begood

Lasa un feedback te rog, dupa ce il testezi LE: Fa si un printscreen, ca nu mai instalez vmware...

l-am avut mai demult, foarte folositor si mic. msi !

Am facut mai demult un Windows LiveCD cu BartPE. L-am potrivit frumos pe un CD mic (8cm, ~220mb). Lejer de purtat in buzunar, la un prieten. Are si un file explorer, backup shit. Evident si Kaspersky Antivirus 6. Se incarca rapid in RAM (1-2min), iar kaspersky are o baza maricica de definitii pentru virusi/troieni/shit. Scanul merge repede. Il folosesc pentru cazuri de urgenta, ex nu se deschide computerul, nu pot modifica anumite setari decat offline. O sa mai postez cateva LiveCD-uri pentru cazuri de urgenta, majoritatea compilate de mine, dupa ce fac si eu update la tot. anyway here's the link : https://www.wuala.com/95a113c0/pub/windows_kaspersky.iso?key=vgtdbgSIykjs vreti reup, pm me. Poate ma apuc si va fac un Backtrack cu interfata Windows xD. Asta daca imi dati o lista cu programe indispensabile pentru un "hacker". Niste compilatoare de vreti. Voi face asa incat sa intre pe un CD mode 2/DVD5. Ideea e ca mi-e mai usor daca programele nu au nevoie de referinte "ruleaza de pe stick".

cine are chef sa verifice pe vmware toate programele ce le posteaza idiotii astia ? mai bine inchideti forumul ">>>Tools<<<" pentru postari noi, sa poata doar citi. Abia dupa cateva posturi sa se deschida. Intre timp iti dai seama cu cine ai de-a face...

DEZACTIVATI POSIBILITATEA DE A POSTA LINKURI DIN PRIMELE 10 POSTURI ! iar s-ar putea sa fie backdoor. e chiar primul sau post.

Multi ani !

Logan Lerman e baiatul ...aaa vic mi-a luat-o inainte

Virustotal. MD5: 0483d981373a97fa154e99d3d65f9b80 Trojan.Backdoor.Backdoor.Gen Backdoor.Generic.239884 Backdoor.Generic.239884 a-squared 4.5.0.43 2009.12.26 - AhnLab-V3 5.0.0.2 2009.12.25 - AntiVir 7.9.1.122 2009.12.25 BDS/Backdoor.Gen Antiy-AVL 2.0.3.7 2009.12.25 - Authentium 5.2.0.5 2009.12.25 - Avast 4.8.1351.0 2009.12.26 Win32:Trojan-gen AVG 8.5.0.430 2009.12.25 Generic16.FKC BitDefender 7.2 2009.12.26 Backdoor.Generic.239884 CAT-QuickHeal 10.00 2009.12.26 - ClamAV 0.94.1 2009.12.26 - Comodo 3373 2009.12.26 - DrWeb 5.0.1.12222 2009.12.26 - eSafe 7.0.17.0 2009.12.24 - eTrust-Vet 35.1.7198 2009.12.25 - F-Prot 4.5.1.85 2009.12.25 - F-Secure 9.0.15370.0 2009.12.26 Backdoor.Generic.239884 Fortinet 4.0.14.0 2009.12.26 - GData 19 2009.12.26 Backdoor.Generic.239884 Ikarus T3.1.1.79.0 2009.12.26 Trojan-Spy.Win32.PWStealer Jiangmin 13.0.900 2009.12.26 - K7AntiVirus 7.10.929 2009.12.24 - Kaspersky 7.0.0.125 2009.12.26 - McAfee 5842 2009.12.24 - McAfee+Artemis 5842 2009.12.24 Artemis!C653AF5DED3F McAfee-GW-Edition 6.8.5 2009.12.26 Trojan.Backdoor.Backdoor.Gen Microsoft 1.5302 2009.12.26 - NOD32 4716 2009.12.25 - Norman 6.04.03 2009.12.24 - nProtect 2009.1.8.0 2009.12.26 - Panda 10.0.2.2 2009.12.15 Suspicious file

