Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by CopperD

  1. U-Fap - UnFuddle APplication (For automating UnFuddle backups) I-MAD - Interferometric Malfunction Analysis and Detection Small Rod Inspection System
  2. I have already begun the slide into madness. I tore into DFIR and LLVM Sunday evening and monday morning. CallVIFromDll is not used by anyone in LabVIEW dir. I checked all the imports and found no one using it. I have the function prototype figured out. (Sorry I let that info at home) Normal applications and Dlls don't use this either. This function seems to be used only by .NET Dlls. I have the crazy idea of compiling a simple VI to dll so I can easily get the executable code then searching the IDE's memory space for same code. Once found I can put some breakpoints in the deb
  3. This has nothing to do with RTSetCleanupProc() directly. When you call a vi by reference how does the caller know where the executable code is? CallVIFromDll looks like an interesting function name.
  4. Looks like both of you are correct. If this works on abort then it will save me some trouble today. It can call my code which can handle the the more complex functions and ordering. Hmm has anyone figured out how to go from a vi refnum to an entry point for the function? If this can be figured out it will make it much easier for people to modify this. I have many different angles of attack here so I am very confident something will work out.
  5. Thank you for this it looks like some good tidbits are in there. I would say it is slathered in marketing BS. Sadly marketing has stuck its fat ugly hand into LabVIEW very deeply and we'll need some sort of proctologist to remove it.
  6. Someone who understands! For what I want to do I need to do more then just jump to the function pointer. I need to call it with the correct calling convention and pass arguments. When abort is called we need it to call some cleanup code that may have arguments that need sent. Idea scratch pad If you do not know the function pointer to the function you want to use for clean up you can use LoadLibrary to get the handle to the library then pass that to GetProcAddress with the name of the function you want called. This can be automated and is used for the generation of the im
  7. This is turning into a very useful discussing. I will focus my efforts into the abort button. I knew sooner or later my craziness would become helpful.
  8. The easiest way (Without using a wrapper dll) right now to handle a function pointer is to use CreateThread or ThThreadCreate. This creates a thread that might not return depending on what their code does. It would be nice if the developer can hit the abort button and all such threads are killed otherwise you need to end the primary thread.This is a non-issue on the compiled code and is just need to improve the experience inside the LabVIEW IDE. I been thinking of adding code to the abort button to kill these threads.
  9. I view that as a personal challenge. I already learned from Chris that what I want exists but is not exposed. A lack of an export entry is a minor hurdle to overcome. I can generate signatures once I find what I am looking for so the code will keep working unless a major update is done. I need to dig around and figure out how large parts of the IDE work. This is why I suggested a place so I can put this information so no one else needs to repeat what I have done and can pick up where I leave off. When the user hits the abort button in the IDE I want the threads they created to be kille
  10. I have been waiting for this "fundamental redesign" and it doesn't look like it's coming out this year.
  11. I am starting to dig into the undocumented LabVIEW functions. I am sure some of us have little crumbs of information from NI and other have figured things out on our own. How can we round up this information so we don't keep repeating ourselves? Currently I am working on the thread management functions and how the IDE is notified of them so they can be aborted. At some point in time I saw a wiki but that seems to no longer exist.
  12. Its great for showing 2d Arrays. I said X-Y intensity graph it's just called intensity graph. Just feed it a 2D array and the values in the array are shown as colors based on magnitude. Look at my mandelbrot explorer for the basics. Attached is another example I wrote for my RF Explorer (Handheld Spectrum Analyzer)
  13. I display internally using the X-Y intensity graph (Limited to a 8-bit palette) Once I get what I like I apply filters and render to a png. I did these before I started using the vision toolkit for my job. Vision Toolkit makes angry Fred. Someone at NI decided when you create image spaces to give them string names to mask the pointers but let's still treat them as pointers. This part isn't bad until you realize any time you use an imaq image it does a linear search using string compare. This easily adds milliseconds to any vision function you wish to use. F&$(ING LAZY M$TH&R F%%
  14. My best friend runs the Large Scale Systems Museum in New Kensington, PA. I should have posted this last week when I received it but better late then never. If your in the area feel free to stop by. Most of you have heard of the Large Scale Systems Museum, a public museum in the Pittsburgh area that is focused on minicomputers, mainframes, and supercomputers. LSSM opened its doors to the public for the first time in October of 2015, coinciding with a city-wide festival. We have been doing tours by appointment since then, averaging 3-4 tours per month. On April 30
  15. I don't know where else to hang out at. The NI forms feel uninviting. According to the April 2016 TIOBE index LabVIEW is in slot 37 just under RPG and up from 42 in July 2015.
  16. These attractors show sensitive dependence on initial conditions so it shouldn't be to far of a stretch to call it inadvertently generated. Part of my collection of computer generated art I have done in LabVIEW.
  17. I have been mostly away on vacation and loaded with work for the last month and a half. However some progress has been made. An update showing off some of this will be put up in the next week or two. PE Loader Progress Load and execute exe from memory if ImageBase does not conflict- 95% (FInishing up some debugging on the Import Directory) Load and execute exe from memory with conflicted ImageBase but has Relocation Table - (75% ) Load DLL from memory and call functions - (65% need to finish work with Relocation Table and add code to call DLL Entry Point) Load a
  18. CopperD

