PenguSniff

This is a simple file integrity monitor/scanner. I started this after the BlackShades incident. Thought it would be a fun project to do, and a great way to learn more about file I/O.
I stopped playing TF2 for a whole day for this?!?!?! ohmygherd so OP.

pengusniffv1 pengusniffv1-2

Calculator

Was bored. Rewrote Qt calculator example with new ‘engine’ and the ability to define expressions with parenthesis. Will probably add more features for the lawlz. Nuff said.

 

Ultron

Ultron, an automatic homework fetcher/parser. I started working on this to reinforce what I learned using Qt. Too bad I don’t have access to my Moodle account anymore, time to add new features.

All of my GUIs look simple and plain. That will be something I will work on when I have time. Learning Qt is pretty fun :)

ultron

 

Moose

Learning how to use the Qt Framework for creating GUIs on Linux. My second application is real simple. I call it Moose. This works the same way as Anonymailer.net, except everything is on your own computer, and you don’t have to worry about third party.

Moose utilizes your local MTA to send emails. Simple GUI allows you to change the To:, From:, Name:, Subject: headers. Depending on how you have your /etc/hosts setup, sending time will differ from a few seconds up to a minute. moose

 

Download: http://micropenguin.net/files/C++/Moose/

Rootkits: Subverting the Windows Kernel [Source/PDF]

This is an extremely useful book on rootkits: Rootkits: Subverting the Windows Kernel

PDF: http://micropenguin.net/files/Other/Rootkits_Subverting_the_Windows_Kernel.pdf

It took me awhile to find all of the source code examples in the book. Since rootkit.com has been taken down, and that is where the book directs you to download from.

These are the examples listed in the book:

InstDrv.zip
migbot.zip
basic_1.zip
basic_hardware.zip
basic_keysniff.zip
HideProcessHookMDL.zip
HybridHook.zip
Klog 1.0.zip
rk_044.zip
strace_Fuzen.zip
SysEnterHook.zip
vice.zip

HaleOS

Development of a simple x64 bit operating system is now in progress! Matt and I are working on creating a PDF that will explain the methodologies of it’s boot/load/run process.
As well as releasing the source code on GitHub. More information can be found here.

Please visit our forums for questions.

P-Warrior

This is an example of a simple P-warrior. A program that stores values in P-Space, that determines which strategy it will use.

_RES equ 0 ;here pmars loads results
_STR equ 1 ;here I store my strategy

res ldp.ab _RES, #0 ;load result last match
str ldp.a _STR, str1 ;load strategy in use
sne.ab #0, res ;check result, win or tie OK
lost add.a #1, str1 ;lost change
mod.a #2, str1 ;secure jump
win stp.ab str1, _STR ;save strategy
str1 jmp @0, imp
dat 0, stream

imp mov imp, imp+1

stream djn.f #100, <-11

end

The execution starts at res. Where the value -1 is loaded into the B-field. Execution continues to label ‘str’. The A-field of _STR is #0, and str1 is 5 addresses forward. Therefore the line for ‘str’ is ldp.a 0, 5. 0 in the P-Space is equal to -1, therefore ldp.a changes str1′s A-Field to -1.

Execution then continues to the if condition sne.ab #0 , res
This checks to see if both A and B fields are equivalent, if they are, execute the next instruction. If not, skip. Since res is equal to -1, they are not equal. Skipping the ‘lost’ label.

mod.a #2, str1
Does the operation -1 % 2 = 1
Making str1′s A-Field equal to 1

stp.ab str1, _STR stores the value of 1 into the 0 space in the P-Space.
Since str1′s A-Field is equal to 1. And _STR is 1, which points to str1. And since str1′s B-Field is equal to 2 (imp is two addresses forward), this stores 1 into the 2 P-field.

Now execution continues to the str1 label.
jmp @1 , 1
The @1 signifies that jmp’s B-field now points to dat 0, stream ‘s B-field. Which is equal to 2.
So str1 becomes:

jmp 1+(2) , 1

Execution jumps to the stream label. And since djn.f’s A-field is a direct/immediate value, it will continuously jump to itself.

Goes 11 addresses behind. Decrement the B value of that address, and then jump from the B value of that address.

assembly hello worlds [intel32]

There are numerous ways to write a hello world program in every programming language. Here are 6 written in 32b assembly using nasm

The top 2 are the std ways of writing this, all the rest are for schittz&gigglz

1-std
1.5-std (NASM style)
2-std using functions
3-writing 1 byte at a time with a forloop
4-pushing 1B, padded so it’s 4B aligned, onto stack, and then writing 1B at a time
5-null-terminated: write until 0×0 encountered
6-pushing string onto stack, and then writing from it

;Guandi97
;std method, the "correct" way to do this

section .text
global _main
_main:
	push 	len
	push	sdr
	push	0x1
	sub	esp,		0x4
	mov	eax,		0x4
	int	0x80
	add	esp,		0x10

	push	0x1
	sub	esp,		0x4		;always 8-byte aligned on intel32
	mov	eax,		0x1
	int	0x80
section .data
sdr	db	"noobie plz",0xa		;consecutive byte sequence, or char array
len	equ	$-sdr				;this is the same as the sizeof() in C

This is an easier way to output a string to the console.