oare ) ce motiv, mai ales aici, pe acest forum

verificati de nu-i virus, ca iar posteaza programe din primul post

#! /usr/bin/python # unswindle.pyw, version 5-rc1 # To run this program install a 32-bit version of Python 2.6 from # <http://www.python.org/download/>. Save this script file as unswindle.pyw. # Find and save in the same directory a copy of mobidedrm.py. Double-click on # unswindle.pyw. It will run Kindle For PC. Open the book you want to # decrypt. Close Kindle For PC. A dialog will open allowing you to select the # output file. And you're done! # Revision history: # 1 - Initial release # 2 - Fixes to work properly on Windows versions >XP # 3 - Fix minor bug in path extraction # 4 - Fix error opening threads; detect Topaz books; # detect unsupported versions of K4PC # 5 - Work on new (20091222) version of K4PC """ Decrypt Kindle For PC encrypted Mobipocket books. """ __license__ = 'GPL v3' import sys import os import re import tempfile import shutil import subprocess import struct import hashlib import ctypes from ctypes import * from ctypes.wintypes import * import binascii import _winreg as winreg import Tkinter import Tkconstants import tkMessageBox import tkFileDialog import traceback # # _extrawintypes.py UBYTE = c_ubyte ULONG_PTR = POINTER(ULONG) PULONG = ULONG_PTR PVOID = LPVOID LPCTSTR = LPTSTR = c_wchar_p LPBYTE = c_char_p SIZE_T = c_uint SIZE_T_p = POINTER(SIZE_T) # # _ntdll.py NTSTATUS = DWORD ntdll = windll.ntdll class PROCESS_BASIC_INFORMATION(Structure): _fields_ = [('Reserved1', PVOID), ('PebBaseAddress', PVOID), ('Reserved2', PVOID * 2), ('UniqueProcessId', ULONG_PTR), ('Reserved3', PVOID)] # NTSTATUS WINAPI NtQueryInformationProcess( # __in HANDLE ProcessHandle, # __in PROCESSINFOCLASS ProcessInformationClass, # __out PVOID ProcessInformation, # __in ULONG ProcessInformationLength, # __out_opt PULONG ReturnLength # ); NtQueryInformationProcess = ntdll.NtQueryInformationProcess NtQueryInformationProcess.argtypes = [HANDLE, DWORD, PVOID, ULONG, PULONG] NtQueryInformationProcess.restype = NTSTATUS # # _kernel32.py INFINITE = 0xffffffff CREATE_UNICODE_ENVIRONMENT = 0x00000400 DEBUG_ONLY_THIS_PROCESS = 0x00000002 DEBUG_PROCESS = 0x00000001 THREAD_GET_CONTEXT = 0x0008 THREAD_QUERY_INFORMATION = 0x0040 THREAD_SET_CONTEXT = 0x0010 THREAD_SET_INFORMATION = 0x0020 EXCEPTION_BREAKPOINT = 0x80000003 EXCEPTION_SINGLE_STEP = 0x80000004 EXCEPTION_ACCESS_VIOLATION = 0xC0000005 DBG_CONTINUE = 0x00010002L DBG_EXCEPTION_NOT_HANDLED = 0x80010001L EXCEPTION_DEBUG_EVENT = 1 CREATE_THREAD_DEBUG_EVENT = 2 CREATE_PROCESS_DEBUG_EVENT = 3 EXIT_THREAD_DEBUG_EVENT = 4 EXIT_PROCESS_DEBUG_EVENT = 5 LOAD_DLL_DEBUG_EVENT = 6 UNLOAD_DLL_DEBUG_EVENT = 7 OUTPUT_DEBUG_STRING_EVENT = 8 RIP_EVENT = 9 class DataBlob(Structure): _fields_ = [('cbData', c_uint), ('pbData', c_void_p)] DataBlob_p = POINTER(DataBlob) class SECURITY_ATTRIBUTES(Structure): _fields_ = [('nLength', DWORD), ('lpSecurityDescriptor', LPVOID), ('bInheritHandle', BOOL)] LPSECURITY_ATTRIBUTES = POINTER(SECURITY_ATTRIBUTES) class STARTUPINFO(Structure): _fields_ = [('cb', DWORD), ('lpReserved', LPTSTR), ('lpDesktop', LPTSTR), ('lpTitle', LPTSTR), ('dwX', DWORD), ('dwY', DWORD), ('dwXSize', DWORD), ('dwYSize', DWORD), ('dwXCountChars', DWORD), ('dwYCountChars', DWORD), ('dwFillAttribute', DWORD), ('dwFlags', DWORD), ('wShowWindow', WORD), ('cbReserved2', WORD), ('lpReserved2', LPBYTE), ('hStdInput', HANDLE), ('hStdOutput', HANDLE), ('hStdError', HANDLE)] LPSTARTUPINFO = POINTER(STARTUPINFO) class PROCESS_INFORMATION(Structure): _fields_ = [('hProcess', HANDLE), ('hThread', HANDLE), ('dwProcessId', DWORD), ('dwThreadId', DWORD)] LPPROCESS_INFORMATION = POINTER(PROCESS_INFORMATION) EXCEPTION_MAXIMUM_PARAMETERS = 15 class EXCEPTION_RECORD(Structure): pass EXCEPTION_RECORD._fields_ = [ ('ExceptionCode', DWORD), ('ExceptionFlags', DWORD), ('ExceptionRecord', POINTER(EXCEPTION_RECORD)), ('ExceptionAddress', LPVOID), ('NumberParameters', DWORD), ('ExceptionInformation', ULONG_PTR * EXCEPTION_MAXIMUM_PARAMETERS)] class EXCEPTION_DEBUG_INFO(Structure): _fields_ = [('ExceptionRecord', EXCEPTION_RECORD), ('dwFirstChance', DWORD)] class CREATE_THREAD_DEBUG_INFO(Structure): _fields_ = [('hThread', HANDLE), ('lpThreadLocalBase', LPVOID), ('lpStartAddress', LPVOID)] class CREATE_PROCESS_DEBUG_INFO(Structure): _fields_ = [('hFile', HANDLE), ('hProcess', HANDLE), ('hThread', HANDLE), ('dwDebugInfoFileOffset', DWORD), ('nDebugInfoSize', DWORD), ('lpThreadLocalBase', LPVOID), ('lpStartAddress', LPVOID), ('lpImageName', LPVOID), ('fUnicode', WORD)] class EXIT_THREAD_DEBUG_INFO(Structure): _fields_ = [('dwExitCode', DWORD)] class EXIT_PROCESS_DEBUG_INFO(Structure): _fields_ = [('dwExitCode', DWORD)] class LOAD_DLL_DEBUG_INFO(Structure): _fields_ = [('hFile', HANDLE), ('lpBaseOfDll', LPVOID), ('dwDebugInfoFileOffset', DWORD), ('nDebugInfoSize', DWORD), ('lpImageName', LPVOID), ('fUnicode', WORD)] class UNLOAD_DLL_DEBUG_INFO(Structure): _fields_ = [('lpBaseOfDll', LPVOID)] class OUTPUT_DEBUG_STRING_INFO(Structure): _fields_ = [('lpDebugStringData', LPSTR), ('fUnicode', WORD), ('nDebugStringLength', WORD)] class RIP_INFO(Structure): _fields_ = [('dwError', DWORD), ('dwType', DWORD)] class _U(Union): _fields_ = [('Exception', EXCEPTION_DEBUG_INFO), ('CreateThread', CREATE_THREAD_DEBUG_INFO), ('CreateProcessInfo', CREATE_PROCESS_DEBUG_INFO), ('ExitThread', EXIT_THREAD_DEBUG_INFO), ('ExitProcess', EXIT_PROCESS_DEBUG_INFO), ('LoadDll', LOAD_DLL_DEBUG_INFO), ('UnloadDll', UNLOAD_DLL_DEBUG_INFO), ('DebugString', OUTPUT_DEBUG_STRING_INFO), ('RipInfo', RIP_INFO)] class DEBUG_EVENT(Structure): _anonymous_ = ('u',) _fields_ = [('dwDebugEventCode', DWORD), ('dwProcessId', DWORD), ('dwThreadId', DWORD), ('u', _U)] LPDEBUG_EVENT = POINTER(DEBUG_EVENT) CONTEXT_X86 = 0x00010000 CONTEXT_i386 = CONTEXT_X86 CONTEXT_i486 = CONTEXT_X86 CONTEXT_CONTROL = (CONTEXT_i386 | 0x0001) # SS:SP, CS:IP, FLAGS, BP CONTEXT_INTEGER = (CONTEXT_i386 | 0x0002) # AX, BX, CX, DX, SI, DI CONTEXT_SEGMENTS = (CONTEXT_i386 | 0x0004) # DS, ES, FS, GS CONTEXT_FLOATING_POINT = (CONTEXT_i386 | 0x0008L) # 387 state CONTEXT_DEBUG_REGISTERS = (CONTEXT_i386 | 0x0010L) # DB 0-3,6,7 CONTEXT_EXTENDED_REGISTERS = (CONTEXT_i386 | 0x0020L) CONTEXT_FULL = (CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_SEGMENTS) CONTEXT_ALL = (CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_SEGMENTS | CONTEXT_FLOATING_POINT | CONTEXT_DEBUG_REGISTERS | CONTEXT_EXTENDED_REGISTERS) SIZE_OF_80387_REGISTERS = 80 class FLOATING_SAVE_AREA(Structure): _fields_ = [('ControlWord', DWORD), ('StatusWord', DWORD), ('TagWord', DWORD), ('ErrorOffset', DWORD), ('ErrorSelector', DWORD), ('DataOffset', DWORD), ('DataSelector', DWORD), ('RegisterArea', BYTE * SIZE_OF_80387_REGISTERS), ('Cr0NpxState', DWORD)] MAXIMUM_SUPPORTED_EXTENSION = 512 class CONTEXT(Structure): _fields_ = [('ContextFlags', DWORD), ('Dr0', DWORD), ('Dr1', DWORD), ('Dr2', DWORD), ('Dr3', DWORD), ('Dr6', DWORD), ('Dr7', DWORD), ('FloatSave', FLOATING_SAVE_AREA), ('SegGs', DWORD), ('SegFs', DWORD), ('SegEs', DWORD), ('SegDs', DWORD), ('Edi', DWORD), ('Esi', DWORD), ('Ebx', DWORD), ('Edx', DWORD), ('Ecx', DWORD), ('Eax', DWORD), ('Ebp', DWORD), ('Eip', DWORD), ('SegCs', DWORD), ('EFlags', DWORD), ('Esp', DWORD), ('SegSs', DWORD), ('ExtendedRegisters', BYTE * MAXIMUM_SUPPORTED_EXTENSION)] LPCONTEXT = POINTER(CONTEXT) class LDT_ENTRY(Structure): _fields_ = [('LimitLow', WORD), ('BaseLow', WORD), ('BaseMid', UBYTE), ('Flags1', UBYTE), ('Flags2', UBYTE), ('BaseHi', UBYTE)] LPLDT_ENTRY = POINTER(LDT_ENTRY) kernel32 = windll.kernel32 # BOOL WINAPI CloseHandle( # __in HANDLE hObject # ); CloseHandle = kernel32.CloseHandle CloseHandle.argtypes = [HANDLE] CloseHandle.restype = BOOL # BOOL WINAPI CreateProcess( # __in_opt LPCTSTR lpApplicationName, # __inout_opt LPTSTR lpCommandLine, # __in_opt LPSECURITY_ATTRIBUTES lpProcessAttributes, # __in_opt LPSECURITY_ATTRIBUTES lpThreadAttributes, # __in BOOL bInheritHandles, # __in DWORD dwCreationFlags, # __in_opt LPVOID lpEnvironment, # __in_opt LPCTSTR lpCurrentDirectory, # __in LPSTARTUPINFO lpStartupInfo, # __out LPPROCESS_INFORMATION lpProcessInformation # ); CreateProcess = kernel32.CreateProcessW CreateProcess.argtypes = [LPCTSTR, LPTSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPCTSTR, LPSTARTUPINFO, LPPROCESS_INFORMATION] CreateProcess.restype = BOOL # HANDLE WINAPI OpenThread( # __in DWORD dwDesiredAccess, # __in BOOL bInheritHandle, # __in DWORD dwThreadId # ); OpenThread = kernel32.OpenThread OpenThread.argtypes = [DWORD, BOOL, DWORD] OpenThread.restype = HANDLE # BOOL WINAPI ContinueDebugEvent( # __in DWORD dwProcessId, # __in DWORD dwThreadId, # __in DWORD dwContinueStatus # ); ContinueDebugEvent = kernel32.ContinueDebugEvent ContinueDebugEvent.argtypes = [DWORD, DWORD, DWORD] ContinueDebugEvent.restype = BOOL # BOOL WINAPI DebugActiveProcess( # __in DWORD dwProcessId # ); DebugActiveProcess = kernel32.DebugActiveProcess DebugActiveProcess.argtypes = [DWORD] DebugActiveProcess.restype = BOOL # BOOL WINAPI GetThreadContext( # __in HANDLE hThread, # __inout LPCONTEXT lpContext # ); GetThreadContext = kernel32.GetThreadContext GetThreadContext.argtypes = [HANDLE, LPCONTEXT] GetThreadContext.restype = BOOL # BOOL WINAPI GetThreadSelectorEntry( # __in HANDLE hThread, # __in DWORD dwSelector, # __out LPLDT_ENTRY lpSelectorEntry # ); GetThreadSelectorEntry = kernel32.GetThreadSelectorEntry GetThreadSelectorEntry.argtypes = [HANDLE, DWORD, LPLDT_ENTRY] GetThreadSelectorEntry.restype = BOOL # BOOL WINAPI ReadProcessMemory( # __in HANDLE hProcess, # __in LPCVOID lpBaseAddress, # __out LPVOID lpBuffer, # __in SIZE_T nSize, # __out SIZE_T *lpNumberOfBytesRead # ); ReadProcessMemory = kernel32.ReadProcessMemory ReadProcessMemory.argtypes = [HANDLE, LPCVOID, LPVOID, SIZE_T, SIZE_T_p] ReadProcessMemory.restype = BOOL # BOOL WINAPI SetThreadContext( # __in HANDLE hThread, # __in const CONTEXT *lpContext # ); SetThreadContext = kernel32.SetThreadContext SetThreadContext.argtypes = [HANDLE, LPCONTEXT] SetThreadContext.restype = BOOL # BOOL WINAPI WaitForDebugEvent( # __out LPDEBUG_EVENT lpDebugEvent, # __in DWORD dwMilliseconds # ); WaitForDebugEvent = kernel32.WaitForDebugEvent WaitForDebugEvent.argtypes = [LPDEBUG_EVENT, DWORD] WaitForDebugEvent.restype = BOOL # BOOL WINAPI WriteProcessMemory( # __in HANDLE hProcess, # __in LPVOID lpBaseAddress, # __in LPCVOID lpBuffer, # __in SIZE_T nSize, # __out SIZE_T *lpNumberOfBytesWritten # ); WriteProcessMemory = kernel32.WriteProcessMemory WriteProcessMemory.argtypes = [HANDLE, LPVOID, LPCVOID, SIZE_T, SIZE_T_p] WriteProcessMemory.restype = BOOL # BOOL WINAPI FlushInstructionCache( # __in HANDLE hProcess, # __in LPCVOID lpBaseAddress, # __in SIZE_T dwSize # ); FlushInstructionCache = kernel32.FlushInstructionCache FlushInstructionCache.argtypes = [HANDLE, LPCVOID, SIZE_T] FlushInstructionCache.restype = BOOL # # debugger.py FLAG_TRACE_BIT = 0x100 class DebuggerError(Exception): pass class Debugger(object): def __init__(self, process_info): self.process_info = process_info self.pid = process_info.dwProcessId self.tid = process_info.dwThreadId self.hprocess = process_info.hProcess self.hthread = process_info.hThread self._threads = {self.tid: self.hthread} self._processes = {self.pid: self.hprocess} self._bps = {} self._inactive = {} def