In Windows Vista x64, drivers are required to be signed by someone holding a VeriSign code certificate or they won’t load. There is no way to (permanently) disable this signing even if you are Administrator. The F8 startup menu has an option to disable it, but you must select it every time you boot up. Microsoft’s claimed reason for this is that it prevents Trojans from installing kernel-mode rootkits. That is a load of crap.
Myria
Black Hat letdown
I went to Black Hat over Wednesday and Thursday. The presentation most people wanted to see (including me) was Joanna Rutkowska breaking the Vista x64 driver signing that I hate so much. I wanted to see what trick she’d found. I was let down, however, when she presented her technique.
Win32's MulDiv
In Win32, there is an API call called “MulDiv”:
The C ! operator
In C, the ! (“logical NOT”) operator used on a value x evaluates to 0 when x is not 0, and 1 when x is 0. In other words, it’s equivalent to the following C:
Microsoft changes CS value in Win64
I just found out the hard way that in 32 bit programs under Win64, the value of CS changed. In Win32, the value of CS is 0x001B. In 32 bit programs under Win64, it’s 0x0023. This will probably break some programs, especially debuggers.
Simple compiler optimization
I thought of an optimization that compilers for most CPUs could do that I think should be implemented. Let’s say you have C code like this:
Puzzle: PowerPC Flag Simulation on x86
This week’s puzzle is to copy the carry flag to the high bit of ah. You may destroy any other register, the flags, and the other 24 bits of eax. Shortest sequence wins.
First assembly puzzle!
This is our first assembly language puzzle for the new site! These puzzles are tests to see whether you are good enough of an assembly nerd, and to learn some tricks if you’re not =^_^=