Attention: open in a new window. PDFPrint

How To: Building your own kernel space keylogger

Last Updated on Thursday, 10 June 2010 08:28 Wednesday, 09 June 2010 23:50

The linux kernel has been designed as a very modular piece of software. This allows you to load new kernel modules or kernel space drivers during runtime. To allow mdule loading during runtime, the kernel exports a rich set of symbols for module hookup. The problem of this is, that it is very easy to add your own modules to the kernel and read information from the kernel that you might assume to be protected. This is the way, kernel space rootkits work. In this article, I will show you a very simple example that might make clear, why those rootkits are dangerous and why you should never run applications as root or install kernel modules you do not trust.

The most simple example of a very basic rootkit is a keylogger. A keylogger is able to log every keyboard input you type on your keyboard which includes usernames followed by your probably secret password. To understand the following abstract you should have at least some basic understanding of C programming and you should basically understand, how kernel modules work. If you like to try my code snippets on your own system you should also take a look at this kernel module development guide.

Read more: How To: Building your own kernel space keylogger

Attention: open in a new window. PDFPrint

C# and the char* mess

Last Updated on Wednesday, 19 May 2010 23:12 Wednesday, 19 May 2010 21:17

In this article, I will shortly describe, how you could exchange char-array data between a DLL and C# in different ways. It will contain methods of ANSI and Unicode conversion for Windows CE devices and a way to exchange binary data instead of null terminated strings only.

If you ever tried using C# to access native libraries or non-.NET libraries you might have heard something about P/Invoke and marshalling. Marshalling is used by the .NET runtime to create objects that are passable to .NET. Assume that you have a DLL (dynamic linked library) containing a method called foo that looks like this:

void foo(char* bar) {
// do write some information into char* bar

Ans let's assume, that the method parameter bar of the method foo is a pointer on a char array and the method foo writes some information to the char array. The maximum length of the information written to the array is limited to 256 bytes. So calling the method in C would look somewhat like this:

char result[256];
memset(result, 0, sizeof(result));

Read more: C# and the char* mess

Attention: open in a new window. PDFPrint

Fun with OpenGLs Accumulator

Last Updated on Tuesday, 26 January 2010 23:32 Tuesday, 26 January 2010 22:21

As all modern 3D graphic cards provide a accumulator buffer I just decided to play around with it a little bit as one can create some really nice effects with it. As it name declares, the accumulation buffer can be used to accumulate rendered pictures. It allows some basic functions to write or add the current front or backbuffer (depends on which one is currently activated for drawing) to it while performing a scalar multiplication on the current color values. Which just means that you can multiply every pixel of the picture currently in your front or backbuffer and add it to the color values currently stored in the accumulator. This allows you to combine two (or more) pictures within the accumulation buffer. You also can write the data of the accumulator buffer back to your back or front buffer to show it on your screen.


Read more: Fun with OpenGLs Accumulator

Attention: open in a new window. PDFPrint

Some stereo separation theorie (Part I)

Last Updated on Friday, 06 November 2009 22:54 Friday, 06 November 2009 00:00

Well, after I have discussed, how you should combine your headtracking stuff with OpenGL I will show you, how you can generate some 3D stereo mode for your OpenGL applications. The eye separation will work with Direct3D in the same way, but I tend to use OpenGL as it is a portable graphics library and works great under linux. As not everyone of you might own a NVIDIA Quadro-Card and a stereo display, I will show, how you create anaglyph 3D pictures and extend it on quadbuffered cards afterwards.

I will also show you how you can archieve the effekt of objects appearing in front of your display. This is an effect that is very difficult to archieve as there are many things that can destroy the illusion.


Read more: Some stereo separation theorie (Part I)

Attention: open in a new window. PDFPrint

Window To A Different World

Last Updated on Wednesday, 28 October 2009 17:20 Wednesday, 28 October 2009 17:13

You probably have heard about Jhonny Chung Lee (, the man who connected a wiimote to his computer to use it as a "touch"  Device for a beamer projected. An other project of him was using the wiimote ad a headtracking device. He developed an application that used the position of

his head and used the tracking information within a program showing a simple 3D scene. With this he archieved the illusion of looking through a window as you are able to look around other objects that are near to the screen surface.

Read more: Window To A Different World

Attention: open in a new window. PDFPrint

What time is it, please?

Friday, 25 September 2009 09:57

Reading the current time since 01/01/1970 in milliseconds (or even microseconds) is something, most operating systems provide by system calls. One of the most unpleasent things about it is, that every operating system provides other methods (or at least method names) to read this value. This is not really a problem, if you use higher level languages like Java or something like this, but if you try to develop portable applications using C/C++ you might dislike this.

Read more: What time is it, please?


Page 1 of 2