read_process_memory(self, addr, size=None, type=str): if issubclass(type, basestring): buf = ctypes.create_string_buffer(size) ref = buf else: size = ctypes.sizeof(type) buf = type() ref = byref(buf) copied = SIZE_T(0) rv = ReadProcessMemory(self.hprocess, addr, ref, size, byref(copied)) if not rv: addr = getattr(addr, 'value', addr) raise DebuggerError("could not read memory @ 0x%08x" % (addr,)) if copied.value != size: raise DebuggerError("insufficient memory read") if issubclass(type, basestring): return buf.raw return buf def set_bp(self, addr, callback, bytev=None): hprocess = self.hprocess if bytev is None: byte = self.read_process_memory(addr, type=ctypes.c_byte) bytev = byte.value else: byte = ctypes.c_byte(0) self._bps[addr] = (bytev, callback) byte.value = 0xcc copied = SIZE_T(0) rv = WriteProcessMemory(hprocess, addr, byref(byte), 1, byref(copied)) if not rv: addr = getattr(addr, 'value', addr) raise DebuggerError("could not write memory @ 0x%08x" % (addr,)) if copied.value != 1: raise DebuggerError("insufficient memory written") rv = FlushInstructionCache(hprocess, None, 0) if not rv: raise DebuggerError("could not flush instruction cache") return def _restore_bps(self): for addr, (bytev, callback) in self._inactive.items(): self.set_bp(addr, callback, bytev=bytev) self._inactive.clear() def _handle_bp(self, addr): hprocess = self.hprocess hthread = self.hthread bytev, callback = self._inactive[addr] = self._bps.pop(addr) byte = ctypes.c_byte(bytev) copied = SIZE_T(0) rv = WriteProcessMemory(hprocess, addr, byref(byte), 1, byref(copied)) if not rv: raise DebuggerError("could not write memory") if copied.value != 1: raise DebuggerError("insufficient memory written") rv = FlushInstructionCache(hprocess, None, 0) if not rv: raise DebuggerError("could not flush instruction cache") context = CONTEXT(ContextFlags=CONTEXT_FULL) rv = GetThreadContext(hthread, byref(context)) if not rv: raise DebuggerError("could not get thread context") context.Eip = addr callback(self, context) context.EFlags |= FLAG_TRACE_BIT rv = SetThreadContext(hthread, byref(context)) if not rv: raise DebuggerError("could not set thread context") return def _get_peb_address(self): hthread = self.hthread hprocess = self.hprocess try: pbi = PROCESS_BASIC_INFORMATION() rv = NtQueryInformationProcess(hprocess, 0, byref(pbi), sizeof(pbi), None) if rv != 0: raise DebuggerError("could not query process information") return pbi.PebBaseAddress except DebuggerError: pass try: context = CONTEXT(ContextFlags=CONTEXT_FULL) rv = GetThreadContext(hthread, byref(context)) if not rv: raise DebuggerError("could not get thread context") entry = LDT_ENTRY() rv = GetThreadSelectorEntry(hthread, context.SegFs, byref(entry)) if not rv: raise DebuggerError("could not get selector entry") low, mid, high = entry.BaseLow, entry.BaseMid, entry.BaseHi fsbase = low | (mid << 16) | (high << 24) pebaddr = self.read_process_memory(fsbase + 0x30, type=c_voidp) return pebaddr.value except DebuggerError: pass return 0x7ffdf000 def get_base_address(self): addr = self._get_peb_address() + (2 * 4) baseaddr = self.read_process_memory(addr, type=c_voidp) return baseaddr.value def main_loop(self): event = DEBUG_EVENT() finished = False while not finished: rv = WaitForDebugEvent(byref(event), INFINITE) if not rv: raise DebuggerError("could not get debug event") self.pid = pid = event.dwProcessId self.tid = tid = event.dwThreadId self.hprocess = self._processes.get(pid, None) self.hthread = self._threads.get(tid, None) status = DBG_CONTINUE evid = event.dwDebugEventCode if evid == EXCEPTION_DEBUG_EVENT: first = event.Exception.dwFirstChance record = event.Exception.ExceptionRecord exid = record.ExceptionCode flags = record.ExceptionFlags addr = record.ExceptionAddress if exid == EXCEPTION_BREAKPOINT: if addr in self._bps: self._handle_bp(addr) elif exid == EXCEPTION_SINGLE_STEP: self._restore_bps() else: status = DBG_EXCEPTION_NOT_HANDLED elif evid == LOAD_DLL_DEBUG_EVENT: hfile = event.LoadDll.hFile if hfile is not None: rv = CloseHandle(hfile) if not rv: raise DebuggerError("error closing file handle") elif evid == CREATE_THREAD_DEBUG_EVENT: info = event.CreateThread self.hthread = info.hThread self._threads[tid] = self.hthread elif evid == EXIT_THREAD_DEBUG_EVENT: hthread = self._threads.pop(tid, None) if hthread is not None: rv = CloseHandle(hthread) if not rv: raise DebuggerError("error closing thread handle") elif evid == CREATE_PROCESS_DEBUG_EVENT: info = event.CreateProcessInfo self.hprocess = info.hProcess self._processes[pid] = self.hprocess elif evid == EXIT_PROCESS_DEBUG_EVENT: hprocess = self._processes.pop(pid, None) if hprocess is not None: rv = CloseHandle(hprocess) if not rv: raise DebuggerError("error closing process handle") if pid == self.process_info.dwProcessId: finished = True rv = ContinueDebugEvent(pid, tid, status) if not rv: raise DebuggerError("could not continue debug") return True # # unswindle.py KINDLE_REG_KEY = \ r'Software\Classes\Amazon.KindleForPC.content\shell\open\command' class UnswindleError(Exception): pass class PC1KeyGrabber(object): HOOKS = { 'b9f7e422094b8c8966a0e881e6358116e03e5b7b': { 0x004a719d: '_no_debugger_here', 0x005a795b: '_no_debugger_here', 0x0054f7e0: '_get_pc1_pid', 0x004f9c79: '_get_book_path', }, 'd5124ee20dab10e44b41a039363f6143725a5417': { 0x0041150d: '_i_like_wine', 0x004a681d: '_no_debugger_here', 0x005a438b: '_no_debugger_here', 0x0054c9e0: '_get_pc1_pid', 0x004f8ac9: '_get_book_path', }, } @classmethod def supported_version(cls, hexdigest): return (hexdigest in cls.HOOKS) def _taddr(self, addr): return (addr - 0x00400000) + self.baseaddr def __init__(self, debugger, hexdigest): self.book_path = None self.book_pid = None self.baseaddr = debugger.get_base_address() hooks = self.HOOKS[hexdigest] for addr, mname in hooks.items(): debugger.set_bp(self._taddr(addr), getattr(self, mname)) def _i_like_wine(self, debugger, context): context.Eax = 1 return def _no_debugger_here(self, debugger, context): context.Eip += 2 context.Eax = 0 return def _get_book_path(self, debugger, context): addr = debugger.read_process_memory(context.Esp, type=ctypes.c_voidp) try: path = debugger.read_process_memory(addr, 4096) except DebuggerError: pgrest = 0x1000 - (addr.value & 0xfff) path = debugger.read_process_memory(addr, pgrest) path = path.decode('utf-16', 'ignore') if u'\0' in path: path = path[:path.index(u'\0')] if path[-4:].lower() not in ('.prc', '.pdb', '.mobi'): return self.book_path = path def _get_pc1_pid(self, debugger, context): addr = context.Esp + ctypes.sizeof(ctypes.c_voidp) addr = debugger.read_process_memory(addr, type=ctypes.c_char_p) pid = debugger.read_process_memory(addr, 8) pid = self._checksum_pid(pid) self.book_pid = pid def _checksum_pid(self, s): letters = "ABCDEFGHIJKLMNPQRSTUVWXYZ123456789" crc = (~binascii.crc32(s,-1))&0xFFFFFFFF crc = crc ^ (crc >> 16) res = s l = len(letters) for i in (0,1): b = crc & 0xff pos = (b // l) ^ (b % l) res += letters[pos%l] crc >>= 8 return res class Unswindler(object): def __init__(self): self._exepath = self._get_exe_path() self._hexdigest = self._get_hexdigest() self._exedir = os.path.dirname(self._exepath) self._mobidedrmpath = self._get_mobidedrm_path() def _get_mobidedrm_path(self): basedir = sys.modules[self.__module__].__file__ basedir = os.path.dirname(basedir) for basename in ('mobidedrm', 'mobidedrm.py', 'mobidedrm.pyw'): path = os.path.join(basedir, basename) if os.path.isfile(path): return path raise UnswindleError("could not locate MobiDeDRM script") def _get_exe_path(self): path = None for root in (winreg.HKEY_CURRENT_USER, winreg.HKEY_LOCAL_MACHINE): try: regkey = winreg.OpenKey(root, KINDLE_REG_KEY) path = winreg.QueryValue(regkey, None) break except WindowsError: pass else: raise UnswindleError("Kindle For PC installation not found") if '"' in path: path = re.search(r'"(.*?)"', path).group(1) return path def _get_hexdigest(self): path = self._exepath sha1 = hashlib.sha1() with open(path, 'rb') as f: data = f.read(4096) while data: sha1.update(data) data = f.read(4096) hexdigest = sha1.hexdigest() if not PC1KeyGrabber.supported_version(hexdigest): raise UnswindleError("Unsupported version of Kindle For PC") return hexdigest def _is_topaz(self, path): with open(path, 'rb') as f: magic = f.read(4) if magic == 'TPZ0': return True return False def get_book(self): creation_flags = (CREATE_UNICODE_ENVIRONMENT | DEBUG_PROCESS | DEBUG_ONLY_THIS_PROCESS) startup_info = STARTUPINFO() process_info = PROCESS_INFORMATION() path = pid = None try: rv = CreateProcess(self._exepath, None, None, None, False, creation_flags, None, self._exedir, byref(startup_info), byref(process_info)) if not rv: raise UnswindleError("failed to launch Kindle For PC") debugger = Debugger(process_info) grabber = PC1KeyGrabber(debugger, self._hexdigest) debugger.main_loop() path = grabber.book_path pid = grabber.book_pid finally: if process_info.hThread is not None: CloseHandle(process_info.hThread) if process_info.hProcess is not None: CloseHandle(process_info.hProcess) if path is None: raise UnswindleError("failed to determine book path") if self._is_topaz(path): raise UnswindleError("cannot decrypt Topaz format book") if pid is None: raise UnswindleError("failed to determine book PID") return (path, pid) def decrypt_book(self, inpath, outpath, pid): # darkreverser didn't protect mobidedrm's script execution to allow # importing, so we have to just run it in a subprocess with tempfile.NamedTemporaryFile(delete=False) as tmpf: tmppath = tmpf.name args = [sys.executable, self._mobidedrmpath, inpath, tmppath, pid] mobidedrm = subprocess.Popen(args, stderr=subprocess.STDOUT, stdout=subprocess.PIPE, universal_newlines=True) output = mobidedrm.communicate()[0] if not output.endswith("done\n"): try: os.remove(tmppath) except OSError: pass raise UnswindleError("problem running MobiDeDRM:\n" + output) shutil.move(tmppath, outpath) return class ExceptionDialog(Tkinter.Frame): def __init__(self, root, text): Tkinter.Frame.__init__(self, root, border=5) label = Tkinter.Label(self, text="Unexpected error:", anchor=Tkconstants.W, justify=Tkconstants.LEFT) label.pack(fill=Tkconstants.X, expand=0) self.text = Tkinter.Text(self) self.text.pack(fill=Tkconstants.BOTH, expand=1) self.text.insert(Tkconstants.END, text) def gui_main(argv=sys.argv): root = Tkinter.Tk() root.withdraw() progname = os.path.basename(argv[0]) try: unswindler = Unswindler() inpath, pid = unswindler.get_book() outpath = tkFileDialog.asksaveasfilename( parent=None, title='Select unencrypted Mobipocket file to produce', defaultextension='.mobi', filetypes=[('MOBI files', '.mobi'), ('All files', '.*')]) if not outpath: return 0 unswindler.decrypt_book(inpath, outpath, pid) except UnswindleError, e: tkMessageBox.showerror("Unswindle For PC", "Error: " + str(e)) return 1 except Exception: root.wm_state('normal') root.title('Unswindle For PC') text = traceback.format_exc() ExceptionDialog(root, text).pack(fill=Tkconstants.BOTH, expand=1) root.mainloop() return 1 def cli_main(argv=sys.argv): progname = os.path.basename(argv[0]) args = argv[1:] if len(args) != 1: sys.stderr.write("usage: %s OUTFILE\n" % (progname,)) return 1 outpath = args[0] unswindler = Unswindler() inpath, pid = unswindler.get_book() unswindler.decrypt_book(inpath, outpath, pid) return 0 if __name__ == '__main__': sys.exit(gui_main())

