DominantColor: Calculating the dominant color in an image

win7-taskbar-icon-highlight

Taskbaricon mouseover highlight

First things first: Happy new year! I am sure 2016 will be a great year! Next up: DominantColor. It’s a project for calculating the dominant (hue) color in an image.This is something that took some research as I was building JeS Multi-Monitor Suite. The taskbar in Windows 7, 8 and 8.1 implemented a similar feature showing the dominant color as a highlight when you mouseover the taskbar icon. Continue reading

DevOps! And the road towards it…

DevOps! A must for modern software development, right?! You would expect most companies are already moving towards this new way of working. Why? Because software development needs to be more agile. Say you have a new customer, he wants a demo of your application but he also wants to see that one new feature. The software release that contains that feature is scheduled to be released in 2 months. Though, that specific feature is already “done and ready”. You ask the developers/administrators if they can put together a demo of that feature.. At that moment the devs and administrators are getting nervous. Everyone checks in their code to one single code branch so how are they going to demo that specific feature? Maybe on a laptop of a dev that still has a stable (*kuch* compiling) revision? This is where we have to change the way we develop software. 
Continue reading

Yara.NET – A .NET wrapper around Yara

Today I publish Yara.NET – A C++/CLI .NET wrapper around the Yara 3.4.0 library. It enables you to use all the Yara functionality that the native C lib exposes in .NET! Yara.NET API was inspired by the Python API and has thus a somewhat similar API. Why is it built in C++/CLI and not C#? Because building a wrapper library in C# around a native library is a pain compared to using C++/CLI. Using C++/CLI you can link directly against the native lib and use all of the existing header files without the need to redefine every function using PInvoke..

Continue reading

.NET, PInvoke and memory corruption

Screenshot 2013-10-26 11.23.38

Figure 1, .NET Pinvoke memory corruption

Today I ran into some old screenshots of a problem I was having in 2013. Interesting problem! I was trying retrieve a piece of data that was located in another process memory space using the ReadProcessMemory API. I defined the API using PInvoke(Platform Invoke), a technique used to call native functions from .NET. The issue I was having was that only under Windows 8 I was getting a NullReferenceException and initially I had no clue why. Continue reading

Pandora’s Box – Level 4

Level4, time for some crypto and reverse engineering.. Level 4 is a binary which decrypts encrypted files with a password, and of course an example binary and password are given. Putting some random data in a file and trying to decrypt that results in a message that the file is invalid or corrupt. This suggests that the binary has some kind of checksum algorithm to detect if the file is valid. Let’s take a closer look at the binary..  Continue reading

Pandora’s Box – Level 2

So! We got passed level1 and now have a basic shell. Whats next?! In the home directory of level1 we find two files: level2 and level2_readme.txt. The readme files tells us to run level2 with the command “socat TCP4-listen:53121,reuseaddr,fork EXEC:./level2” and connect to it using something like netcat. When connecting to it, we discover it’s some kind of note manager. We can store up to 10 notes and have some commands available to create/ write/ read and delete a note. Continue reading