banned.h is an import header file to include in your Windows C++ projects to help avoid introducing security flaws into your application.
The banned.h header file is a sanitizing resource that is designed to help developers avoid using and help identify and remove banned functions from code that may lead to vulnerabilities. Banned functions are those calls in code that have been deemed dangerous by making it relatively easy to introduce vulnerabilities into code during development. For example, if a developer decided to use the strcpy function in his/her code, using banned.h in the same application will generate error(s) when its recompiled telling the developer that strcpy has been deprecated. When the developer investigates why the error is being generated, they will likely figure out that strcpy has been replaced with a more secure version called strcpy_s, that makes it more difficult to make mistakes that lead to simple buffer overflows.
Some thorough documentation on anti-debugging techniques in Windows:
The author of PuTTY has written an excellent primer on native code fundamentals for those coming from higher level languages (Perl, Python, Java, etc).
This article attempts to give a sort of ‘orientation tour’ for people whose previous programming background is in high (ish) level languages such as Java or Python, and who now find that they need or want to learn C.
My favorite part is this, under the section 10. So why is C like this, anyway?:
To a large extent, the answer is: C is that way because reality is that way. C is a low-level language, which means that the way things are done in C is very similar to the way they’re done by the computer itself.
If you were writing machine code, you’d find that most of the discussion above was just as true as it is in C: strings really are very difficult to handle efficiently (and high-level languages only hide that difficulty, they don’t remove it), pointer dereferences are always prone to that kind of problem if you don’t either code defensively or avoid making any mistakes, and so on.
This is awesome.
injdmp is a tool for dumping injected processes and dumping process memory that is marked as RWX. The tool can detect most malware that uses process injection. As of this writing it can dump processes related to Zeus/Citadel, Cridex, Ramnit, Poison Ivy and a number of other families of malware.
GNS3 (Graphical Network Simulator) is an awesome, awesome open-source project:
What is GNS3 ?
GNS3 is an open source software that simulate complex networks while being as close as possible to the way real networks perform. All of this without having dedicated network hardware such as routers and switches.
Our software provides an intuitive graphical user interface to design and configure virtual networks, it runs on traditional PC hardware and may be used on multiple operating systems, including Windows, Linux, and MacOS X.
In order to provide complete and accurate simulations, GNS3 actually uses the following emulators to run the very same operating systems as in real networks:
- Dynamips, the well known Cisco IOS emulator.
- VirtualBox, runs desktop and server operating systems as well as Juniper JunOS.
- Qemu, a generic open source machine emulator, it runs Cisco ASA, PIX and IPS.
Here’s a very well written post by Matt Galloway…this one is about ARM assembly.
When you write Objective-C code, it eventually turns into machine code – the raw 1s and 0s that the ARM CPU understands. In between Objective-C code and machine code, though, is the still human-readable assembly language.
Understanding assembly gives you insight into your code for debugging and optimizing, helps you decipher the Objective-C runtime, and also satisfies that inner nerd curiosity.
In this iOS assembly tutorial, you’ll learn:
- What assembly is – and why you should care about it.
- How to read assembly – in particular, the assembly generated for Objective-C methods.
- How to use the assembly view while debugging – useful to see what is going on and why a bug or crash has occurred.