manc cioco si citesc idioteniile de pe rst... anu asta totul o fo diferit, so i'm home

Si sa nu aiba voie sa posteze linkuri cu programe tot pana la 20 de posturi. Restrictionati cumva forumul cu programe, pentru ca vin si din primul post baga virusi, s-a intamplat de cel putin 3 ori pana acum din cate am observat eu.

bine ai venit.

Perfume iar filmul e la fel de bun : Perfume: The Story of a Murderer (2006)

@ pax next time search the forum "petabyte" : http://rstcenter.com/forum/16597-how-large-petabyte.rst

Foarte interesant, multumesc ! LE : inca ceva : http://cryptome.org/0001/yahoo-cryptome.htm http://cryptome.org/yahoo-demand.pdf

Author.................: Alain Strowel Publisher..............: Edward Elgar Pub Number Of Pages........: 322 Format.................: PDF Publication Date.......: 2009-11-30 ISBN-10 / ASIN.........: 1847205623 Description: This timely volume offers a comprehensive review of case law, in various jurisdictions, on secondary liability for copyright infringement, particularly P2P file sharing and online infringements. Moreover, the book includes forward-looking contributions of prominent academics from the US and the EU, which provide original perspectives on the future shape of online copyright law, looking at questions such as whether it could or even should evolve towards a compensation system. By combining these different avenues, the book will be of particular interest to practitioners, academics, researchers and legal scholars involved in the field of copyright law. Table of contents: Introduction: Peer-to-Peer File Sharing and Secondary Liability in Copyright Law Alain Strowel 1. Liability of Users and Third Parties for Copyright Infringements on the Internet: Overview of International Developments Allen N. Dixon 2. Legal Issues in Peer-To-Peer File Sharing, Focusing on the Making Available Right Michael Schlesinger 3. Secondary Liability for Copyright Infringement with Regard to Hyperlinks Alain Strowel and Vicky Hanley 4. Copyright Control vs. Compensation: The Prospects for Exclusive Rights after Grokster and Kazaa Jane C. Ginsburg 5. Global Networks and Domestic Laws: Some Private International Law Issues Arising from Australian and US Liability Theories Graeme W. Austin 6. A Bipolar Copyright System for the Digital Network Environment Alexander Peukert 7. Sharing Out Online Liability: Sharing Files, Sharing Risks and Targeting ISPs Robert Clark 8. A Reverse Notice and Takedown Regime to Enable Public Interest Uses of Technically Protected Copyrighted Works Jerome H. Reichman, Graeme B. Dinwoodie and Pamela Samuelson 2shared - download Peer-to-Peer File Sharing and Secondary Liability in Copyright Law by Alain Strowel.rar

