giovedì 22 settembre 2011

how to use OleCreatePictureIndirect for ResizePicture (...)

Public Type PictGuid
Data1 As Long
Data2 As Integer
Data3 As Integer
Data4(7) As Byte
End Type

Public Type PictDescGeneric
pdgSize As Long
pdcPicType As Long
pdcHandle As Long
pdcExtraA As Long
pdcExtraB As Long
End Type

Public Declare Function StretchBlt Lib "gdi32" (ByVal hdc As Long, ByVal X As Long, ByVal Y As Long, ByVal nWidth As Long, ByVal nHeight As Long, ByVal hSrcDC As Long, ByVal xSrc As Long, ByVal ySrc As Long, ByVal nSrcWidth As Long, ByVal nSrcHeight As Long, ByVal dwRop As Long) As Long
Public Declare Function SelectObject Lib "gdi32" (ByVal hdc As Long, ByVal hObject As Long) As Long
Public Declare Function CreateCompatibleDC Lib "gdi32" (ByVal hdc As Long) As Long
Public Declare Function DeleteDC Lib "gdi32" (ByVal hdc As Long) As Long
Public Declare Function CreateCompatibleBitmap Lib "gdi32" (ByVal hdc As Long, ByVal nWidth As Long, ByVal nHeight As Long) As Long
Public Declare Function DeleteObject Lib "gdi32" (ByVal hObject As Long) As Long
Public Declare Function OleCreatePictureIndirect Lib "olepro32.dll" (lpPictDesc As PictDescGeneric, riid As PictGuid, ByVal fPictureOwnsHandle As Long, ipic As IPicture) As Long

Public Function ResizePicture(Pic As StdPicture, lWidth As Long, lHeight As Long) As StdPicture
Dim PicDC As Long
Dim PicBM As Long
Dim PicOBJ As Long
Dim Pic2DC As Long
Dim PicGUID As PictGuid
Dim PicDesc As PictDescGeneric
PicDC = CreateCompatibleDC(0)
PicBM = CreateCompatibleBitmap(0, lWidth, lHeight)
PicOBJ = SelectObject(PicDC, PicBM)
Pic2DC = CreateCompatibleDC(0)
SelectObject Pic2DC, Pic.Handle
StretchBlt PicDC, 0, 0, lWidth, lHeight, Pic2DC, 0, 0, Pic.Width, Pic.Height, vbSrcCopy
DeleteDC Pic2DC
SelectObject PicDC, PicOBJ
With PicGUID
.Data1 = &H7BF80980
.Data2 = &HBF32
.Data3 = &H101A
.Data4(0) = &H8B
.Data4(1) = &HBB
.Data4(3) = &HAA
.Data4(5) = &H30
.Data4(6) = &HC
.Data4(7) = &HAB
End With
With PicDesc
.pdgSize = Len(PicDesc)
.pdcPicType = 1
.pdcHandle = PicBM
End With
OleCreatePictureIndirect PicDesc, PicGUID, 1, ResizePicture
DeleteDC PicDC
DeleteObject PicBM
End Function

mercoledì 21 settembre 2011

2 way to create a VB Picture from a GDI Picture Handle

*********************
1: (es: Picture added to ImageList)
*********************

    Dim hndRsrc As Long
    Dim tPicConv As PictDesc
    Dim IGuid As GUID
    Dim arrNewPic As Picture


    hndRsrc = ExtractIcon(App.hInstance, filenameAppz, indexIcon)

    With tPicConv
        .cbSizeofStruct = Len(tPicConv)
        .PicType = TYPE_ICON
        .hImage = hndRsrc '<<<< associate to tPicConv(PictDesc)
    End With

    With IGuid
        .Data1 = &H7BF80980 'IPicture    {7BF80980-BF32-101A-8BBB-00AA00300CAB}  interface
        .Data2 = &HBF32
        .Data3 = &H101A
        .Data4(0) = &H8B
        .Data4(1) = &HBB
        .Data4(2) = &H0
        .Data4(3) = &HAA
        .Data4(4) = &H0
        .Data4(5) = &H30
        .Data4(6) = &HC
        .Data4(7) = &HAB
    End With

    OleCreatePictureIndirect tPicConv, IGuid, True, arrNewPic
    indexImageList = indexImageList + 1
    Form1.ImageList.ListImages.Add indexImageList, , arrNewPic               
    Form1.List.ListItems.Add , , "string blabla", , , indexImageList

*********************
2: (create a control Picture1 on Form as store temporary)
*********************
* es: indexIcon=-123 (-123 must really match in the icon)

    hndRsrc = ExtractIcon(App.hInstance, filenameAppz, indexIcon)
    ret = DrawIconEx(Form1.Picture1.hdc, 0, 0, hndRsrc, 24, 24, 0, 0, 3)
    Form1.Picture1.Refresh
    indexImageList = indexImageList + 1
    Form1.ImageList.ListImages.Add indexImageList, , Form1.Picture1.Image
    Form1.List.ListItems.Add , , "string blabla", , indexImageList


************************************************
* Format IPicture (COM)

'IPicture    {7BF80980-BF32-101A-8BBB-00AA00300CAB}  interface
'              Prop Get  Handle  (), Ret:VT_INT
'              Prop Get  hPal    (), Ret:VT_INT
'              Prop Get  Type    (), Ret:VT_I2
'              Prop Get  Width   (), Ret:VT_I4
'              Prop Get  Height  (), Ret:VT_I4
'              Method    Render  (hdc:VT_INT, x:VT_I4, y:VT_I4, cx:VT_I4, cy:VT_I4, xSrc:VT_I4, ySrc:VT_I4, cxSrc:VT_I4, cySrc:VT_I4, prcWBounds:VT_VOID), Ret:VT_HRESULT
'              Prop Put  hPal    (), Ret:VT_INT
'              Prop Get  CurDC   (), Ret:VT_INT
'              Method    SelectPicture   (hdcIn:VT_INT, phdcOut:VT_INT, phbmpOut:VT_INT), Ret:VT_HRESULT
'              Prop Get  KeepOriginalFormat  (), Ret:VT_BOOL
'              Prop Put  KeepOriginalFormat  (), Ret:VT_BOOL
'              Method PictureChanged(), ret: VT_HRESULT
'              Method    SaveAsFile  (pstm:VT_VOID, fSaveMemCopy:VT_BOOL, pcbSize:VT_I4), Ret:VT_HRESULT
'              Prop Get  Attributes  (), Ret:VT_I4
'              Method    SetHdc  (hdc:VT_INT), Ret:VT_HRESULT

*****************************************************************
** Result: Icon On ListView
*****************************************************************

Create a VB Picture from a GDI Picture Handle

This tip shows you how create a VB Picture object from an GDI bitmap handle (hBitmap). This is useful if you are trying to provide VB users with a picture they can use from a GDI class.
Start a new project and add a module. Then add the following code:
Private Type PictDesc
    cbSizeofStruct As Long
    picType As Long
    hImage As Long
    xExt As Long
    yExt As Long
End Type

Private Type Guid
    Data1 As Long
    Data2 As Integer
    Data3 As Integer
    Data4(0 To 7) As Byte
End Type

Private Declare Function OleCreatePictureIndirect Lib "olepro32.dll" ( _
      lpPictDesc As PictDesc, _
      riid As Guid, _
      ByVal fPictureOwnsHandle As Long, _
      ipic As IPicture _
    ) As Long

Public Function BitmapToPicture(ByVal hBmp As Long) As IPicture

   If (hBmp = 0) Then Exit Function

   Dim NewPic As Picture, tPicConv As PictDesc, IGuid As Guid

   ' Fill PictDesc structure with necessary parts:
   With tPicConv
      .cbSizeofStruct = Len(tPicConv)
      .picType = vbPicTypeBitmap
      .hImage = hBmp
   End With

   ' Fill in IDispatch Interface ID
   With IGuid
      .Data1 = &H20400
      .Data4(0) = &HC0
      .Data4(7) = &H46
   End With

   ' Create a picture object:
   OleCreatePictureIndirect tPicConv, IGuid, True, NewPic
   
   ' Return it:
   Set BitmapToPicture = NewPic

End Function

To try out a the function, add a Command Button and a Picture Box to your project's form. Copy a bitmap to the project's directory, and rename it TEST.BMP.
Then add this code to the form:
Option Explicit

Private Declare Function LoadImage Lib "user32" Alias "LoadImageA" _
    (ByVal hInst As Long, ByVal lpsz As String, _
    ByVal iType As Long, _
    ByVal cx As Long, ByVal cy As Long, _
    ByVal fOptions As Long) As Long

' iType options:
Private Const IMAGE_BITMAP = 0
Private Const IMAGE_ICON = 1
Private Const IMAGE_CURSOR = 2
' fOptions flags:
Private Const LR_LOADMAP3DCOLORS = &amp;H1000
Private Const LR_LOADFROMFILE = &amp;H10
Private Const LR_LOADTRANSPARENT = &amp;H20


Private Sub Command1_Click()
Dim hIcon As Long
    ' Load bitmap called Test.bmp from the directory:

    hIcon = LoadImage(App.hInstance, _
        App.Path &amp; "\TEST.BMP", IMAGE_BITMAP, _
        0, 0, _
        LR_LOADFROMFILE Or LR_LOADMAP3DCOLORS)
    ' Set the picture to this bitmap:
    Set Picture1.Picture = BitmapToPicture(hIcon)
End Sub

lunedì 19 settembre 2011

how to calculate the base address ntoskrnl whit kd or windbg

open kd.exe/windbg and connect at kernel with vmware by pipe ....


