Igor Skochinsky (@[email protected])

I guess this means I can put "advanced cleartext hacker" on my business card?

@struppigel Hi Karsten, AFAIK there should be checks to prevent such problem, but perhaps some corner case was missed. I can't seem to be able to DM you, so could you please DM me or use support.hex-rays.com so that we understand better how exactly you ended up in this situation?

To the people suggesting use Ghidra/Binja instead -- I already do depending on the sample, whether I am at home or at work, or just how I feel. Tools are not mutually exclusive unless you are religious about them. About cracks not having this issue: That is sadly true.

IDA, why are you doing this? I lost my work because IDA refused to save. I needed to reboot the system to get network connection again. Without network there is no licensing server available. Surely there must be a better way to not loose work?

@ESETresearch FYI CERT-UA reported one back in July: cert.gov.ua/article/6284730

#ESETResearch has discovered the first known AI-powered ransomware, which we named #PromptLock. The PromptLock malware uses the gpt-oss:20b model from OpenAI locally via the Ollama API to generate malicious Lua scripts on the fly, which it then executes 1/6

@evm_sec I just link to a DLL with "ignore missing symbols" (not sure of the exact way using ld, but possible with link.exe)

This seems like a common situation I run into but first time I scripted it. Do other folks run into this? (Needing to analyze or compare a static lib) What do you normally do?

Yesterday I worked through a scenario where I generated stub C code in order to link a static library (.a) so Ghidra would properly analyze it in a single address space. I wrote a script that diffed readelf output in order to make a list of missing symbols that needed stubs. 1/2

This is no modern sculpture but an exemple of the ancient Japanese technique of #kamatsugi: a stylish & beautiful assembly technique allowing to join two carved beams together without using any nails. To learn more check the exhibition at the #MCJP in Paris😉 #Japan #Paris #wood

@halvarflake @ghosted_sound Build your own and port symbols using BinDiff?

@ghosted_sound To clarify: I need the syms belonging to the above executables, not a different JVM with syms.

Dear Java Twitterverse, I am looking for the symbols for the JVMs found under jdk.java.net/21/ -- does anyone know where I could find them?

@Fox0x01 There used to be a Linaro Enterprise Group, but it’s no longer with us, it seems.

leg-assembly.com for the win

The interview article with #CaptainDuckling, also known as #YokoKanno, has been published on Forbes! forbes.com/sites/olliebar…

See you there!

The 3rd and final teardown (for now) in which we look at the overheads associated with std::function compared to "old school" ricomariani.medium.com/std-function-t…

@matalaz @edeca Even with MSVC you can get functions with identical bodies if ICF optimization is off (e.g. in debug builds).

@matalaz You probably need to use higher level info, such as the inter-function relationship (callers/callers, neighbor functions etc.). Maybe even approach it like an optimization problem over the whole binary.

【報告】今週から東京に行ってCODEBLUEとAVTokyoに参加する予定です。お会いしたい方はDMやLINEを送ってください。

@criscifuentes Will there be a recording?

I’ll be giving my talk “From Student of Compilation to Mother of Decompilation” on Tuesday at 5 pm AEST at UQCS; details below uqcs.org

A very cool project to avoid installing dozens of Windows versions (and updates) to get just one file you need.

@tmr232 If you need to customize it then I’d go with Scrapy, otherwise even wget or HTTrack might be enough.

I wanna write a web crawler/scraper - should I use Python or Go?

@johnregehr Not compilation but: binary.ninja/2018/06/19/fas…

@moyix @bitemyapp Bug compatibility is important too!

@bitemyapp clang appears to link in the set_fast_math function when you use -Ofast too, probably for "gcc compatibility" :p

It is actually kind of insane that gcc's -Ofast turns on -ffast-math and enables a bunch of unsafe FP stuff! It adds an implicit constructor that changes the floating point behavior of the CPU, so loading any library compiled with -Ofast then messes up the whole process.

@moyix I once had “fun“ debugging a crash in a Borland-compiled DLL called from an MSVC-compiled program. Turns out the two compilers use different FPU control word defaults so the called code was raising FPU exceptions not expected by the caller (but only on *some* inputs)

@BruceDawson0xB @timmisiak @yarden_shafir Nice, how do you detect them? IIRC the last time I’ve checked, the PDB only kept one name.

fun RE fact: when an app has several identical functions, the compiler will merge them into one and pick a single symbol name. This can be confusing when looking at disassembled code that seems to call unrelated functions

@moyix Intel: hold my beer

W3C: "Good URIs don't change" Microsoft web admin, putting on sunglasses: "Well then I guess our URIs are just bad to the bone"