fasmcon 2007

LocoDelAssembly entered the room.
You are in Hypervista Tech Chat.
There are 4 people in the room.
LocoDelAssemblyand now with the full nick :P
sleepsleepLoco Deletes Assembly?
MHajduk"Crazy About Assembler"
LocoDelAssemblynop, Loco del Assembly
LocoDelAssemblyGoogle translates as "The crazy person of the assembly"
MHajduk"Assembly Fanatic" :D
sleepsleepic , thats cool
sleepsleepfanatic :P
LocoDelAssemblythe webcast is working for you?
Biterider entered the room.
MHajdukHey, awake-awake there... LOL
MHajdukHello, Biterider.
Biteriderhave you video output?
MHajdukNo. :)
LocoDelAssemblygood news :P
MHajdukYou have more time to prepare now... ;)
alliewhat time is it where the meeting is???
BiteriderI hope soon //0
MHajduk13.46 (Poland) is the same as in Czech Republic
Biteriderit was planed for 12:00, right?
asm entered the room.
MHajduk12 UTC = 14.00 "our" thime (I suppose, I'm right)
MHajdukHello, asm. :)
Biteriderahh OK... in aprox 10 mins
asmwhat is this ?
Biterider has left the room.
asm has left the room.
asm entered the room.
asmmy connection is down
MHajdukQuotation from MazeGen's post: ""25th, Saturday The conference starts at 12:00 AM to 5:00 PM UTC (2:00 PM to 7:00 PM CET).
asm5 minutes
hypervista_IE entered the room.
hypervista_IEhhi guys
MHajdukHello, HyperVista. :)
hypervista_IEwe just getting ready
hypervista_IEremember there is about a 15 sec delay in the video
hypervista_IEhi allie.. eveyone, allie is my daughter
MHajdukWe know...
asmhi allie
sleepsleepi gtg, will come later
sleepsleepsee u guys
asmsee you
sleepsleepgreeting to all
sleepsleep has left the room.
MHajduk"see" you ;)
alliei thought u said 7:00...its 8:00
hypervista_IEhi guys, vid here
asmmaybe //30 or //31
MHajdukHello, vid. Where is vid(eo)?
hypervista_IEyou can't see it?
LocoDelAssemblyyes, it works now :D
MHajdukYes, I have chat, but no vid(eo)...
LocoDelAssemblyhello to all there
LocoDelAssemblytry again MHajduk
asmok good to me
asmpress play
MHajdukOk, I can see you!
MHajdukBut I have to open stream in other videoplayer...
hypervista_IEsorry allie, i'm quite busy setting up. will chat with you in a little while
hypervista_IEhello MHajduk
hypervista_IEgreetings LocoDelAssembly
MHajdukHello, HyperVista!
hypervista_IEHi asmfan
LocoDelAssemblyHi, HyperVista :D
LocoDelAssemblyHyperVista, did you drop the webcast?
asmi'm not asmfan //6
asmnow video is down
hypervista_IEvideo camera was accidently turned off ... getting it back up now
hypervista_IEvideo should be coming back up now
hypervista_IEyou will need to press play on the media player
LocoDelAssemblythanks ;)
asmwork nice
hypervista_IEallie, can you see the video?
MHajdukIs it Tom Tobias?
asmok i go tu buy cigarettes
hypervista_IEhey guys, f0dder here... we
MHajdukWhy presentation isn't transmitted directly to the stream (instead by camera)?
hypervista_IE\re playing around with camera settings and stuff
asmwhen start the film ?
hypervista_IEcan you watch the video stgream right now?>
MHajdukHello, f0dder. :)
LocoDelAssemblyyep, hji f0dder :)
MHajdukYes, I see you now. :)
hypervista_IE+")"damn, unfamiliar keyboard layout :_)
hypervista_IEhm, the stuff from the projector seems to be pretty unreadable?
MHajdukYeah. :(
LocoDelAssemblyyes, it is too bright
MHajdukI think, that presentations should be transmitted directly to the stream (without camera)...