****(struct _KPCR  = Kernel Processor Control Region) ******
enter "!pcr"

kd> !pcr
KPCR for Processor 0 at ffdff000:
    Major 1 Minor 1
        NtTib.ExceptionList: 805494b0
            NtTib.StackBase: 80549cf0
           NtTib.StackLimit: 80546f00
         NtTib.SubSystemTib: 00000000
              NtTib.Version: 00000000
          NtTib.UserPointer: 00000000
              NtTib.SelfTib: 00000000
                    SelfPcr: ffdff000 <<<<<<<<START _KPCR
                       Prcb: ffdff120
                       Irql: 00000000
                        IRR: 00000000
                        IDR: ffffffff
              InterruptMode: 00000000
                        IDT: 8003f400
                        GDT: 8003f000
                        TSS: 80042000
              CurrentThread: 80552740
                 NextThread: 00000000
                 IdleThread: 80552740
                  DpcQueue:




(_KPCR -> address 0xffdff000)

enter "dt _KPCR ffdff000"

kd> dt _KPCR ffdff000
nt!_KPCR
   +0x000 NtTib            : _NT_TIB
   +0x01c SelfPcr          : 0xffdff000 _KPCR
   +0x020 Prcb             : 0xffdff120 _KPRCB
   +0x024 Irql             : 0 ''
   +0x028 IRR              : 0
   +0x02c IrrActive        : 0
   +0x030 IDR              : 0xffffffff
   +0x034 KdVersionBlock   : 0x80545ab8  <<<<<<<<< it points at _DBGKD_GET_VERSION64
   +0x038 IDT              : 0x8003f400 _KIDTENTRY
   +0x03c GDT              : 0x8003f000 _KGDTENTRY
   +0x040 TSS              : 0x80042000 _KTSS
   +0x044 MajorVersion     : 1
   +0x046 MinorVersion     : 1
   +0x048 SetMember        : 1
   +0x04c StallScaleFactor : 0xa3e
   +0x050 DebugActive      : 0 ''
   +0x051 Number           : 0 ''
   +0x052 Spare0           : 0 ''
   +0x053 SecondLevelCacheAssociativity : 0 ''
   +0x054 VdmAlert         : 0
   +0x058 KernelReserved   : [14] 0
   +0x090 SecondLevelCacheSize : 0
   +0x094 HalReserved      : [16] 0
   +0x0d4 InterruptMode    : 0
   +0x0d8 Spare1           : 0 ''
   +0x0dc KernelReserved2  : [17] 0
   +0x120 PrcbData         : _KPRCB
enter "dt _DBGKD_GET_VERSION64 0x8054c738"

kd> dt _DBGKD_GET_VERSION64 80545ab8
nt!_DBGKD_GET_VERSION64
   +0x000 MajorVersion     : 0xf
   +0x002 MinorVersion     : 0xa28
   +0x004 ProtocolVersion  : 6
   +0x006 Flags            : 2
   +0x008 MachineType      : 0x14c
   +0x00a MaxPacketType    : 0xc ''
   +0x00b MaxStateChange   : 0x3 ''
   +0x00c MaxManipulate    : 0x2d '-'
   +0x00d Simulation       : 0 ''
   +0x00e Unused           : [1] 0
   +0x010 KernBase         : 0xffffffff`804d7000  <<<<<< BASE KERNEL
   +0x018 PsLoadedModuleList : 0xffffffff`80553fc0
   +0x020 DebuggerDataList : 0xffffffff`80677ef4

*** TEST: IS NTOSKRNL? ****

kd> db 804d7000
804d7000  4d 5a 90 00 03 00 00 00-04 00 00 00 ff ff 00 00  MZ..............
804d7010  b8 00 00 00 00 00 00 00-40 00 00 00 00 00 00 00  ........@.......
804d7020  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
804d7030  00 00 00 00 00 00 00 00-00 00 00 00 e0 00 00 00  ................
804d7040  0e 1f ba 0e 00 b4 09 cd-21 b8 01 4c cd 21 54 68  ........!..L.!Th
804d7050  69 73 20 70 72 6f 67 72-61 6d 20 63 61 6e 6e 6f  is program canno
804d7060  74 20 62 65 20 72 75 6e-20 69 6e 20 44 4f 53 20  t be run in DOS
804d7070  6d 6f 64 65 2e 0d 0d 0a-24 00 00 00 00 00 00 00  mode....$.......

OK IS KERNEL!

Be a Story Weaver, NOT a Story Mechanic!

by Melanie Anne Phillips

Too many writers fall into the trap of making Structure their Story God. There's no denying that structure is important, but paying too much attention to structure can destroy your story.
We have all seen movies and read novels that feel like "paint by numbers" creations. Sure, they hit all the marks and cover all the expected relationships, but they seem stilted, uninspired, contrived, and lifeless.
The authors of such pedestrian fare are Story Mechanics. A Story Mechanic is a writer who constructs a story as if it were a machine. Starting with a blueprint, the writer gathers the necessary dramatic components, assembles the gears and pulleys, tightens all the structural nuts and bolts, and then tries to make the story interesting with a fancy paint job.
But there is another kind of writer who creates a different kind of story. These Story Weavers begin with subjects or concepts about which they are passionate and let the structure suggest itself from the material. They see their players as people before they consider them as characters. Events are happenings before they become plot. Values precede theme and the story develops a world before it develops a genre.
A book or movie written by a Story Weaver is involving, riveting, and compelling. It captures the fullness of human emotion, and captivates the mind.
Although some writers are natural born StoryWeavers, there is still hope for the rest of us. In fact, you can become a StoryWeaver just by practicing a few select techniques until they become second nature.
First, clear your mind of any thoughts about characters, plot, theme, and genre. Avoid any consideration of character arc, hero's journey, acts, scenes, sequences, beats, messages, premises, settings, atmosphere, and formulas. In short - don't give structure a second thought.
Now work to create a world in which people live and interact, things happen, meaning can be found and the environment is intriguing. To do this, we'll progress through four different stages of story creation: Inspiration, Development, Exposition, and Storytelling.

Stage One - Inspiration
Inspiration can come from many sources: a conversation overheard at a coffee shop, a newspaper article, or a personal experience to name a few. And, inspiration can also take many forms: a snippet of dialogue, a bit of action, a clever concept, and so on.
If you can't think of a story idea to save your life, there are a few things you can do to goose the Muse.
First of all, consider your creative time. Some people consistently find inspiration in the morning, others in the afternoon, evening or even in the dead of night. Some people are more creative in the summer and can't write worth a darn in the other three seasons. There are authors who work in cycles and those who come up with ideas in spurts. The key to using your creative time is to keep a log of your most fertile moments and then plan ahead to keep that kind of time open for further inspirations.
And don't neglect your creative space either. There are authors who go off to a mountain cabin to write. Some like lots of noise or babble, like a city street below their open window or an all-news station on the radio as background. There are writers who prefer a cluttered room because it engenders chaos, which leads to serendipity. Others can't think a lick unless everything is orderly, neat and in its place. Creative space includes the clothes you wear while writing. There are those who wear hats when developing characters and others who pantomime action sequences to get in the feel of it.
Open yourself to different writing media. If you only use a desktop computer, try a laptop, a palm organizer with a folding keyboard, long hand on a pad, or a digital voice recorder. And don't be afraid to switch around any of these from time to time and mood to mood.
If you still can't come up with an idea, try the Synthesis Technique. In brief, you want to subject yourself to two disparate sources of information. For example, put a talk radio program on while reading a magazine or watching television and let the odd juxtaposition spur your notions.
Finally, if all else fails, try using Nonsense Words. Just jot down three random words, such as "Red Ground Rover." Then, write as many different explanations as you can for what that phrase might mean. For example, Red Ground Rover might be:

1. A red dog named rover whose legs are so short his belly rubs the ground.
2. The Martian Rover space vehicle on the red planet's surface.
3. Fresh hamburger made from dog
Your list might go on and on. Now most of these potential meanings might be pure rubbish, but occasionally a good idea can surface. If the first three words don't work, try three different ones. And, in the end, even if you don't find an idea directly from your explanations of each phrase, you'll have so stocked the creative spirit that you will find yourself far more prone to inspiration than before you started the exercise.
Use these inspiration techniques to come up with a log line for your story. A log line is simply a one- or two-sentence description of what your story is about in general. They are the same kind of short descriptions you find in TV Guide or in your cable or satellite TV guide.
A sample log line might be, "The marshal in an old western town struggles to stop a gang that is bleeding the town dry."

