Computer
-
Gephi run on 64bit WindowsComputer/Software 2016. 10. 17. 11:06
I need to draw a huge graph requiring more than 4GB memory. Graphviz or D3JS cannot draw such huge graphs. Gephi is a good choice in this case. However Gephi visualization platform is run on 32bit Java by default. We need to change the configuration in order to run 64bit Java. In C:\Program Files (x86)\Gephi-0.9.1\etc\gephi.conf, deafult_options and jdkhome need to be modified. For example, defa..
-
x64dbg ScyllaHide NtUser* API Address missingComputer/Program Analysis 2016. 9. 20. 15:29
I encountered following message box while I am using x64dbg + scyllahide. In the manual (ScyllaHide.pdf), it says that we need to download NtAPITool.rar and copy NtAPICollection.ini to x64\plugins folder.But the NtAPITool.rar does not fix this error. The OS minor version of the ini file is incorrect. So we need to fix the OS minor version. I am using Windows 8.1, so the OS minor version is 3. So..
-
VMWare Professional 12 on Ubuntu 14.04 LTS amd64Computer/Software 2016. 6. 20. 10:04
I have the following errors after installing. Gtk-Message: Failed to load module "canberra-gtk-module": libcanberra-gtk-module.so: cannot open shared object file: No such file or directoryGtk-Message: Failed to load module "overlay-scrollbar": liboverlay-scrollbar.so: cannot open shared object file: No such file or directoryGtk-Message: Failed to load module "unity-gtk-module": libunity-gtk-modu..
-
Intel Pin 3.0 & Visual Studio 2015 Solution FileComputer/Program Analysis 2016. 4. 20. 11:35
The visual studio solution file in Intel Pin 3.0 needs to be fixed to build onVisual Studio 2015. The solution file at \pin\source\tools\MyPinTool is for Visual Studio 2010. It is converted to Visual Studio 2015 with warnings. The following file describes what is needed to build. https://software.intel.com/sites/default/files/managed/8e/f5/PinCRT.pdf The converted solution file already have most..
-
calling convention in Windows x64 binaryComputer/Program Analysis 2015. 6. 19. 18:42
Visual Studio compiled programs use fastcall calling convention. Functions use RCX, RDX, R8, R9 first. After using them, functions use the stack. In variable argument functions such as printf, stack values are used.
-
How to include ommited function chunk due to faulty dump in hex-rays decompilerComputer/Program Analysis 2015. 4. 6. 17:19
With a faulty dump executable file, some conditional variables are defined although they are undefined in the real executable file. In such cases, hex-rays decomipler misunderstand the conditional expressions have constants and omit code chunks such that the decompiled function code contains small part of the original function. If we undefine the constants, then decompiler contains the ommited a..