LocoDelAssemblyor just decrease the brightness of the projector
hypervista_IEtheres about 15 seconds delay or so on the video streeam
hypervista_IEwell, in the room where were present it looks very bright, but its a bit difficult to get it decent on the camera
LocoDelAssemblywell, is less delay than the last time :D
don_s_testing_machine entered the room.
MHajdukHmm... this looks better...
hypervista_IEwe're moving the room around a bit to get better video .. sorry for the delay guys.
don_s_testing_machine has left the room.
MHajdukSome higher mathematics... ;)
LocoDelAssemblyyes, you do you resolve that?:S
LocoDelAssemblyfirst "you" is "how"
MHajdukToo many variables... :)
vod entered the room.
MHajdukHello, vod. :)
vod has left the room.
LocoDelAssemblyyou offended vod and he left the room :P
MHajdukHe he .. LOL
asmi smoke
MHajdukI don't smell it...
asmmy cigarettes is very light
MHajdukHehe :)
asmwho is this man?
MHajdukTomasz Grysztar
MHajdukAnd we know now, that the Earth is flat... ;)
MHajdukIcon of the FASM...
LocoDelAssemblygood drawer as well :D
sleepsleep entered the room.
vid entered the room.
sleepsleepback :)
sleepsleepyo yo yo
hypervista_IE has left the room.
MHajdukHello, vid. :)
sleepsleepfirst time to join u guys interactively
sleepsleepis there sound for the video? running this inside vm
vidsleepsleep: yes
sleepsleepsombody should cough a little bit :P :P
sleepsleepman, the cam so SMOOTH!!!
sleepsleephard to believe
sleepsleepomg, hear u guys
vidvideo is about 20-30s late
sleepsleepthis is VID :P
sleepsleepi c, tom :P
vid is the video quality and sound decent enough?
asmwhat is ?
sleepsleepso COOL
vidwe're recording on camera as well in better quality, might be able to put that somewhere later on after some editing
vidvid back here again
vidi will be moderating this chat, so keep on topic ;)
asmwho is this man?
vidtom tobias
sleepsleeptom tobias
sleepsleep^^" no wonder :P he knew so much
asm//62 //15
allie//59 //52
0_1 entered the room.
sleepsleepyo yo
MHajdukHello, 0_1. :)
0_1Hi all!
MHajdukShould the motherboard be always flat? We could think about 3D motherboards...
sleepsleepBill Gates (famously) thought 640 Kilobytes RAM would be enough for anyone
0_1a newbie question (sorry!) who is the mr. x, who is giving a presentation now?
sleepsleeptom tobias
vidtom tobias
asmtoday the school is empty
asmit's holiday
vidpost question here if you have some
sleepsleepwoops? the cam stop
viddoesnt for me... isnt it your client?
0_1r u guys also in class room
sleepsleepnormal back
vidtry reconecting?
vidi say, it does still work for me
sleepsleepok already
MHajdukQuestion: Why we don't build processor with only one instruction? I know it's theoretically possible. :)
vidmhajduk: only real questions please :)
0_1guys plz listen to Sir!
MHajdukIt's real question. I saw somewhere theoretical project of such processor. :)
MHajdukEvery instruction could be defined by sequence of one specific instruction. Really. :)
vidok, but it isn't releated to this topic
asmwho is this boy?
sleepsleeplol, my office also use that projector
sleepsleepshould put some curtain on the window
f8 entered the room.
MHajdukConference should be in the cellar. ;)
asmya ,next to wine bottle
sleepsleepwats da topic for current presentation?
vidXMM as general purpose register
MHajdukasm: :D
vidand using SIMD with GPR
asmwhat is gpr ?
LocoDelAssemblygeneral purpose register
vidgeneral purpose register, like RAX, RBX, RCX, RDX, RSI, RDI, RSP, RBP
asmok ok
Artlav entered the room.
vidhi artlav
0_1dear Madis, be confident, and do not jerk
Artlavhi vid and all.
vidmadis is presenting his "XMM as GPR, SIMD with GPR"
vidyou missed tom tobias :)
MHajdukHello, Artlav. :)
rCX entered the room.
sleepsleepone question, if we start using xmm as GPR, then wat is the purpose of GPR? (like, when to use them?)
alliebye ppl
sleepsleepbye allie
allie has left the room.
vidsleepsleep: hope that answers your question :)
sleepsleepk, thanks
0_1plz guys, ask madis to write an article/tutorial about this topic
vidokay, remind it when he finishes, i dont want to interrupt him now
asmmy computer does not have sse
sleepsleep486? asm :P
asm has left the room.
asm entered the room.