Stage Two - Development
Once you've been inspired enough to create a log line, you can move into the second stage of Story Weaving: Development. Here is where you take your basic concept and flesh it out with lots more detail.
In Development you'll begin to populate your story with people you might like to write about, work out some of the things that will happen in your story, and establish the world or environment in which it takes place. These efforts will ultimately result in your characters, plot, theme, and genre.
There are many Story Weaving techniques for the Development stage, but one of the most powerful is to project your world beyond what is specifically stated in the log line.
As an example, let's use the log line from above: "The marshal in an old western town struggles to stop a gang that is bleeding the town dry." Now let's see how we can expand that world to create a whole group of people who grow out of the story, some of whom will ultimately become our characters.
The only specifically called-for characters are the marshal and the gang. But, you'd expect the gang to have a leader and the town to have a mayor. The marshal might have a deputy. And, if the town is being bled dry, then some businessmen and shopkeepers would be in order as well.
Range a little wider now and list some characters that aren't necessarily expected, but wouldn't seem particularly out of place in such a story.
Example: A saloon girl, a bartender, blacksmith, rancher, preacher, schoolteacher, etc.
Now, let yourself go a bit and list a number of characters that would seem somewhat out of place but still explainable in such a story.
Example: A troupe of traveling acrobats, Ulysses S. Grant, a Prussian Duke, a bird watcher.
Finally, pull out all the stops and list some completely inappropriate characters that would take a heap of explaining to your reader/audience if they showed up in your story.
Example: Richard Nixon, Martians, the Ghost of Julius Caesar
Although you'll likely discard these characters, just the process of coming up with them can lead to new ideas and directions for your story.
For example, the town marshal might become more interesting if he was a history buff, specifically reading about the Roman Empire. In his first run-in with the gang, he is knocked out cold with a concussion. For the rest of the story, he keeps imagining the Ghost of Julius Caesar giving him unwanted advice.
This same kind of approach can be applied to your log line to generate the events that will happen in your story, the values you will explore, and the nature of your story's world (which will become your genre).

Stage Three - Exposition
The third stage of Story Weaving is to lay out an Exposition Plan for your story. By the time you complete the Development Stage, you will probably have a pretty good idea what your story is about. But your audience knows nothing of it - not yet - not until you write down what you know.
Of course, you could just write, "My story's goal is to rid the town of the gang that is bleeding it dry. The marshal is the protagonist, and he ultimately succeeds, but at great personal cost."
Sure, it's a story, but not a very interesting one. If you were to unfold your story in this perfunctory style, you'd have a complete story that felt just like that "paint by numbers" picture we encountered earlier.
Part of what gives a story life is the manner in which story points are revealed, revisited throughout the story, played against each other and blended together, much as a master painter will blend colors, edges, shapes and shadows.
As an example, let's create an Exposition Plan to reveal a story's goal. Sometimes a goal is spelled out right at the beginning, such as a meeting in which a general tells a special strike unit that terrorists have kidnapped a senator’s daughter and they must rescue her.
Other times, the goal is hidden behind an apparent goal. So, if your story had used the scene described above, it might turn out that it was really just a cover story and, in fact, the supposed "daughter" was actually an agent who was assigned to identify and kill a double agent working on the strike team.
Goals may also be revealed slowly, such as in The Godfather, where it takes the entire film to realize that the goal is to keep the family alive by replacing the aging Don with a younger member of the family.
Further, in The Godfather, as in many Alfred Hitchcock films, the goal is not nearly as important as the chase or the inside information or the thematic atmosphere. So don't feel obligated to elevate every story point to the same level.
Let your imagination run wild. Jot down as many instances as come to mind in which the particular story point comes into play. Such events, moments or scenarios enrich a story and add passion to a perfunctory telling of the tale.
One of the best ways to do this is to consider how each story point might affect other story points. For example, each character sees the overall goal as a step in helping them accomplish their personal goals. So, why not create a scenario where a character wistfully describes his personal goal to another character while sitting around a campfire? He can explain how achievement of the overall story goal will help him get what he personally wants.
An example of this is in the John Wayne classic movie, The Searchers. John Wayne's character asks an old, mentally slow friend to help search for the missing girl. Finding the girl is the overall goal. The friend has a personal goal: he tells Wayne that he just wants a roof over his head and a rocking chair by the fire. This character sees his participation in the effort to achieve the goal as the means of obtaining something for which he has personally longed.

Stage Four - Storytelling
By the time you've created an Exposition Plan for each story point you worked on in the Development phase, you'll have assembled a huge number of events, moments, and scenarios. There's only one thing left to do: tell your story!
Storytelling is a multi-faceted endeavor. It incorporates style, timing, blending of several story points into full-bodied scenes, sentence structure, grammar, vocabulary, and good old-fashioned charisma.
Later in this book we’ll explore a number of different storytelling techniques in great detail. But in this introduction to StoryWeaving I want to address the primary storytelling problem writers encounter – a passionless presentation of what would otherwise be an intriguing story.
Story Mechanics often get stuck at this point in story development. They are so taken with the "perfect" structure they have created, they tend to anguish over the opening sentence when finally sitting down to write the story. Eventually, after writing with the problem for far too long, they write one great line and then become so intimidated by its grandeur they are afraid to write anything else lest it not measure up to that initial quality!
Fact is, you're only as good as your own talent - GET OVER IT! Don't grieve over every phrase to try and make yourself look better than you are. Just spew out the words and get the story told. Something not up to snuff? That's what re-writes are for!
Another common problem is the inability to let loose, emotionally. Each of us is born a passionate human being. But we quickly learn that the world does not appreciate all our emotional expressions. In no time, we develop a whole bag of behaviors that don't truly reflect who we really are. But, they do help us get by.
Problem is, these false presentations of our selves appear to be our real selves to everyone else. They cause others to give us presents we don't really want, drive us to make friendships with people we don't really like, and even marry people we don't really love!
This false life we develop is a mask, but by no means is it always a well-fitting one. In fact, it chafes against the real "us." The emotional irritation could be eliminated if we removed the mask, but then we might lose our jobs, friends, and lovers because they might find the actual people we are to be total strangers and not someone they like.
So instead, we just tighten the mask down so hard it becomes an exoskeleton, part of what we call "ourselves." In fact, after a time, we forget we are even wearing a mask. We come to believe that this is who we really are.
Now, try getting in touch with your passions through that! The mask dampens any emotional energy we have and our writing dribbles out like pabulum. Even the most riveting story becomes dulled by such storytelling.
Want to really be passionate in your storytelling? Then try this: Lock the doors, take the phone off the hook, search for hidden video cameras, and then sit down to write. For just one page, write about the one thing about yourself you are most afraid that anyone would ever find out.
By writing about your most shameful or embarrassing trait or action you will tap right through that mask into your most powerful feelings, and a gusher of passion will burst out of the hole.
Once you know where to find the oil field of your soul, you can drill down into it any time you like. Of course, every time you draw from that well you put more cracks in the mask. Eventually, the darn thing might shatter altogether, leaving you unable to be anyone but yourself with your boss, your friends, and your lover. Downside risk: you might lose them all. But, you'll be a far better writer!
And finally, go for broke. Exaggerate and carry everything you do to the extreme. It is far easier to go overboard and then temper it back in a re-write than to underplay your work and have to try and beef it up.
Remember, there is only one cardinal sin in Story Weaving, and that is boring your audience!
Having outlined all four stages of StoryWeaving, we’re now ready to explore specific tips, tricks, and techniques that you can employ to instantly improve your writing, break away from the mechanics, and become a true StoryWeaver.

