title/name | updated by | updated at |
---|---|---|
Why BIOS loads MBR into 0x7C00 in x86 ? | msakamoto-sf | 2017-01-15 16:49:30 |
FrontPage | msakamoto-sf | 2017-01-15 16:48:53 |
Python/Gray Hat Python : reader's memo | msakamoto-sf | 2017-01-14 23:54:34 |
Python/Compile & Installing Pcapy with latest WinPcap-4.1.x | msakamoto-sf | 2010-11-02 22:08:18 |
Python/Installing pydasm and pydbg with Python 2.5, WinXP, VC++2008 Express Edition | msakamoto-sf | 2010-11-02 21:38:07 |
Blog/2010/10/04/"Echo" Server, Client Example using Apache MINA | msakamoto-sf | 2010-10-04 21:25:23 |
Images/2010/10/04/210840/WS000222.jpg | msakamoto-sf | 2010-10-04 21:08:49 |
Images/2010/10/04/174952/WS000221.jpg | msakamoto-sf | 2010-10-04 17:49:59 |
Images/2010/10/04/174932/WS000220.jpg | msakamoto-sf | 2010-10-04 17:49:45 |
Private PDFs for Matt Pietrek's MSJ articles | msakamoto-sf | 2010-09-01 23:31:51 |
Do you know "0x7C00", a magic number, in x86 assembler programming ?
"0x7C00" is the memory address which BIOS loads MBR(Master Boot Record, a first sector in hdd/fdd) into. OS or bootloader developer must assume that their assembler codes are loaded and start from 0x7C00.
But...1st, you may wonder.
"I read all of Intel x86(32bit) programmers manual, but did not found the magic number 0x7C00."
Yes.0x7C00 is NOT related to x86 CPU. It's natural that you couldn't find out it in cpu specifications from intel. Then, you wonder, "Who decided it ?"
2nd, you may wonder:
"0x7C00 is 32KiB - 1024B at decimal number. What's this number means ?"
Anyone decided it. But, why he/she decided such a halfway address?
Hum...There're TWO questions(mysteries) arround the magic number "0x7C00".
Okay, let's dive into the secret of BIOS for "IBM PC 5150", ancestor of modern x86(32bit) PCs, with me...!!
Web Programming Tips and HowTos by msakamoto-sf(Masahiko Sakamoto).
contact:
sakamoto-gsyc-3s@glamenv-septzen.net
Japanese-Blog:
https://www.glamenv-septzen.net/
"Gray Hat Python" is awesome book. This tells us how Python script language helps, extends, and automates reverse engineering and debugging works.
Python and reverse engineering tools presented in this book are almost opensource project (except IDA Pro), so you can begin your Gray-Hat-Python exercize without any moneys, dollers, yens.
But sadly, there's some errors in example script and unexpected runtime-errors. Some of them are purely mistaken, some of them are caused by tools/libs version ups (we can't stop these version ups, because it's open-source.).
So I left my reading memos, covering these errors and avoiding affections from version-ups per every chapters.
And 1st, I reccomend you to read update informations from official "Gray Hat Python" book site:
I bought this book at 2010.06.27. If you buy newer version than me, some problems/errors in this article may have been fixed.
And my environment:
OS : Windows XP SP3 Japanese CPU : Intel PentiumM (cenntrino) 1.2GHz RAM : 1GB Python : Python 2.5 (MSI installer), C:\Python25\python.exe (Python 2.5.2 (r252:60911, Feb 21 2008, 13:11:45) [MSC v.1310 32 bit (Intel)] on win32) Compiler : Microsoft Visual C++ 2008 Express Edition SP1 > cl Microsoft(R) 32-bit C/C++ Optimizing Compiler Version 15.00.30729.01 for 80x86 Copyright (C) Microsoft Corporation. All rights reserved. > link Microsoft (R) Incremental Linker Version 9.00.30729.01 Copyright (C) Microsoft Corporation. All rights reserved.(show all text)
Today I tried to compile & install excellent libpcap python extension "pcapy" on my Windows XP note pc.
Pcapy official page serves exe installer for Python 2.5, WinPcap 4.0.x.
I'm using Python 2.5, but unfortunately, WinPcap-4.1.2 was installed on my note pc.
Hmm... it's time to download pcapy source code, compile, build, and install it.
My NotePC Environments:
OS : Windows XP SP3 Japanese CPU : Intel PentiumM (Centrino) 1.2GHz RAM : 1GB Python : Python 2.5 (installed from MSI installer) Install Directory : C:\Python25
Requirements for this article, compiling pcapy:
Microsoft Visual Studio, C++ MyVersion : Visual C++ 2008 Express Edition SP1(show all text)
Yesterday I tried installing pydbg and pydasm on my notepc.
pydasm is popular, famous library to disassemble machine codes (opcodes).
pydbg is also popular, famous library to build lightweight, extensible debugger for Windows platform.
Actually, pydbg is included in PaiMei, windows platform debugger framework.
The journey was hard, full of struggle and traps with python distutils.
I left these notes, memos, and traps for future person (including myself) who want installing these excellent reverse engineering tools written in python and c.
My notepc environments are:
CPU : Intel Pentium M (Centrino) 1.2GHz RAM : 1GB OS : Windows XP Professional SP3 (Japanese) Python: Python 2.5 (install from MSI installer) Install Dir : C:\Python25 Visual Studio : Visual C++ 2008 Express Edision (SP1) Subversion: TortoiseSVN 1.6.x
We require Subversion to obtain PaiMei later.
"Echo" Server/Client Example using Apache MINA:
FEATURE:
MAIN PURPOSE:
Check memory usage, heap overflow, and out-of-memory behaviours when building Apache MINA applications sending/receiving large size data.
EXAMPLE (EXTREM TRANSMISSION SITUATION):
Server-side GC log sample (10 client connection, 1MB packet, 100ms interval):
;
Blue-line : usage heap.
Gray-vertical-line: gc time.
Server-side java parameter:
-server -Xms200m -Xmx200m -Xloggc:gc.log
No overflow, no out-of-memory. But Full-GCs invoked about every 10 seconds:
;
Black-vertical-line: Full-GC
EXAMPLE 2 (NORMAL SITUATION):
But above case, all traffic packet per second are:
1MB x 10 (1000/100ms) x 10 client= 100MB/sec = 800Mbps(bits/sec)
This is extremely over traffic situation when using 100Mbps ethernet card.
Let's assume we are using 100Mbps ethernet card at next example, and avoid over traffic.
New client-side parameters are :
262,144 bytes, 200ms interval, 10 client -> 262,144 x 5 (1000/200ms) x 10 client = 13,107,200 Bytes/sec = 100M bits/sec (Actually, TCP/IP header sizes should be added, but ignored for convenience.) (Server-side parameter doesn't change)
Stable heap usage, gc invocation, NO Full-GC.
Testing Environment:
Windows XP SP3 Pentium4 2.8GHz (HT) 2GB RAM Java 1.6.12 Apache MINA 1.1.7
I converted HTML to PDFs for some Matt Pietrek's MSJ articles:
MSJ Web Site HTML is not friendly for paper-print usage. Its font size and line width are small, some figures and source code are linked to another popup window, and TABLE tagged legacy HTML layout makes difficult for readers to customize CSS.
So I tried to copy texts to OpenOffice Writer with related figures and source codes, re-format for paper-print friendly.
I don't publish these PDFs in public area because copyrights are reserved by Microsoft.
If you want these PDFs, please contact to sakamoto-gsyc-3s@glamenv-septzen.net .