I just want to wait until after Christmas before making any decisions. Of course by that time the Intel dual core laptops will be just around the corner. Rockdirect have been selling dual core laptops for a while. I need to see some reviews about them. Fun for all the family.
iTunes, explorer, context menus and stalled music
Ooh! this one really annoys me. I’m using iTunes for syncing with my iPod. But when I’m playing music on the desktop if I right-click on anything in the explorer and don’t select something really fast iTunes stops playing the music. What a piece of junk.
More phishing
I got an email purporting to be from paypal, asking me to download a security tool that will help protect my computer. Well guess what, it doesn’t (well duh!). It turns out to be changing the NameServer entries for all the interfaces in in the registry keys under SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces to something else. Firing up a disassembler, we find out that the value it’s trying to set is:
aRstpuucpuucpur db 90h ; DATA XREF: start+Ao start+101o ... db 98h ; db 92h ; db 8Fh ; db 93h ; db 93h ; db 96h ; db 8Fh ; db 93h ; db 93h ; db 96h ; db 8Fh ; db 93h ; db 90h ; db 99h ; db 0 ;
Not surprisingly, this is not a kosher string, it’s been encoded. One of the first things the code does is decode this, using the following bit of code
sub_0_40107E proc near ; CODE XREF: start+Fp arg_0 = dword ptr 4 mov eax, [esp+arg_0] mov ecx, eax mov dl, [eax] loc_0_401086: ; CODE XREF: sub_0_40107E+15j test dl, dl jz short locret_0_401095 xor dl, 0A1h mov [ecx], dl mov dl, [ecx+1] inc ecx jmp short loc_0_401086
<sarcasm>Terribly complicated</sarcasm>. The code xor’s each value in the string with 0A1h. We can step by step this, or you can trust me that it’s 193.227.227.218. A traceroute reveals that it’s probably somewhere in romania (.ro top level domain)
Tracing route to 193.227.227.218 over a maximum of 30 hops 1 1 ms <1 ms <1 ms 10.0.0.71 2 57 ms 21 ms 23 ms b-ras1.lmk.limerick.eircom.net [159.134.155.24] 3 21 ms 22 ms 20 ms ge15-2.corea.lmk.limerick.eircom.net [83.71.114.97] 4 36 ms 36 ms 35 ms 83.71.112.94 5 36 ms 40 ms 39 ms london1-br2-fe0-0.rdsnet.ro [195.66.226.46] 6 54 ms 53 ms 52 ms fra2-cr1-ge5-0.539.rdsnet.ro [62.231.127.89] 7 * * * Request timed out. 8 89 ms 90 ms 87 ms constanta1-cr1-vlan25.rdsct.ro [212.93.137.51] 9 94 ms 88 ms 96 ms constanta1-fo-vlan10.rdsct.ro [212.93.137.10] 10 89 ms 101 ms 90 ms 81.196.163.89 11 95 ms 95 ms 101 ms cr1.micos.ro [193.227.226.254] 12 91 ms 96 ms 97 ms 193.227.227.218
The short answer is never run code that you’re uncertain of the origin of, and 2. never run code that you’re uncertain of the origin of.
Quick XOR tutorial. Exclusive OR. Either A is true or B is true but not both. so 0 xor 0 = 0, 0 xor 1 = 1, 1 xor 0 = 1, 1 xor 1 = 0. Each hex digit is a run of 4 binary numbers. 0 = 0000, 9 = 1001, A = 1010, F = 1111.
90h xor 0A1h == 1001 0000 xor 1010 0001 = 0011 0001 = 31
Conveniently, 30h = ‘0’, 39h = ‘9’ and 2eh = ‘.’, so it’s easy to translate them.
Patch Wednesday
9 XP patches today. I think it was the same last month. This is not a good track record, and wreaks havok on attempting to create a pre-patched OS image for reinstallation.
All Upgraded
Well we’re all upgraded to MT-3.2 here. There are a few changes. There’s a bug in the archive listing code – The loop counter is incremented three times, during the loop, rather than the once it should be.
I’ve introduced dynamic theming. The menu option is yet to come, but click the links below to see the different themes on offer.
Old Theme (Using Helvetica) Theme,
Old Theme (Using Verdana) Theme,
Default 3.2 Theme (Vicksburg) Theme,
Beckett Theme,
Folio Theme,
Masala Theme
Powell Street Theme
*** ContextHandlers.pm 2005-09-20 22:34:21.000000000 +0100
--- /home/petesh/.backup/ContextHandlers.pm~ 2005-09-20 22:32:47.000000000 +0100
***************
*** 2162,2171 ****
my ($next_cnt, @next_grp) = $group_iter->();
while ((($cnt, @grp) = ($next_cnt, @next_grp)) && defined($cnt)) {
my($start, $end) = $sec_ts->($ctx, \@grp);
- # Changed by Pete Shanahan - too many i++'s
$i++;
($next_cnt, @next_grp) = $group_iter->();
! $last = 1 if $n && $i >= $n-1;
$last = 1 unless $next_cnt;
local $ctx->{current_timestamp} = $start;
local $ctx->{current_timestamp_end} = $end;
--- 2162,2170 ----
my ($next_cnt, @next_grp) = $group_iter->();
while ((($cnt, @grp) = ($next_cnt, @next_grp)) && defined($cnt)) {
my($start, $end) = $sec_ts->($ctx, \@grp);
$i++;
($next_cnt, @next_grp) = $group_iter->();
! $last = 1 if $n && $i++ >= $n-1;
$last = 1 unless $next_cnt;
local $ctx->{current_timestamp} = $start;
local $ctx->{current_timestamp_end} = $end;
***************
*** 2182,2188 ****
return $ctx->error( $builder->errstr );
$res .= $out;
$first = 0;
! last if $n && $i >= $n-1;
}
} else {
my $iter = MT::Entry->load_iter({ blog_id => $blog->id,
--- 2181,2187 ----
return $ctx->error( $builder->errstr );
$res .= $out;
$first = 0;
! last if $n && $i++ >= $n-1;
}
} else {
my $iter = MT::Entry->load_iter({ blog_id => $blog->id,