By Davide Chiappetta

How to Create Great Characters

Strangely enough, what makes a character “Great” has little to do with what makes a character dramatically sound. This is easy enough to see if you consider the differences between the characters Austin Powers and James Bond. Both could be seen as Protagonists, and both could even be seen as heroes, and yet their personalities, mannerisms, interests, and attitudes are quite dissimilar. What makes them the same is their dramatic function; what makes them different are their personalities.
Dramatic function is part of a story’s logistic structure. Without a function, a character is little more than window dressing. Yet, even the most strongly drawn structural character is quite forgettable without a charismatic personality. Stucturalist writers tend to start with the function (Antagonist, Protagonist, etc.) then build a personality on that foundation. Intuitive writers usually want to get to know their characters first as individuals, then determine what function they should play in the structure.
No matter which kind of writer you are, you will eventually need to develop your characters’ personalities. So, here’s a great trick to brainstorm your characters and perhaps even learn something about your plot along the way.
I call this method, “Mix and Match.”
More than likely, you remember a childhood toy that was a book with pictures of faces, each cut into three pieces: top, middle, and bottom. The top section of each face had the hair, the middle section covered the eyes and nose, and the bottom section displayed the mouth. By flipping parts of each page, you could create all kinds of different people, swapping the hair of one with the eyes of another and the mouth of a third.
We can apply a similar concept to character attributes and physical traits to create dynamic personalities.
As an example, lets start with two ordinary, forgettable characters with only three traits each (Gender, Age, and Role) and mix and match to create more memorable characters
Character #1: Male, 38, Mercenary
Character #2: Female, 9, Shoplifter
Pretty forgettable, right? Okay, let’s mix and match:
Character #1: Female, 38, Mercenary
Charcter #2: Male, 9, Shoplifter
Now think about how these characters changed their personalities, just by swapping a single attribute from one to the other. A Male Mercenary, age 38 simply has a different “feel” than a Female Mercenary, age 38. Why? Due to our cultural indoctrination., we expect certain things of men and certain things of women. We therefore expect a Male Mercenary to have a different personality than a Female Mercenary. In other words, it would require a different personality of woman than a man to become a Mercenary in our society. So, we (as creative authors) tend to subconsciously assign those personality traits to the character, even though we have really only spelled out the character’s role and gender.
Let’s try another swap:
Character #1: Female, 9, Mercenary
Character #2: Male, 38, Shoplifter
Again, we impose our own subconscious expectations of each character’s personality upon him or her so that we have a completely different feel for each than we did before.
Let’s try one more:
Character #1: Male, 9, Mercenary
Character #2: Female, 38, Shoplifter
Once again, the personalities change.
We might find that one of these characters strikes our fancy as being interesting to develop and put into play. But more than likely, we haven’t found the “Great” character we are looking for. What we need are more traits and attributes, and more characters to swap them among.
What I usually do is list various traits and attributes on 3x5 cards, cut them up into individual items and then assemble them like the Face Book to create potential characters for my story.
For example, I might have a group off different traits/attributes in each of the following categories:
Name Age Sex Height Weight I.Q. Hair Color Hair Style Mannerisms (graceful, clumsy, abrupt, etc.) Physical Impairments Physical Enhancements (keen eyesight, etc.) Physical Quirks (i.e. twitch) Religious Affiliations Religious Beliefs (not necessarily the same as affiliations) Hobbies Skills Talents Accent Speed of Speech Place of Birth Marital Status Previous Marriages Special powers Job or Role Pets Siblings (alive and dead) Personality Traits (sourpuss, practical joker, deadpan serious, etc.) Sound of Voice (deep, high, breathy)
Well, I could go on an on with this list, but you get the idea. The best way to compile a list of categories like this is to read the newspaper, watch television, or sit in a coffee shop and look out the window.
Now, in each category, you need to come up with as many different items as you can.
For example, in the first category, Name, we might have the usual Joe, and Sally, but also Zippo, Teaser, Tweezer, and Mulch. The weirder, the better.
Let’s take our Female, 9 year old Mercenary and name her Sally. Now how does her personality change if we name her Tweezer, or Mulch instead?
In tangible reality, there is no indicated difference between Sally, the 9 year old Female Mercenary and Tweezer, the 9 year old Female Mercenary. And yet, we cannot help but feel they are different because of our cultural indoctrination.
As a brainstorming technique for creating “Great” characters, the mix and match method is the best way I’ve found to break away from the same old forgettable stereotypes.
Now most of this you’ll need to do this manually, but in fact there is a place in the Dramatica Pro software that can help take some of the drudgery out of it. From the main Dramatica Desktop, click on the Brainstorming tile. Then, select the Character Generator Tile. Here you can automatically generate characters by arbitrarily assigning them names, genders, and structural functions as archetypes or complex characters.
And speaking of structural functions, have you noticed that none of the attributes we assigned to our characters above gave any indication as to their status as a Protagonist, Antagonist, other archetype or complex functional character?
If you are a structuralist writer, you’ll first start with your Protagonist (or whatever structural function you wish to begin with) and THEN play the mix and match game on that foundation. If you are an intuitive writer, you’ll start with mix and match and then pick one character and determine what function he, she, or it should play.
Take Tweezer, our nine-year-old Mercenary. Would she be a better Protagonist or Antagonist? When you pick a structural function, it ties the character to the plot and further defines the foundation of its personality. And, because you have likely chosen a role for your character, such as Mercenary, the combination of roles among your characters can actually start to suggest the outlines of a plot!
Of course, some things will likely have to be changed to make the characters and plot more consistent. But, this refining process is just part of the ongoing development of your story. The real trick is to break free of the stodgy, ordinary character we create by falling into our well-worn mental patterns, and mixing and matching to create arbitrarily intriguing characters.

What makes you tick? Ovvero: Cosa ti spinge a comportarti cosi?