Want to know how much phone companies and internet service providers charge to funnel your private communications or records to U.S. law enforcement and spy agencies? That’s the question muckraker and Indiana University graduate student Christopher Soghoian asked all agencies within the Department of Justice, under a Freedom of Information Act (FOIA) request filed a few months ago. But before the agencies could provide the data, Verizon and Yahoo intervened and filed an objection on grounds that, among other things, they would be ridiculed and publicly shamed were their surveillance price sheets made public. Yahoo writes in its 12-page objection letter (.pdf), that if its pricing information were disclosed to Soghoian, he would use it “to ’shame’ Yahoo! and other companies — and to ’shock’ their customers.” “Therefore, release of Yahoo!’s information is reasonably likely to lead to impairment of its reputation for protection of user privacy and security, which is a competitive disadvantage for technology companies,” the company writes. Verizon took a different stance. It objected to the release (.pdf) of its Law Enforcement Legal Compliance Guide because it might “confuse” customers and lead them to think that records and surveillance capabilities available only to law enforcement would be available to them as well — resulting in a flood of customer calls to the company asking for trap and trace orders. “Customers may see a listing of records, information or assistance that is available only to law enforcement,” Verizon writes in its letter, “but call in to Verizon and seek those same services. Such calls would stretch limited resources, especially those that are reserved only for law enforcement emergencies.” Other customers, upon seeing the types of surveillance law enforcement can do, might “become unnecessarily afraid that their lines have been tapped or call Verizon to ask if their lines are tapped (a question we cannot answer).” Verizon does disclose a little tidbit in its letter, saying that the company receives “tens of thousands” of requests annually for customer records and information from law enforcement agencies. Soghoian filed his records request to discover how much law enforcement agencies — and thus U.S. taxpayers — are paying for spy documents and surveillance services with the aim of trying to deduce from this how often such requests are being made. Soghoian explained his theory on his blog, Slight Paranoia: In the summer of 2009, I decided to try and follow the money trail in order to determine how often Internet firms were disclosing their customers’ private information to the government. I theorized that if I could obtain the price lists of each ISP, detailing the price for each kind of service, and invoices paid by the various parts of the Federal government, then I might be able to reverse engineer some approximate statistics. In order to obtain these documents, I filed Freedom of Information Act requests with every part of the Department of Justice that I could think of. The first DoJ agency to respond to his request was the U.S. Marshals Service (USMS), which indicated that it had price lists available for Cox Communications, Comcast, Yahoo and Verizon. But because the companies voluntarily provided the price lists to the government, the FOIA allows the companies an opportunity to object to the disclosure of their data under various exemptions. Comcast and Cox were fine with the disclosure, Soghoian reported. He found that Cox Communications charges $2,500 to fulfill a pen register/trap-and-trace order for 60 days, and $2,000 for each additional 60-day-interval. It charges $3,500 for the first 30 days of a wiretap, and $2,500 for each additional 30 days. Thirty days worth of a customer’s call detail records costs $40. Comcast’s pricing list, which was already leaked to the internet in 2007, indicated that it charges at least $1,000 for the first month of a wiretap, and $750 per month thereafter. But Verizon and Yahoo took offense at the request. Yahoo objected on grounds that its pricing constituted “confidential commercial information” and cited Exemption 4 of the Freedom of Information Act and the Trade Secrets Act. Exemption 4 of the FOIA refers to the disclosure of commercial or financial information that could result in a competitive disadvantage to the company if it were publicly disclosed. The company claims its pricing is derived from labor rates for employees and overhead and, therefore, disclosing the information would provide clues to its operating costs — regardless of whether these same clues are already available in public records, such as those the company files with the Securities and Exchange Commission. The company also claims that since Soghoian is trying to determine the actual amounts the Marshals Service paid Yahoo for responding to requests, the price lists are irrelevant, since “there are no standard prices for these transactions.” But equally important to Yahoo’s objections was the potential for “criticism” and ridicule. Yahoo quoted Soghoian on his blog writing that his aim was to “use this blog to shame the corporations that continue to do harm to user online privacy.” Yahoo also objected to the disclosure of its letter objecting to the disclosure of pricing information saying that “release of this letter would likely cause substantial competitive harm” to the company. The company added, in a veiled threat, that if the Marshals Service were to show anyone its letter objecting to the disclosure of pricing information, it could “impair the government’s ability to obtain information necessary for making appropriate decisions with regard to future FOIA requests.” If anyone out there has a copy of Verizon or Yahoo’s law enforcement pricing list and wants to share it, feel free to use our anonymous tip address. wired.com Image: FBI.gov

