Posts
4205
Following
299
Followers
437
Software Engineer at Opinsys Oy
Entrepreneur at Siltakatu Solutions Oy

OpenPGP: 3AB05486C7752FE1
I learned WinDbg kernel mode, sysmon, WMI events, how to setup virtofs shares and how to gain SSH access to a Windows VM.

For the next run I know how to take servercore docker image, extract is tarball, turn that into qcow2, and finally patch that into a Windows image that boots by "fake recovering" it with Windows ISO.

Thus, at least this is the last time I go full-on Windows 11. For the Docker artifacts, look up https://mcr.microsoft.com/.
0
0
1
@miiko exactly 💝
0
0
1

Jarkko Sakkinen

Removed the malware after one month of suffering.

#microsoft #malware
1
2
9
@TalesFromTheArmchair Off-topic: I noticed from your blog BTW that you're using RTIC. I know the author (Per Lindgren) and meeting him on Saturday :-)

https://www.meetup.com/finland-rust-meetup/events/305666104/
1
0
0

Jarkko Sakkinen

I fixed the Windows build of PolkaVM 🥳
0
0
0
@TalesFromTheArmchair Dude! I fixed the Windows build thanks to your suggestion!

Do you have email so that I could put suggested-by tag to the commit?
1
0
0

Jarkko Sakkinen

Edited 1 month ago
I don't know who is this guy but I fully and 100% agree with he says:

https://lwn.net/Articles/1006549/

What can I say, in my opinion FOSDEM sucks. Good to see that there are other people with some common sense.

A decision to cancel also Mozilla's keynote would have at least shown some integrity in the decision making. Not claiming that integrity is completely lost but at least it would be morally and ethically right to admit that this did not go well.

#FOSDEM @fosdem @fosdem_countdown
0
0
0
@TalesFromTheArmchair Not critique for cargo per se because in order to criticize one show the better way (or actually "show the code") but somehow in the "non-generic case" cargo can be a bitch.

One example is custom targets: there should be really within a project directory a directory where they could be deployed and all the tools would automatically discover them. Then one could just use them by name.

I was so sure that I just don't know how to make that happen but I'd presume that it is not possible reflecting e.g. this tutorial:

https://security.googleblog.com/2024/09/deploying-rust-in-existing-firmware.html

I trust that Google would know the way if that would exist.
1
0
0
@mikko aromipesä never forget
0
1
2
@mikko Ehkä se, jos ei olisi ollut konetta, niin olisi ärsyttänyt. Oon syntynyt vuonna 1980, joten tää oli kyllä ennen nettiaikaa :-) BBS-elämä alkoi kylläkin jo vuonna 1993.
1
0
0
@TalesFromTheArmchair Thanks I honestly do appreciate your comment! Anything is really worth of a shot by now ;-)

As per Windows I learned the basics of how to debug NT kernel and now I should be able to start capture the environment of every cargo process launched:

https://social.kernel.org/notice/AqZds7vXTuTxSm2gds

I.e. build from command-line within the directory where rust-toolchain.toml and Cargo.toml reside but otherwise with same arguments as in build.rs and then do the build.rs build. Finally "subtract the sets".

What you're doing is an interesting idea, I will definitely give it a shot. Also wonder does the position of current_dir() call matter (I had it before arg() calls)....
1
0
0

Jarkko Sakkinen

Pre-order without even reading the sample chapter:

https://nostarch.com/art-arm-assembly-volume-1

I would pay 200 for this one TBH even.

#arm #assembly #nostarch
0
0
2

Jarkko Sakkinen

Attached to NT kernel ;-)

Preparatory steps:

  1. winget install microsoft.windbg
  2. Reboot and disable secure boot.
  3. bcdedit -debug on
  4. Reboot.

#windows #nt #kernel #debug

0
0
1
@mikko Se oli luksusta, kun sai olla yksin kotona. Pienimmästäkin yskästä aloin valittamaan, että nyt ei varmaan ole hyvä lähteä muita tartuttamaan :-)
1
0
2
@mikko Tykkäsin olla kipeänä, koska ei tarvinnut mennä kouluun.
1
0
3

Jarkko Sakkinen

Edited 1 month ago
I just mastered Windows kernel debugging and learned how to dig globally all environment data from EPROCESS globally in the system using WinDbg :-)

It can side-effect free (except slowing down) to intervene process creation of NT kernel. I'll post the script as I test it more.

Victory in debugging after two weeks. Now I have at least proper weapons to nail the build issue in PolkaVM guest programs.

The most important skill to write e.g. Windows drivers for what is worth but also do global system tracing.

I tried all other methods but they all suck in some way.

As much I dislike Windows I have to admit that this brings me weird satisfaction ;-)

https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/

#windows #nt #windbg
0
0
0

Jarkko Sakkinen

No T-shirt - no buy-in

https://shop.joinmastodon.org/
0
0
0
Show older