"What makes you tick?" pressapoco vuol dire in italiano "cosa ti spinge a comportarti cosi?"
è un modo di dire particolare che non va tradotto parola per parola, infatti se lo fosse significherebbe insensatamente "cosa ti rende segno --(oppure cosa ti rende spunta o zecca o minuto)
In rete su alcuni forum, molti americani per lo più ragazzi  hanno risposto a questa domanda elencando ciò che gli stimola o gli motiva nelle scelte : quasi tutti al primo posto era l'ambizione, poi il sesso, poi il cibo, poi la cultura, via via discendendo nella lista, alcuni hanno scritto il dormire bene e altro.
La risposta che ognuno di noi dà alla domanda "What makes you tick?" non è facile come sembri, esso implica la vera nostra natura che ci spinge a fare delle scelte rispetto ad altre, natura profonda che altri non possono sapere e che a volte neanche noi la conosciamo, se non tramite meditazione e studio e domande che ci poniamo.
----------------------------------------------------------
LA MOTIVAZIONE
COS’È LA MOTIVAZIONE
Motivazione è una parola composta da motivo e azione. Essa è dunque una spinta interna
prodotta da un’ immagine chiara relativamente alla destinazione verso cui si tende.
Ecco perché la motivazione può essere considerata il vero segreto del successo: le persone di
successo infatti sanno cosa vogliono, perché e soprattutto si attivano per ottenerlo, in sintesi
sono motivate.
Il termine motivazione contiene dunque in sé il rimando ad un perché, uno scopo. Ciò che ci
spinge ad agire in un determinato modo infatti non è propriamente l’obiettivo che dobbiamo
conseguire, bensì lo scopo per cui lo perseguiamo. La nostra motivazione non è mai legata
all’obiettivo in sé, ma a ciò che ci darà raggiungerlo, a come ci farà stare, alle sensazioni che ci
farà provare.
Pensa ad una situazione in cui sei stato particolarmente motivato e la tua determinazione non
è venuta meno nel tempo: sicuramente quell’obiettivo per te era davvero importante e
raggiungerlo aveva un significato speciale, ti avrebbe fatto stare incredibilmente bene, così
come non raggiungerlo sarebbe stato un dolore insopportabile. In poche parole, valeva la pena
impegnarsi per quello, c’erano dei validi motivi che ti spingevano all’azione. Se sai ciò che vuoi
e questo è per te veramente importante, agirai di conseguenza e con la giusta motivazione.
Mentre un obiettivo porta a concentrare il focus mentale, uno scopo procura la spinta
necessaria.
---------------------------------------------------------
DA DOVE NASCE LA MOTIVAZIONE?
Da quanto premesso deriva che, in ultima istanza, all’origine della motivazione vi sono le
nostre emozioni, in particolare le due emozioni fondamentali: il piacere ed il dolore. Tutti gli
esseri umani sono spinti da queste due forze e compiono azioni per fuggire dal dolore o per
raggiungere il piacere.
Il nostro cervello è un meccanismo che svolge costantemente e in maniera perfetta questo
processo di valutazione di piacere e di dolore. Ad esempio, quando rimandiamo qualcosa, lo
facciamo, perché l’idea di compiere una determinata azione ci provoca dolore, magari per
paura di quello che potrebbe succedere (vogliamo in tal caso evitare un potenziale dolore)
oppure semplicemente perché ci annoia. Quando le conseguenze di non farlo diventano più
dolorose dell’idea di farlo allora ci mettiamo in azione. È un po’ come se nella nostra testa ci
fosse una bilancia che soppesa con precisione piacere e dolore. Un fumatore, ad esempio,
decide di smettere di fumare quando il dolore associato al farlo (la paura per le possibili
conseguenze negative sulla salute, le spese per il fumo troppo elevate, innamorarsi di una
persona che non sopporta il fumo, la paura di intossicare il bimbo in arrivo ecc.) diventerà
maggiore delle sensazioni piacevoli che il fumo gli dà.
A breve termine il dolore è un fattore di motivazione ben più potente del piacere: siamo infatti
disposti a fare molto di più quando dobbiamo tirarci fuori da un guaio piuttosto che per
migliorare una situazione già ottimale. A lungo termine però i veri cambiamenti avvengono
solo quando il nuovo comportamento o la nuova situazione diventano piacevoli, ossia quando
non dobbiamo sforzarci per mantenerli.
---------------------------------------------------------
UN ESEMPIO: LE DIETE
Per la maggior parte della gente mettersi a dieta è un dolore psicologico enorme, rappresenta
una costrizione, un sacrificio. La persona che si mette a dieta, quindi si sforzerà, se dotata di
una buon forza di volontà, di seguire una corretta alimentazione, evitando di mangiare come in
realtà desidererebbe. Se con grande disciplina continuerà a farlo, arriverà, ad un certo punto,
all’obiettivo di peso prefissato all’inizio della dieta. Ecco che finalmente, felice per il risultato
raggiunto, potrà porre fine ai suoi sforzi, tornando a mangiare senza privarsi delle leccornie
adorate! Ovviamente, riprendendo lo stesso regime alimentare, riacquisterà in breve tempo
anche lo stesso peso e sarà pronta a rimettersi nuovamente a dieta. Dall’altra parte le
statistiche parlano chiaro: questo schema è così diffuso che oltre il 97% delle persone che si
sottopongono ad una dieta entro tre anni dal risultato raggiunto arrivano addirittura a superare
il peso che avevano prima del di sottoporsi al trattamento. Le poche persone che, dopo essersi
messe a dieta mantengono per sempre e senza alcuno sforzo il peso raggiunto sono quelle che
hanno pian piano associato il piacere al nuovo stile di vita: alimentarsi correttamente e fare
esercizio fisico con regolarità le fa stare bene, è estremamente piacevole e non rappresenta in
nessun modo qualcosa che richieda un intervento eccezionale di volontà.
---------------------------------------------------------
COME GESTIRE IL PIACERE ED IL DOLORE
Ora, proprio perché piacere e dolore hanno una così grande influenza nello spingerci all’azione,
possiamo utilizzarli per trovare la motivazione che ci è mancata finora per prendere una
determinata decisione ed attuarla. La maggior parte delle persone è così bloccata nella propria
zona di comfort (ovvero quella situazione che, magari non è ottimale, ma che dà sicurezza)
che, prima di decidere di cambiare una situazione aspetta fino a quando non può farne a
meno, ovvero quando il dolore è diventato così grande da obbligarla ad agire! Aspetta di avere
il mal di denti prima di andare dal dentista oppure che il dottore le dia cattive notizie per
smettere di fumare, o, ancora che un rapporto sia allo sbando per cercare di migliorarlo.
Ebbene, noi possiamo evitare di dover correre ai ripari, possiamo consapevolmente
associare dolore a ciò che vogliamo cambiare e piacere alla situazione desiderata, in
modo che possa diventare più facile agire di conseguenza.
È evidente, per esempio, che la decisione che vuoi prendere porta con sé delle conseguenze di
sicuro positive, perché altrimenti non la riterresti in grado di migliorare la qualità della tua vita.
Spesso chi deve prendere delle decisioni, anche importanti per il proprio futuro ed esita lo fa
perché si concentra molto di più sulle difficoltà che potrebbe incontrare nell’attuarla (il dolore)
rispetto ai vantaggi che potrebbe portare in futuro (piacere), facendo sì che sui piatti della
propria bilancia interna il primo aspetto sia più pesante del secondo. Se vogliamo invece
rendere più facile prendere la decisione e passare immediatamente all’azione è necessario
invertire queste due forze, focalizzandoci molto di più su quanto ci costerà continuare a
rimandare quella decisione e, al contrario, su tutto ciò che di buono ci darà l’agire in quella
direzione.
---------------------------------------------------------
UN PO’ DI PRATICA
Trova quante più risposte alle seguenti domande:
Cosa ti potrebbe costare non prendere questa decisione o continuare a rimandarla?
Quali opportunità potresti perdere? A cosa dovresti rinunciare? Cosa vorrebbe dire per la tua autostima? Quali sono le
peggiori conseguenze alle quali potrebbe portare il non decidere? Come ti farebbe stare?
Cosa ti darà il prendere questa decisione e agire di conseguenza?
Quali sono i benefici di cui godrai? Come ti farà stare? Come migliorerà la tua vita? Quali sono gli effetti positivi per
le persone che ami? Cosa avrai in più che adesso non hai?
---------------------------------------------------------
IL DENARO PRINCIPALE STRUMENTO DI MOTIVAZIONE DELLE RISORSE UMANE?
Infine riportiamo il risultato di alcuni studi condotti su uomini e donne di successo per scoprire
ciò che cosa spinge veramente ad ottenere performance superiori in ambito professionale.
Ebbene, tali studi hanno dimostrato che, contrariamente a quanto siamo soliti pensare, il
desiderio di eccellenza offre una spinta motivazionale maggiore di quella data dalla
prospettiva di arricchimento o di elevamento del proprio status sociale.
Certo, Thomas Edison, Bill Gates, Walt Disney, Estee Lauder sono diventati ricchi, ma la vera
chiave del loro successo non è rintracciabile nel desiderio di diventare ricchi, bensì nella
volontà di creare prodotti o servizi eccellenti.
Ray Kroc, il fondatore di McDonald's Corporation, durante un intervento presso la Business
School dell’Università del sud della California, disse che la prima cosa di cui ha bisogno un
business man è l’amore per un’idea.
Se non ami ciò che fai, difficilmente otterrai buoni risultati e se ti “accontenti” di un lavoro solo
perché spinto da prospettive di guadagno, rinunciando alle tue reali aspirazioni ed interessi, ti
precluderai la possibilità di crescere, rimanendo magari parcheggiato a vita nello stesso posto,
verso cui ti trascinerai stancamente ogni mattina.

Buffer di dati per il visual basic che li leggerà come codice macchina

avendo avuto la febbre giorni fa che mi ha costretto a stare a casa circa una settimana ho sfruttato il tempo tra le altre cose di modficare alcuni programmi, alcuni sperimentali di famosi informatici americani (alcuni non so che fine hanno fatto).
un algo che vorrei mettere è questo qui fatto in visual basic 6 (a titolo dimostrativo, meglio programmare in c/c++ o visual .net).
siccome il vb non permette di creare assembly inline come fa il C c'è un trucco ed è usato o meglio era usato spesso da alcuni genietti per superare le limitazioni ovvie del vb.
questo algo non fa altro che iniettare in memoria (in modo regolare) un buffer che contiene dati e poi viene passato alla funzione CallWindowProc() quella usata per subclassare i messaggi win, tanto per intenderci, e esso non fa altro che leggere il buffer di dati come sequenza di codice macchina
per chi l'ha capito il trucco è questo: i dati vengono letti come normali opcode, basta bassare alla funzione CallWindowProc() il puntatore al buffer dei dati, tra le altre cose nel buffer si possono mettere anche indirizzi di variabili stringhe (per esempio se si vuole usare una semplice MessageBoxA() o come in questo caso metteremo indirizzi di variabili perche vorremo salvarci i valori che avremo dopo aver eseguito il processo.
allora ricapitolando buffer di dati, chiamata alla funzione CallWindowProc() a cui passeremo come primo parametro il puntatore al buffer (questo buffer fungerà da una normale funzione) e valori di ritorno.
la funzione interna è, per chi conosce l'assembly, il mnemonico CPUID che in esadecimale sarebbe 0FA2, e prima della chiamataa CPUID pusheremo tutti i registri importanti altrimenti (logicamente) l'interprete del vb crasha, e poi li popperemo, inoltre cosa importante calcoleremo l'address delle variabili di ritorno e li trasformeremo anch'esse in esadecimale facendo attenzione di invertire i byte perchè
la cpu che quasi tutti abbiamo (specie perchè gira il vb) è little endian cioe la memoria viene letta dalla cpu da destra a sinistra (la cpu motorola del mac legge normale da sinistra a destra come fanno i nostri occhi, nel gergo informatico big endian)
questa iniezione di dati letti come codice tra l'altro fu usato da due genietti dell'informatica Paul Caton e Vlad Vissoultchev che lo usarono per creare uno sniffer (che io ho modificato qualche giorno fa) fatto completamente in visual basic, il cui codice veniva modificato a run-time perchè deve chiamare le socket e altre funzioni api che non sono logicamente hardcodate (ogni service pack e sistema operativo ha i suoi indirizzi di memoria)
detto questo ecco l'algo per leggere la versione della cpu (per chi non lo sapesse dopo aver chiamato l'opcode cpuid la cpu salva i dati (ascii) in sequenza nei registri ebx + edx + ecx:
 un ultima cosa, chi mastica bene o male queste cose e vuole crearsi le proprie funzioni in assembly, gli conviene crearsi
i propri opcode direttamente sul debuger ollydbg, oppure crearsi il codice in asm e poi copiarlo da ollydbg, oppure crearselo direttamente in C e poi copiarlo sempre da ollydbg, con l'accortezza però di non usare chiamate alle funzioni run-time del C ma crearseli da se, perche quanto poi diventano opcode per il VB, le chiamate alle funzioni run-time del C non hanno senso, nel contesto del VB