    Smash Call

    Don't forget the LabVIEW Home license and that targets the hacker crowd. I have reported the buffer overflow to NI. It is fairly minor so I don't think they will care but let's see. It is more of a neat trick for me. I'll guess I'll need to find a new way to load the EIP once they patch it. It's like eating my own foot. Maybe I'll get some commendation if I find enough exploits.
  19. CopperD

    Smash Call

    Academic license what makes you think that?
  20. CopperD

    Smash Call

    The function can be any executable code in program memory. To my knowledge this is the first buffer overflow attack against LabVIEW. It could be abused to run unauthorized code but I see this as rather unlikely. I did find several other buffer overflows that evening but none as easy to exploit for my purpose. (Not all buffer overflows lead to changing EIP) I just wanted a way to call a function pointer natively but now my curiosity has been peaked. A video would be a good idea. I do agree that this is useless for > 99.9% of LabVIEW developers. That why I posted it under the lounge.
  21. I have had no issues installing NI software back to 2012 on Win10. This includes vision and PXI. You dont normally need the pxi service. So far all the times I have seen a Win10 machine freeze has been due to bad hardware or drivers.
  22. CopperD

    Smash Call

    Now that I am no longer crazy busy at work I created my dream LabVIEW function. Call function pointer using no external libraries. I call this function smash call as it smashes the stack using a buffer overflow I found in VISA open. It currently is a one way trip as I didn't do anything to fix the stack. Attached are some pictures. It's going to be a part of the DCG library so I'll include it in my next update. I have the example calling command line but you can make it do whatever you want. If you want to use compiled code loaded from a string you will need to use VirtualProtect to set th
  23. I always copy and paste my vi descriptions into google and see what it thinks. This with a non-modal description editor would save a lot of time. Who would've thought that someone would like to look at the code while documenting it.
  24. I really want this to turn your code from a nice solid block of steel into something with the constancy of runny applesauce. Feature Creep! PE32/+ Analysis Emulated PE32/+ loader (Why limit yourself to code you have source for?)​Performs memory allocations and base relocation Run exe applications internally Call dll functions internally I'll be posting this update sometime this week.
  25. You'll never get a silky smooth pan once you start to zoom in so I didn't use the mouse drag. I was planning on having the scroll wheel for zoom but didn't put it in. If you're saving large images it takes much less overhead to use bmp. I was using the netpbm format internally for drawing gigapixel images. A nice popup box for saving so you can select the format and size would be a great addition. The other feature I removed was creating frames from a starting point to an ending point so you can create a movie. Optimizations Don't redraw known points Cardioid and Bulb Checking - Manl
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.