On a running Linux system, I want to know which device driver module created a particular sysfs entry. Is it possible to know? I know I can grep for relevant strings in the kernel source and try to identify. But, is there a way without doing that?
You can find which driver has created a sysfs entry by going through its source. If the driver uses device_create_file()/device_remove_file() in its init/exit sequences respectively then you can be sure a sysfs attribute file has been created by the driver.
You can also find DEVICE_ATTR(_name, _mode, _show, _store) macro in the source to find out what functionality is provided by the sysfs file.
Usually you can either cat the file or echo a string to it.
A cat /sys/.../file, will correspond to the _show function and an echo /sys/.../file will correspond to the _store function mentioned in the macro.
Related
Trying to reverse a windows executable, I found the function creatfile that tries to open a file in read only mode,
I create the file in the very same directory with the same name given to the function, but it always fail with a error code -1, and I'd like to figure out why.
The value of the eax register after the function call is -1, here is the output of dir command from the very same directory
Any idea why it fails?
The \\.\ notation is not used for ordinary files. It is used for devices. So creating a regular file will not work here. Instead you need to create a device with that name. Those names are also common in device drivers - hence probably the naming of this task.
Refer to section "Win32 Device Namespaces" in Naming Files, Paths, and Namespaces for more info.
I have a model in Modelica language (platform: Dymola). Dymola creates a binary file of model during compiling/translation (dymosim.exe). If binary code export licence is available then a binary file which is standalone representative of original dymola model is created. This can be run on any computer without Dymola licence.
Now, My question is how can I create Gui for around this executable file with following requirements:-
1. It should be able to change in some input parameter values.
2. It should be able to get some output parameter values.
Now as background:-
dymosim.exe takes parameter values as input from text file (dsin.txt) and writes output in another text file (dsres.txt)
Specifically, if one has such binary executable which takes input from a text file and writes output in specific format (of which rules are known) to another text file; then what are some tools to create gui for it?
Look into Dymola's embedded server support (DDE/OPC). Since you are using dymosim.exe, I believe you are using Windows so Dymola's restriction on only Visual Studio 32-bit code for embedded servers will be acceptable. (Most Modelica tools have similar embedded servers, but I don't think they are compatible.)
Dymola dymosim.exe exports its time series results as *.mat files, you should be able to find tools/libraries to handle *.mat format in your GUI.
Also, dsin.txt has its own format, you can try to understand it first (try to find its comments) and then parse it, it's not a text file with random string and number columns.
To use FMI standard is worth to consider in the co-simulation mode which means that a solver is included. Dymola allows to export model as FMU package (in Windows platform it is single DLL with some metadata, in Linux platform it is .SO library) and provides these functions worth to do your steps:
fmiSetReal() will set a parameter value
fmiDoStep()
fmiGetReal() will get the variable value
You can call these functions directly, just unzip FMU package and find the DLL inside and link it directly to your application.
Or recommended way (we did it in our app): use FMI Library providing general C API interacting with a FMU package and controling temporal structures the way you need.
Are there any rules for file extensions? For example, I wrote some code which reads and writes a byte pattern that is only understood by that specific programm. I'm assuming my anti virus programm won't be too happy if I give it the name "pleasetrustme.exe"... Is it gerally allowed to use those extensions? And what about the lesser known ones, like ".arw"?
You can use any file extension you want (or none at all). Using standard extensions that reflect the actual type of the file just makes things more convenient. On Windows, file extensions control stuff like how the files are displayed in Windows Explorer and what happens when you double click on it.
I wrote some code which reads and writes a byte pattern that is only
understood by that specific programm.
A file extension is only an indication of what type of data will be inside, never a guarantee that certain data formatted in a specific way will be inside the file.
For your own specific data structure it is of course always best to choose an extension that is not already in use for other file formats (or use a general extension like .dat or .bin maybe). This also has the advantage of being able to use an own icon without it being overwritten by other software using the same extension - or the other way around.
But maybe even more important when creating a custom (binary?) file format, is to provide a magic number as the first bytes of that file, maybe followed by a file header structure containing a version number etc. That way your own software can first check the header data to make sure it's the right type and version (for example: anyone could rename any file type to your extension, so your program needs to have a way to do some checks inside the file before reading the remaining data).
please consider the microsoft "AVI mux" directshow filter, it have CLSID: {E2510970-F137-11CE-8B67-00AA00A3F1A6}
suppose that, just for an experiment, I want to change this code. I opened the file qcap.dll with WinHex qcap.dll but I can not find this string inside it, then I wonder where is written, if it's written in qcap.dll. Thanks
It is there but it is not a string, it is hardcoded as a binary value. Then you are to consider registration of the DLL, which stands alone from file contents. Whatever you are trying to achieve patching a stock DLL, it is wrong and a no-go for a real task. Not to mention that the file is proceted by System Restore and reversing is likely to be an EULA violation.
I am working on reverse engineering and i wanted to give my own file path without using open dialog box like writing a fixed file path and read a file from that every time the software start.i tried to give the file name in a .data section of the software but it retrieve only the hex number not the string.
Is there any way hooking windows API for file open?or any way to write in memory and to read it every time the software starts?Any advice or direction would be greatly appreciated.
I think that what you may be looking for is "intercepting system call", quick google search came up with this link:
http://jbremer.org/intercepting-system-calls-on-x86_64-windows/ so it should be possible and not too difficult.
Basically if you manage to intercept a call to GetOpenFileName and replace it with custom implementation you should be able to do what you want (that is put hardcoded file path to appropriate buffer in LPOPENFILENAME structure)
As for your attempt to modify compiled code (I assume that what you are referring as reverse engineering is disassembling and modifying binaries) it should be possible to do, but it will require deep knowledge of windows binary architecture and assembly language.