Sub Main()
    InjectionCodeAsmAscii_CPUID
End Sub

Sub InjectionCodeAsmAscii_CPUID()
Dim Asm As String
Dim eax As Long
Dim ebx As Long
Dim ecx As Long
Dim edx As Long

'*****COMMENTO: questo è il codice macchina che ho creato a mano con ollydbg gli indirizzi 14567C sono fittizi li ho paddati per fare l'allineamento, gli indirizzi effettivi li calcolo a run-time nel Vb stesso***************
'0014E9D6 55 PUSH EBP
'0014E9D7 8BEC MOV EBP,ESP
'0014E9D9 50 PUSH EAX
'0014E9DA 53 PUSH EBX
'0014E9DB 51 PUSH ECX
'0014E9DC 52 PUSH EDX
'0014E9DD 33C0 XOR EAX,EAX
'0014EAD5 0FA2 CPUID
'0014E9DF A3 78561400 MOV [14567C],EAX
'0014E9E4 891D 7C561400 MOV [14567C],EBX
'0014E9E4 890D 7C561400 MOV [14567C],ECX
'0014E9EA 8915 7C561400 MOV [14567C],EDX
'0014E9F0 5A POP EDX
'0014E9F1 59 POP ECX
'0014E9F2 5B POP EBX
'0014E9F3 58 POP EAX
'0014E9F4 C9 LEAVE
'0014E9F5 C2 1000 RETN 10
'*********FINE COMMENTO *************

Asm = Asm & Chr(&H55)
Asm = Asm & Chr(&H8B) & Chr(&HEC)
Asm = Asm & Chr(&H50) & Chr(&H53) & Chr(&H51) & Chr(&H52)
Asm = Asm & Chr(&H33) & Chr(&HC0)
Asm = Asm & Chr(&HF) & Chr(&HA2)
Dim StructForEax As TypeAddr
Dim addrForEax As Long

Dim StructForEbx As TypeAddr
Dim addrForEbx As Long

Dim StructForEcx As TypeAddr
Dim addrForEcx As Long

Dim StructForEdx As TypeAddr
Dim addrForEdx As Long

StructForEax = restituisciByteLong(VarPtr(addrForEax))
StructForEbx = restituisciByteLong(VarPtr(addrForEbx))
StructForEcx = restituisciByteLong(VarPtr(addrForEcx))
StructForEdx = restituisciByteLong(VarPtr(addrForEdx))

Asm = Asm & Chr(&HA3) & Chr(StructForEax.addr1) & Chr(StructForEax.addr2) & Chr(StructForEax.addr3) & Chr(StructForEax.addr4)
Asm = Asm & Chr(&H89) & Chr(&H1D) & Chr(StructForEbx.addr1) & Chr(StructForEbx.addr2) & Chr(StructForEbx.addr3) & Chr(StructForEbx.addr4)
Asm = Asm & Chr(&H89) & Chr(&HD) & Chr(StructForEcx.addr1) & Chr(StructForEcx.addr2) & Chr(StructForEcx.addr3) & Chr(StructForEcx.addr4)
Asm = Asm & Chr(&H89) & Chr(&H15) & Chr(StructForEdx.addr1) & Chr(StructForEdx.addr2) & Chr(StructForEdx.addr3) & Chr(StructForEdx.addr4)

Asm = Asm & Chr(&H5A) & Chr(&H59) & Chr(&H5B) & Chr(&H58)
Asm = Asm & Chr(&HC9)
Asm = Asm & Chr(&HC2) & Chr(&H10) & Chr(&H0)



ret = CallWindowProc(Asm, 0, 0, 0, 0)

'in addrForEax, cioe eax,ci sta la lunghezza ritornata dalla stringa CPUID

For a = 7 To 1 Step -2
ascii = ascii & Chr(Val("&H" & Mid(Hex(addrForEbx), a, 2)))
Next a
For a = 7 To 1 Step -2
ascii = ascii & Chr(Val("&H" & Mid(Hex(addrForEdx), a, 2)))
Next a
For a = 7 To 1 Step -2
ascii = ascii & Chr(Val("&H" & Mid(Hex(addrForEcx), a, 2)))
Next a
MsgBox (ascii)
End Sub


Private Type TypeAddr
   addr1 As Byte
   addr2 As Byte
   addr3 As Byte
addr4 As Byte 'addr4 addr3 addr2 addr1 --- dal meno significativo (dx) al piu significativo (sx)
End Type

'restituisciByteLong come si può ben vedere inverte i byte degli address di memoria che poi inseriremo byte per byte assieme agli altri opcode
Function restituisciByteLong(ByVal ptrLong As Long) As TypeAddr
    restituisciByteLong.addr4 = (ptrLong And &HFF00) \ 2 ^ 24
    restituisciByteLong.addr3 = ((ptrLong And &HFF00) \ 2 ^ 16) And &HFF
    restituisciByteLong.addr2 = ((ptrLong And &HFF00) \ 2 ^ 8) And &HFF
    restituisciByteLong.addr1 = ptrLong And &HFF
End Function

Simple alternative to GetTickCount()

MAKE BY DAVIDE CHIAPPETTA

I made this note on the notes of "With A Little Help From My Friends"  of Joe Cooker (Woodstock)
(disassembling GetTickCount with ollydbg)
kernel32.GetTickCount:
7C80932E                  MOV EDX,7FFE0000
7C809333                                        MOV EAX,[EDX]
7C809335                                        MUL DWORD PTR [EDX+4]
7C809338                                        SHRD EAX,EDX,18
7C80933C                                        RETN
************************************************************
** memory: address 7FFE0000 (alias struct for C/C++ SYSTEMTIME)
** values change every microsecond of the time, try to see with any debugger
(address)                 (value hex)
7FFE0000                 00224D66          seconds
7FFE0004                 0FA00000        
7FFE0008                 C87E31C6          milliseconds,seconds,minute
7FFE000C                 00000051        
7FFE0010                 00000051        
7FFE0014                 29DE5648          milliseconds,seconds,minute
7FFE0018                 01CC6F3A         days, months and years
7FFE001C                 01CC6F3A         days, months and years

code C (+ inline assembly) alternative simple a GetTickCount()
#include <stdio.h></stdio.h>
int main ()  {
int n=0;
long timer1,timer2;

_asm
{
 mov eax, 0x7FFE0008 //We need only milliseconds.
 push [eax]
 pop timer1
}
for (n=0;n
{
}
_asm{
 mov eax, 0x7FFE0008  //We need only milliseconds.
 push [eax]
 pop timer2
}
printf("%d",timer2-timer1); //idem GetTickCount() - oldTimer
return 0;
}