via dailygalaxy

The MD5 algorithm is quite possibly the most widely used digest algorithm out there. So of course, being the geek you are, you want to know how it works. Read on. First you must think of your message, not as a sequence of bytes, but as a sequence of bits (but only for a short while). The MD5 algorithm will accept messages that are any arbitrary number of bits long. However, so that the algorithm can process the data, it begins by padding the message to a length it can handle. This length just happens to be any number such that length mod 512 is equal to 448, or 64 bits short of being a multiple of 512. The message is padded by first appending a 1 bit to the message, and then enough 0 bits to make the message the proper length. The 1 bit is always added, so even if the message is already the proper length, it will be padded (a message can be padded with anywhere from 1 to 512 bits). The next step is to calculate the length of the message (before padding). This number is then appended as the last 64 bits of the message, making the message length a multiple of 512. If the message happens to be greater than 2^64 bits long, then the least significant 64 bits of the message are used (length mod 2^64). The MD5 algorithm uses 4 state variables, each of which is a 32 bit integer (an unsigned long on most systems). These variables are sliced and diced and are (eventually) the message digest. The variables are initialized as follows: A = 0x67452301 B = 0xEFCDAB89 C = 0x98BADCFE D = 0x10325476 Now on to the actual meat of the algorithm: the main part of the algorithm uses four functions to thoroughly goober the above state variables. Those functions are as follows: F(X,Y,Z) = (X & Y) | (~(X) & Z) G(X,Y,Z) = (X & Z) | (Y & ~(Z)) H(X,Y,Z) = X ^ Y ^ Z I(X,Y,Z) = Y ^ (X | ~(Z)) Where &, |, ^, and ~ are the bit-wise AND, OR, XOR, and NOT operators (respectively) that all C programmers should be familiar with. These functions, using the state variables and the message as input, are used to transform the state variables from their initial state into what will become the message digest. For each 512 bits of the message, the following is performed (this is only pseudo-code, don’t try to compile it): /* Group the 512 bit message into 16 different 32 bit chunks */ For j = 0 to 15 do Set X[j] to MessageBits[j*32] through MessageBits[j*32 + 31] end /* Store the digest variables out of harms way for the time being */ AA = A BB = B CC = C DD = D /* Round 1. */ /* Let [abcd k s i] denote the operation: a = b + ((a + F(b,c,d) + X[k] + T[i]) <<< s). */ /* Do the following 16 operations. */ [ABCD 0 7 1] [DABC 1 12 2] [CDAB 2 17 3] [BCDA 3 22 4] [ABCD 4 7 5] [DABC 5 12 6] [CDAB 6 17 7] [BCDA 7 22 8] [ABCD 8 7 9] [DABC 9 12 10] [CDAB 10 17 11] [BCDA 11 22 12] [ABCD 12 7 13] [DABC 13 12 14] [CDAB 14 17 15] [BCDA 15 22 16] /* Round 2. */ /* Let [abcd k s i] denote the operation: a = b + ((a + G(b,c,d) + X[k] + T[i]) <<< s). */ /* Do the following 16 operations. */ [ABCD 1 5 17] [DABC 6 9 18] [CDAB 11 14 19] [BCDA 0 20 20] [ABCD 5 5 21] [DABC 10 9 22] [CDAB 15 14 23] [BCDA 4 20 24] [ABCD 9 5 25] [DABC 14 9 26] [CDAB 3 14 27] [BCDA 8 20 28] [ABCD 13 5 29] [DABC 2 9 30] [CDAB 7 14 31] [BCDA 12 20 32] /* Round 3. */ /* Let [abcd k s t] denote the operation a = b + ((a + H(b,c,d) + X[k] + T[i]) <<< s). */ /* Do the following 16 operations. */ [ABCD 5 4 33] [DABC 8 11 34] [CDAB 11 16 35] [BCDA 14 23 36] [ABCD 1 4 37] [DABC 4 11 38] [CDAB 7 16 39] [BCDA 10 23 40] [ABCD 13 4 41] [DABC 0 11 42] [CDAB 3 16 43] [BCDA 6 23 44] [ABCD 9 4 45] [DABC 12 11 46] [CDAB 15 16 47] [BCDA 2 23 48] /* Round 4. */ /* Let [abcd k s t] denote the operation a = b + ((a + I(b,c,d) + X[k] + T[i]) <<< s). */ /* Do the following 16 operations. */ [ABCD 0 6 49] [DABC 7 10 50] [CDAB 14 15 51] [BCDA 5 21 52] [ABCD 12 6 53] [DABC 3 10 54] [CDAB 10 15 55] [BCDA 1 21 56] [ABCD 8 6 57] [DABC 15 10 58] [CDAB 6 15 59] [BCDA 13 21 60] [ABCD 4 6 61] [DABC 11 10 62] [CDAB 2 15 63] [BCDA 9 21 64] /* And finally update the state variables */ A+=AA B+=BB C+=CC D+=DD (If you are confused on what ‘<<<’ does, let it be known that it represents a bit-wise rotation to the left, e.g. 110011 <<< 2 = 001111) After this step, the message digest is stored in the state variables (A, B, C, and D). To get it into the hexadecimal form you are used to seeing, output the hex values of each the state variables, least significant byte first. For example, if after the digest: A = 0x01234567; B = 0x89ABCDEF; C = 0x1337D00D D = 0xA5510101 Then the message digest would be: 67452301EFCDAB890DD03713010151A5 And that’s how you calculate MD5 digests of, well, of whatever you want to calculate MD5 digests of. Additional information on the MD5 algorithm can be found in the MD5 RFC (#1321), which I used as my one and only reference in writing this article. In fact, my article’s sole purpose seems to be in slightly simplifying the RFC (that and to serve as a way to get my MD5 class out to the world...). Anyway, RFC #1321 can be found at RFC 1321 (rfc1321) - The MD5 Message-Digest Algorithm. Accompanying code for my article can be obtained by sending me an e-mail or pm asking for it (nicely). Although if it is possible, it would probably be easier on everyone if the source was hosted on the site somewhere. This code is also largely copied from the RFC on MD5, although I encapsulated it in a class and cleaned it up slightly for readability reasons. I also added a few comments on some of the stuff in the header, just to clarify the purpose. The class has been tested and is RFC compatible. I also included a small example program (code only) to demonstrate how to use the class. I hold no responsibility for anything you do with this program or for anything this program does to you. The code was created and compiled successfully using MSVC++ 6, for which I have included a project file and workspace. For the rest of you, some tweaking may be necessary for it to work. http://www.osix.net/modules/article/?id=507

Kw3, ti se scula azi ? In caz afirmativ, la multi ani !

? welcome !

Rat . Remote admin trojan.

"Da cred ca printr-a 12-a am invatat partea de introducere in POO " la noi a fost un curs la care am participat vreo 3 oameni din tot liceul...in a 11-a. in a 12-a se face visual foxpro, dar profa atat de prost preda incat am alergie la orice inseamna baze de date.