unui calculator, unei tablete sau a unui laptop nu este un proces dificil, dar poate dura un timp mai indelungat, dac? alege?i s? implementa?i programul de instalare online, direct de pe internet, deoarece necesita descarcarea fisierelor de instalare mai intai. Acest lucru nu ar trebui s? dureze prea mult, dar se adaug? cel pu?in circa 20 de secundela timpul de instalare. Înainte de a trece la instalarea propriu-zisa, exist? unele actiuni de pre-configurare ce trebuie s? fie f?cute. Aceasta include alegerea, dac? vrei s? fie parte a re?elei Grid ESET Live, care presupune trimiterea de informa?ii statistice anonim c?tre laboratoarele ESET. Mai mult, pute?i activa sau dezactiva detectarea aplica?iilor poten?ial nedorite (PNA). Imediat dup? finalizarea procesului de instalare, vi se solicit? s? configura?i noua functie anti-furt. Tot ce trebuie sa faci este conecta dispozitivul curent la contul on-line ESET, pentru a fi în m?sur? s? lanseze comenzi de protec?ie în cazul în care computerul este furat. Odat? ce a?i declaret aparatul ca lipseste, prima comand? este trimisa pentru a reporni sistemul. Dac? nu a?i luat deja aceast? m?sur? de precau?ie atunci când ati configurat functia anti-furt, un cont “Phantom” este creat. În continuare, calculatorul porne?te în mod automat în acest cont. Contul creat, nu numai c? protejeaz? accesul la informa?ii private (toate c?ile de acces la locurile de depozitare pe HDD sunt interzise), dar se poate urmari, de asemenea, activitatea de pe calculator. În plus, în cazul în care pe dispozitiv exist? incorporat un webcam, acesta va deveni activ ?i va capta imagini cu cel ce se afla în fa?a ei. Vor putea fi depistate si locul in care se afla dispozitivul pe baza re?elelor Wi-Fi si a hartilor Wi-Fi din gama ESET. Chiar mai mult, pute?i trimite mesaje catre cel ce a gasit dispozitivul precum si date de contact pentru a-l returna. Interfa?a de suit? nu sa schimbat prea mult în compara?ie cu versiunea anterioar?, dezvoltatorul nefacand pasul catre optimizarea programului pentru dispozitivele cu ecran tactil. Sunt disponibile acelea?i sec?iuni de la ecranul principal, dar cei bine cunoscatori vor observa c? unele dintre op?iunile vechi si-au schimbat locul fiind disponibile unele noi. Spre deosebire de alte suite de programe din aceeasi sfera, ESET Smart Security 6 men?ine o interfa?? tradi?ional? ?i ofer? op?iuni de configurare pentru utilizatorii mai pu?in experimenta?i. Incepatorii pot activa ?i dezactiva diferite componente de protec?ie, cum ar fi HIPS (Host Intrusion Prevention System), Anti-Stealth, firewall, accesul web, anti-phishing, antispam, sau controlul parental. Pe de alt? parte, utilizatorii avansa?i au posibilitatea de a personaliza fiecare aspect al suitei, începând cu parametrii pentru tipurile de fi?iere pe care ar trebui s? fie scanate sau omise la normele de protec?ie firewall, pana la integrarea protocolului de filtrare pentru clientii e-mail. Smart Security a fost deja integrat in Microsoft Outlook (Outlook.com), Outlook Express, Windows Mail, Live Mail ?i Mozilla Thunderbird. Acest lucru asigur? protec?ie împotriva mesajelor infectate si a spam-ului. Controalele parentale nu au evoluat prea mult ?i op?iunile disponibile sunt înc? destul de limitate în compara?ie cu ceea ce ofera programele antivirus create de alte companii. Veti putea selecta vârsta utilizatorului ?i programul selecteaz? automat nivelul de filtrare pe baza vârstei. Astfel sunt disponibile 5 nivele (sub 5, 8, 13, 16 ?i 18), fiecare având o list? de categorii predefinite. Exist? posibilitatea de a personaliza categoriile în sec?iunea de setare avansat?, dar limitarea accesului spre site-uri cu con?inut specific este tot ce poti face. Nu pute?i s? limita?i accesul la aplica?ii sau timpul petrecut pe calculator. Meniul “Tools” din ESET Smart Security include utilitati, care pot fi de un real ajutor pentru utilizatori avansa?i, putand monitoriza activitatea sistemului de fi?iere, de re?ea sau procesele care ruleaz?. De asemenea, ave?i posibilitatea s? verifica?i conexiunile de re?ea. ESET SysInspector este disponibil si în aceast? sec?iune, de asemenea. Acesta este un instrument care inspecteaz? calculatorul bine ?i afi?eaz? detalii despre aplica?iile ?i driverele instalate, conexiunile de re?ea sau registrii. Acesta este un utilitar avansat care v? poate ajuta s? investiga?i comportamentul suspect al sistemului, cauzate eventual de incompatibilitate software sau hardware sau chiar malware. Crearea unui disc de salvare cu Smart Security a r?mas la fel de complicat atat pentru utilizatorii medii cat si pentru incepatori, deoarece procedeul inca necesit? Windows AIK pe sistem. sursa: ESET Smart Security 6 si functia sa anti-furt | TehnoIT | stiri IT
  14. Suntem pe punctul de a vedea in magazine noul si cel mai performant hard disk de 4 TB din lume purtand marca Seagate. Noul hard disk de la Seagate foloseste platane cu densitate de 1 TB care se invart la 7200 rpm si un buffer de 64 MB Cei de la Seagate se lauda si cu un consum de energie redus cu pana la 35% fata de principalii concurenti de pe piata si cu o viteza de transfer de pana la 145 MB/s ceea ce il face unu din cele mai rapide hard disk-uri vazute pana acuma. La asa performante am fi tentati sa spunem ca si pretul de achizitie este pe masura dar si aici Seagate ne surprinde oferind acest hard disk la pretul de 210 dolari in varianta retail sau 190 dolari pentru varianta bulk. - sursa : Cel mai rapid hard disk de 4 TB din lume | TehnoIT | stiri IT
  15. Informatia a aparut in presa din Coreea de Sud, care citeaza surse din interiorul companiei Samsung Galaxy Note 4 ar urma sa aiba ecran YOUM, adica un OLED flexibil, scrie presa din Coreea de Sud. Ecranul este indoit in partea din stanga si din dreapta pentru a crea zone suplimentare pentru notificari de mesaje primite, emailuri sau apeluri. Exista un filmulet in care Samsung a explicat tehnologia, care dateaza din 2013. Apar inclusiv avantajele pe care le-ar oferi aceasta idee. Samsung Galaxy Note 4 ar urma sa se lanseze in septembrie la IFA Berlin, daca sud-coreenii vor pastra traditia, scrie gsmarena. sursa : Stiri IT din Romania 22 Apr 2014
×
×
  • Create New...