By Davide Chiappetta

debugging kernel XP with bochs

A differenza delle vmachine vmware, virtual pc e virtual box che hanno gli stessi indirizzi di memoria sia in kernel-mode emulato che in user-mode, bochs ha indirizza diversi (di pochi kb di offset rispetto a quelli reali e emulati) perchè è un traduttore mentre gli altri hanno virtual-driver e virtual-monitor che sono veri e propri driver che lavorano e ring 0 e che traducono call potenzialmente pericolose che implicano ad esempio il registro cr3 etc... di conseguenza essendo quasi 1:1 gli address reali e virtuali combaciano


allora in bochs dopo che hai caricato il S.O. e sei arrivato in modalità protetta (puoi vedere anche il salto da real mode a protct mode mettendo un breakpoint con vb 0x58:0x0000000000001c46, si blocchera poco prima del salto su segment 0x8)
per vedere i segmenti e la GDT e IDT fai sreg

bochs ha uno stub all'interno del client gdb (solo le parti essenziali, quindi i cimandi sono identici a gdb) e per vedere KPCR del kernel XP fai:

x /14xw 0xffdff000 (0xffdff000 sarebbe l'inizio della struttura KPCR mentre 14 sarebbe l'offset di KPCR->KdVersionBlock
ora l'indirizzo nel mio caso di KdVersionBlock è 0x80544cb8
ottenuto KdVersionBlock cioe 0x80544cb8 dobbiamo andare sulla struttura _DBGKD_GET_VERSION64 a cui punta

ora si deve fare x /10xw 0x80544cb8

risultato:
0x0000000080544cb8 <bogus>: 0x0a28000f 0x00020006 0x030c014c 0x0000002d</bogus>
0x0000000080544cc8 <bogus>: 0x804d7000 0xffffffff 0x805531a0 0xffffffff</bogus>
0x0000000080544cd8 <bogus>: 0x80675df4 0xffffffff</bogus>

0x804d7000
0x805531a0
0x80675df4


LISTE DOUBLE LINKATE:
x /14xw 0x805531a0

0x00000000805531a0 <bogus>: 0x821fc3a8 0x821ed9b0 0x00000000 0x00000000</bogus>

0x821fc3a8
0x821ed9b0

INFO DEL PRIMO MODULO CARICATO CIOE NTOSKRNL:

x /12xw 0x821fc3a8
-flink- -blink-
0x00000000821fc3a8 <bogus>: 0x821fc340 0x805531a0 0x00000000 0x00000000</bogus>
0x00000000821fc3b8 <bogus>: 0x00000000 0x00000000 0x804d7000
0x00000000821fc3c8 <bogus>: 0x001f7100 0x003c003c 0xe1000008 0x00180018</bogus>


l'entry point di NTOSKRNL si trova all'address 0x8068d6dc che in nome symbolico è nt!KiSystemStartup


0x8068d6dc
u 0x8068d6dc 0x8068d6dc + 100
8068d6dc: ( ): push ebp ; 55
</bogus>

A Constructive Criticism of movie "True Lies"

by Melanie Anne Phillips 

Jack of all trades, master of none. Sometimes a story just tries to do too much. Often when creating a work, an author will be inspired by a bit of action, a particular character or an interesting theme. Unfortunately, these may not all belong in the same story. A good solution is to choose which of these opposing creative directions one wishes to follow and put the others in cold storage for later. Another approach is to fully develop each of the incompatible concepts as a separate story within the work so that each is internally complete and externally consistent with the others. A regrettable approach is to try and make one story out of the beginnings of several. Rather than having each inspired concept add to the overall impact of the work, they detract from the gestalt, appearing not as creative assets but True Liabilities.
In the attempt to meld too many incompatible creative inspirations into a single story, True Lies ends up fragmented, schizophrenic, and unfocused. Worst of all, because each piece had such potential to develop into a complete story of its own, seeing them incomplete and stunted leaves the audience unfulfilled and frustrated. If we can identify the fragments and conjecture as to how they might have been developed independently, we can apply these techniques in making our own works more consistent.
True Lies embodies three potentially unconnected stories about three characters; Harry, an undercover spy; Helen, his unsuspecting wife; and Dana, their neglected daughter. Story number one involves Harry, who suspects his wife of having an affair and seeks to discover if she still loves him. After eavesdropping on her conversation, Harry is shaken and tells his partner, Gil of his suspicions.

HARRY
Helen...Helen...is... having an affair.

GIL
Hey, Harry. Listen, Helen still loves you, you know. She just wants to bang this guy for a while. It's nothing serious...you'll get used to it.
Story number two is about a housewife who discovers that her husband has been lying to her for seventeen years, loses her trust in him, and must decide if she will trust him again. Harry and Helen are kidnapped by the terrorists and Harry is forced to tell the truth about his secret life, and face the consequences with Helen.

HARRY
What can I say? I am a spy.

HELEN
You bastard! Lying, son of a bitch!

HARRY
Sorry, honey...

HELEN
Oh, don't you call me honey! You don't ever get to call me honey, again. You understand me? You pig!!
Story number three is about a man who doesn't pay enough attention to his daughter, so she comes to believe that she is unimportant to him and the man must try to prove to his daughter that he truly cares. Returning from a mission, Harry is insensitive to the fact that he should have bought something to bring home to his daughter. Luckily, his partner Gil remembered and saves the day.

GIL
I've got a...souvenir Swiss Snowy Village.

HARRY
What's that for?

GIL
For Dana, stup! You know, bring your kid home a gift. You know...the dad thing.

HARRY
Right, got it...nice touch.
Notice that the first and third stories focus on the man as the main character, while in story number two the main character is the wife. This is the first problem created by the multiple stories in True Lies: there is no consistent main character, yet the filmmakers forced it to have one. In other words, the story dealing with the wife's lost trust in her husband should have been told from her perspective to be consistent with the dramatic potentials of that story. However, the filmmakers chose to tell the story from her husband's point of view and thereby placed the audience in the uncomfortable position of wanting to see the story from her side, yet forced to look at her (themselves) from the outside. This pulls the audience right out of the passionate argument and robs that story of its heart.
It is this misplaced perspective that makes Harry seem to be a voyeur in the stripping scene and steals the meaning of their time together on the island, right up to his final rescue of her from the runaway limo on the bridge. In spite of this weakness in perspective, there must be some consistency that strings the three stories together or the film would not have worked at all. This consistency is the Objective Story. Every story has an Objective (or plot-oriented) side and a Subjective (or character-oriented) side. The three stories mentioned above are all Subjective in nature. The consistency in True lies is the Objective story about the terrorist threat, which spans all three. So, even though the entire middle of the film is told through the wrong character's eyes, the Objective story of terrorism strings them all together. How could this disjointed subjective side of True Lies have been fixed? There are two easy options: turn two of the partially developed subjective stories into subplots of the primary subjective story or lose the two least powerful stories altogether. Let's explore each option.
Losing two of the stories is certainly the easiest (though it may not be acceptable to filmmakers who insist on incorporating every good idea they have, whether it belongs in a film or not). If we take a look at where each of the three stories begins and where each segues into the next, we can perform a hypothetical amputation and see if the patient is healthier for it.
The opening teaser is just that: a teaser. All of Harry's shenanigans boil down to backstory exposition that he is a successful, dashing spy. Other than that, there is not a single bit of information that isn't brought out later, including the relationships among the members of Harry's team. It is important to recognize the difference between a dramatic storyform and dramatic storytelling. The chase scene at the end of the teaser is exciting and well-told, but it doesn't add to our understanding of the characters or their personal problems, and also offers precious little to our knowledge of the terrorist plot.
After the teaser, Harry goes home to his family and a "normal" life. Here we get our first glimpse of the beginning of the third story about the neglected daughter, Dana. But this story is so thin as to be almost not there. Dana dumps her father's proxy gift in the wastebasket and takes some cash from his partner's jacket. Aside from stirring a cake, she is barely involved in the movie until the Harrier sequence. Her story concludes with a visually stunning Harrier rescue, yet how can we care about her when we hardly know her? Still, at least the point is made that Harry doesn't know his daughter any better than we do.
Liability #1

GIL
You know, it's not just because you're a bad parent, I mean, kids, today, are ten years ahead of where we were at the same age. Hey, you think she's still a virgin?

HARRY
Don't be ridiculous, she's only... What is she now?

GIL
She's 14 Harry!