 

;Guandi97
;function call method, the other "correct" way to do this

section .text
global _main
_main:
	push	dword 	sdr
	push 	dword 	len
	call	_rite
	add	esp,		0x8

	push	0x1
	sub	esp,		0x4		;always 8-byte aligned on intel32
	mov	eax,		0x1
	int	0x80
_rite:	push	ebp
	mov	ebp,	esp
	push	dword 	[ebp+0x8]
	push	dword 	[ebp+0xc]
	push	dword	0x1
	sub	esp,		0x4
	mov	eax,		0x4
	int	0x80
	add	esp,		0x10
	pop	ebp
	ret
section .data
sdr	db	"Lunar Republic",0xa
len	equ	$-sdr
;Guandi97
;using a forloop 

;calculate esi,edi
;push args onto stack
;write 1B at a time, and update pointer

section .text
global _main
_main:
	push	ebp
	mov	ebp,		esp	;00
	mov	esi,		sdr
	mov	edi,		esi
	add	edi,		len

	push	dword	0x1		;04
	push	dword 	0x0		;08
	push	dword	0x1		;12
	sub	esp,		0x4	;16

wloops	cmp	esi,		edi
	jge	wloope
	mov	[ebp-0x8],	esi
	mov	eax,		0x4
	int 	0x80
	add	esi,		0x1
	jmp	wloops

wloope	add	esp,		0x10
	push	dword	0x1
	sub	esp,		0x4
	mov	eax,		0x1
	int	0x80
section .data
sdr	db	'twilicorn OP',0xa
len	equ	$-sdr
;Guandi97
;push method

;calculate len 
;push all onto stack
;write 1B at a time

section .text
global _main
_main:
	mov	esi,		sdr
	mov	edi,		esi
	add	esi,		len
ploops	cmp	esi,		edi		;push onto stack
	jl	ploope
	mov	edx,		0x0
	mov	dl,		byte [esi]
	push	edx
	sub	esi,		0x1
	jmp	ploops
ploope	mov	ecx,		0x0
wloops	cmp	ecx,		len		
	jge	wloope
	push	dword 	0x1			;-04
	mov	esi,	esp
	add	esi,	0x4
	push	dword 	esi			;-08			
	push	dword 	0x1			;-12
	sub	esp,		0x4		;-16
	mov	eax,		0x4
	int	0x80
	add	esp,		0x14
	add	ecx,		0x1
	jmp	wloops
wloope	push	dword 	0x1
	sub	esp,		0x4
	mov	eax,		0x1
	int	0x80
section .data
sdr	db	'engieUNion!',0xa
len	equ	$-sdr
;Guandi97
;null terminated while loop

;set edi,esi
;check against 0x0
;write 1B at a time

section .text
global _main
_main:
	push	ebp
	mov	ebp,		esp
	mov	esi,		sdr
	push	dword 	0x1			;04
	push	dword	0x0
	push	dword	0x1
	sub	esp,		0x4
	mov	edi,		ebp
	sub	edi,		0x8
cloops	cmp	byte [esi],	0x0
	je	cloope
	mov	[edi],		esi
	mov	eax,		0x4
	int	0x80
	add	esi,		0x1
	jmp	cloops
cloope	mov	[esp],		dword 0x1
	sub	esp,		0x4	
	mov	eax,		0x1
	int	0x80
section .data
sdr	db	'PootisSpencer here!',0xa,0x0
;Guandi97
;stack byte array method: this method has almost no application irl

;determine esi,edi
;loop esi
;call _byteSStack
;"flush" ebx to stack
;set args, call write

;_byteSStack (8 bit)
	;store in ebx(buffer), accum in eax,
	;shift and add to bl
;_Bflush
	;determin the number of shifts needed to align the fist byte in with the most significant bit in ebx
	;loop shifts

section .text
global _main
_main:
	push	ebp
	mov	ebp,		esp

	mov	edi,		sdr
	mov	esi,		edi
	add	esi,		len
	mov	ebx,		0x0
aloop1s	cmp	esi,		edi
	jle	aloop1e
	call	_byteSStack
	cmp	eax,		0x4		;if eax is full, flush immediately
	jge	bsPush
	jmp	aloop1s
bsPush	push	dword	ebx
	mov	ebx,		0x0
	mov	eax,		0x0
	jmp	aloop1s

aloop1e	cmp	eax,		0x0
	jne	flush
	jmp	end
flush	call	_Bflush				;need to flush manually
	push	dword	ebx
end	push	len		
	mov	edx,		esp
	add	edx,		0x4
	add	edx,		eax
	push	dword 	edx
	push	0x1
	sub	esp,		0x4
	mov	eax,		0x4		;since last 2 args on stack are the same needed for sys_exit(1), interrupt
	int	0x80				;demonstration only, this is bad practice,
	mov	eax,		0x1		;it will confuse both future you, and everybody else who views your code
	int	0x80

_byteSStack:
	sub	esi,		0x1
	shl	ebx,		8		;shift 8b to left
	mov	bl,		byte [esi]
	add	eax,		0x1
	ret
_Bflush:
	mov	edx,		0x4
	sub	edx,		eax
	mov	eax,		edx
	mov	ecx,		0x0
floops	cmp	ecx,		eax		;shift until aligned
	jge	floope
	shl	ebx,		0x8		;shift 8b to left
	add	ecx,		0x1
	jmp	floops
floope	ret
section .data
sdr	db	"AnonyMOOOOOOOOOOooooooooooose",0xa,
len	equ	$-sdr

Minecraft ALU

This is a simple ALU that I made in Minecraft. It has basic functions such as XOR, OR, Adding and Subtracting.
It is not the most efficient, compact or powerful design. There are a lot of designs out there that are ‘better’.