HARRY
She's only 14 years old.
Harry's partner, Gill, seems to know much much more about Harry's daughter. We see no more than a superficial exploration of the relationship between Harry and Dana. The daughter as an essential character to the story's solution or resolution seems quite invalid. We could easily dispose of her, and never miss her. Since we are first talking about cutting out two of the stories and later exploring ways to integrate them, let's just have the happy couple be childless and lop off the harrier sequence at the end.
What?!? Lose all that wonderful Harrier CGI?!? Yep. Car crashes and high-tech planes are a dime a dozen as action fodder. If you don't care about the people involved, you might as well go to the demolition derby. But how would we eliminate the villain if not by Harrier? How about by helicopter? Instead of landing for the Big Nuke, Harry could have just stayed on the copter, caught up to the villain and blown him out of the sky. THEN he lands and kisses his wife while the bomb goes off in the background.
Of course, rescuing the daughter was supposed to resolve her belief that her father didn't care about her. But did it really do that? The only clue we have is that just before Harry and Helen (his wife) are called out on assignment from their dinner table, Dana is sitting there all clean cut. Somehow shifting from grunge to debutante "one year later" is to serve as author's proof that she now understands that her father cares for her.
But what about Harry and the Harrier as he calls up to his daughter, "Trust me."? What about it? The issue was never whether Dana trusted him. That was Helen's issue. Dana just didn't think he cared. We don't get that from his showing up in a plane like Captain America and telling her to trust him. Presumably, the shock of seeing your computer salesman dad in a Harrier might just overshadow that event as single-handedly proving that he cares. So, we lose Dana's story and along with it, unfortunately, some exceptional CGI.
Now we have the "man who thinks his wife is cheating" story to dispose of. This story is developed better than the daughter's. Here, at least, we have some real emotion. Harry loves Helen, but does Helen still love Harry? From the look of things, no. He eavesdrops on a single conversation she has on the phone and is immediately convinced she is having an affair.
Liability #2

SIMON
Helen, it's Simon. Is it safe to talk?

HELEN
Yes.

SIMON
Listen, I can't talk long...Can you meet me for lunch tomorrow? I must to see you.

HELEN
I suppose so. Where?

SIMON
Same place. 1:00 o'clock. I have to go now. See you tomorrow. Remember, I need you.
Well, the overtones there were rather good, so we buy his conviction. He investigates, puts her in situations that force her to lie, and ultimately frightens and browbeats her in a high-tech sweat session. This story starts VERY well . . . and it develops well . . . and then it doesn't end when it should. In the interrogation scene, Harry comes to realize Helen is telling the truth about not having or even intending to have an affair. He almost becomes a human character when he starts to feel saddened and guilty for his lack of trust in her when he has been lying to her all these years. Helen admits that she has been tempted toward the excitement of the moment, but never to have an affair.

HELEN
I needed to feel alive. I just wanted to do something outrageous, and it felt really good to be needed, and to be trusted, and to be special. It's just that there is so much I wanted to do with this life, and it's like I haven't done any of it, and the sand's running out of the sand glass, and I just wanted to be able to look back and say:
"See, I did that. I was reckless and wild and I fucking did it."
Quite frankly, I don't give a shit if you understand that or not!
She beats on the window and Harry is shamed. Still he puts the question to her:

HARRY
Do you love your husband?

HELEN
Yes, I love him. I've always loved him, and I will always love him.
That's when he should have come out of the control room, embraced her and begged her forgiveness. She is angry, she is hurt, but he is genuinely repentive. Does she love him even after this or has he lost her forever with his lack of trust? Dissolve to "one year later" at the party scene and we see the two of them tangoing together. She has forgiven him, he has learned his lesson, and she gets her excitement. Happy ending, the party bookends the story.
In True Lies the story doesn't end there. Harry doesn't reveal himself. Rather than asking her forgiveness for all he has already done to her, he inflicts further emotional stress by making Helen believe her family is in danger.

HARRY

(to Gil)
She wants a little adventure, so I'm going to give her one.

(to Helen)
I'm offering you a choice. If you work for us, we will drop the charges and you can go back to your normal life, if not, you will go to federal prison, and your husband and daughter will be left waiting and alone. Your life will be destroyed.
More lies. Nothing learned. Then, he manipulates her, and humiliates her while he watches like a lecher. Not an admirable character. Oh, sure, she beats him on the head before she knows who he is. Wouldn't it have been better under the circumstances if she beat the tar out of him after she recognized him? But all this is swept under the carpet by the Objective story when the terrorists kidnap them both from the room. That's no way to resolve a Subjective problem!
Which brings up the question of where that particular problem DOES resolve. In fact, it never does. There is never a scene in which Helen forgives Harry or in which he asks forgiveness. They just sort of come out of it like two people who have been married a long time, have a spat, and it just blows over. But you sure don't find romance in a party scene stemming from a relationship like that! We needed to see this one resolve. Since we didn't and since the Objective story wanted to focus more on the terrorists, let's axe this story as well.
What does that leave us with? An opening scene in which a spy does spy things. Harry comes home to his "normal" family who don't know. He is "marked" by the villain. Terrorists break into his house, take him and his wife hostage. Helen is shocked to find that Harry has been lying to her and doesn't want anything to do with him. She won't trust anything he says. On the island, he is given truth serum. She learns that he really does love her. When it wears off, he starts grandstanding to win her back. He tells a few white lies to make himself look better in her eyes and gets caught in the fibs. Now she REALLY doesn't trust him. She won't believe anything he says, which puts a big crimp in his ability to get them safely off the island and stop the terrorists.
Helen ends up in the runaway limo on the bridge. Harry catches up by helicopter. He yells to her that the bridge is out, but she can't see it behind the fire and believes he is still grandstanding to win her back. No matter what he says, she doesn't believe him and time is running out. Finally, Harry tells her that if he is lying now, then she must believe he never loved her. She makes a leap of faith, hoping that his love is enough to make him truthful. In fact, it is a literal leap of faith, as she takes his grip just in time to be pulled from the limo before in crashes off the collapsed bridge. Author's proof, she made the right choice. They land, they kiss, (bomb goes off), the end, no party scene.
But we cut out so much! True, but the film would have felt so much better! Still, its a shame to lose so many good storytelling concepts. If we could find a way to complete each story internally and then bring them all together in a single film, we might be able to have our cake and eat it too. How might we complete, then combine them to cater to their strengths and compensate for their weaknesses?
Let's open with the party scene. Just for kicks, lets see something at the party or the computer room that hints at the nuclear connection. Harry goes home to his "normal" family life. We learn that his daughter believes he doesn't care "because you're never there." Dana has to say this at least once. We need a scene with her, not just a moment when she gets the gift. She goes off with the boyfriend and Harry sees and HEARS her with the hidden camera as her boyfriend tells her, "You sure your dad won't mind you going?" Dana replies, "He doesn't care about anything I do. Sometimes I feel like I don't even have a dad." Well, maybe the dialog is clunky, but you get the idea: we set it up that Harry is never there for her when she needs him.
Turning Liabilities into Assets
Now, the "affair" proceeds as it was filmed. But when we come to the interrogation scene, Jamie makes more of a point about how her life is so boring. (We could foreshadow and support this in the office scene earlier when she got the call from the used car salesman). Harry breaks down, feeling shamed. His buddy tells him to go in and ask her forgiveness. He says he can't because she'll never trust him again. He believes he'll lose her. Harry still can't tell the truth. Instead, he decides to lie even more in an attempt to win her back.

GIL
What are you doing Harry??

HARRY
Just giving her a little assignment.

GIL
You got to be shittin' me!?!
Harry decides to set it all up, trying to give her what she fantasizes about and winning her back in the process. (Sure, its self-serving to the male audience, but that's the intended audience, after all.) But when Helen goes up to the room, humiliates herself and finds out it is Harry, she lambastes him with the phone. Before the issue between them can be resolved, the terrorists show up and take them away.
Harry and Helen end up on the island as described above where she is sure he loves her but still he lies to win her back. Her lack of trust hinders his ability to get them safely off the island. Helen ends up in the limo, makes the leap of faith (after all, for the intended audience the woman has to be the one to change), they land, kiss, nuclear bomb, and then they get the word that Dana has been taken.
We cut to the terrorists holding Dana. We need the villain to tell her she is bait to lure her father. She tells him that her dad won't come: he doesn't care about her at all. Again, she HAS to say this at least once. NOW, we have all the elements in place for her to be surprised not only by her daddy in a Harrier, but that it is HER DADDY. Harry's line is not "trust me", but "I love you." And that is when Dana jumps because she knows her daddy will catch her.
One year later, the happy family, the phone call, the party bookend, and just before the tango, Harry picks up something for his daughter as a souvenir. He says, "This is for Dana, she loves unicorns," letting us know that he has come to care enough about his daughter to know her special likes. Then the tango, roll credits, happy ending.
The interesting thing about this minor rewrite is that it would have added nothing to the budget. All that was required was a minute or two of new film in existing locations with existing cast and a few additional lines of dialog. Yet, with that little effort, rather than being true liabilities, the "three unsuccessful stories" could have gotten this film's storyforming assets in gear. And that's no lie.

By Davide Chiappetta