0_1 has left the room.
0_1 entered the room.
asmconnection problem
MHajdukQuestion: In which program Madis measured number of clocks of these algorithms?
asmrdtsc it's no a program
0_1so what?
0_1is not it most precise?
rCX has left the room.
rCX entered the room.
asmmhajduk say ,wich program
MHajdukThanks. :)
vidasm: no program, he simply had his own application which did movement to measure time and display it
0_1vid u need a haircut (sorry!)
asmfor precise calculation only rdts it's not enough
vid0_1: no problem, your opinion doesnt matter to me :) but keep on topic
vidasm: its error is small enough for these tests
asm//40 vid's hairdresser
vidasm: please keep on topic, you can create a blog about my hair if you like
0_1i think madis u r right, xmm should be the future, actually they are the future
0_1there was no xmm in older cpus
asmmaybe among 15 year
0_1if we do not consider size at all
0_1is xmm also the fastest
0_1i heard all xmm are done in or under 1 cycle
asmyou must load 128 bit
0_1that's size
asmbetter 8 bit or 16
rCXGPR were General Purpouse Registers?
asmplease test yourself
0_1madis is the xmm also fastest
sleepsleepvid presentation fasmlib :P
vidhey, f0dder here while vid is doing his presentation
0_1 has left the room.
vidXMM is very fast when you need to process large amounst of data
sleepsleeplol, thought vid got 2 souls :P
f8somebody has problems with the video
vidisn;t the video working properly?
LocoDelAssemblyyep, me
vidremember that there's quite a bit of latency on it
sleepsleepavatar chain reactions
LocoDelAssemblyIt freeze at times, and sometimes it starts with "buffering..."
vidloco: you're having problems?
sleepsleepmaybe u could temporarily kill ur torrent client :P Loco
f8yes it freezes time to time
vidyou could try restarting your browser and connecting to the stream again
vidif that doesn't help we might have to have don look at the streaming settings
asm hugs
asm kisses
asm kisses
sleepsleep status report cam works fine here
LocoDelAssemblymaybe is my problem
asm//21 //21 //21 //21
vidloco, how fast (and stable) is your internet connection?
LocoDelAssemblylet my see what is doing my fucking brother :@
vidI think we're streaming at around 300kbps?
LocoDelAssemblymy brother with youtube....
vidkill him then, youll need around 300kilobit to stream it
vidI hope there arent other problems
LocoDelAssemblyit is a 512 kbps connection that works stable at ~400 kbps
vidthat should be enough if you don't have any other tranfers/whateveer going on
asm has left the room.
vidhajduk: pong
LocoDelAssemblysince I already killed him now works fine :D
f8strange the video freezes but the sound is ok
MHajdukf8 Is there cold? ;)
vidf8: can you right-click the media player control and check the statistics?
f8actually it is quite hot in here ;)
MHajdukHehe :D
f8strange there are no lost packets
vidwhat does it say about your internet connection and the video bitrate?
f8maybe there is some software which is causing the problem
vidI'm happy the thing works at all, btw, there's no cabled internet connection at the hotel, so we'er using some t-mobile wireless hotspot
vidis the sound coming through okay for you people? Is it loud & clear enough?
f8the sound is fine
f8and the video is ok too only tiime to time the is some freezes
vidf8: like a short freeze and then it continues, or do you have to reconnect?
f8not very short
MHajdukSound is excellent. :)
f8the actual rate changes from 30 to about 7
vidhm, that's weird
f8now the video is ok
vidI think there should be enough bandwidth, we're streaming from the hotel to the relay server at hypervista-tech
vidquite happy the the powerpoint thingy is readable, we had a lot of problems wgetting the lighting right etc
vidI just counted latency, it's around 20 seconds... not too bad
rCXwho is speaking right now?
vidvid's speaking, f0dder sitting here typing
Artlav has left the room.
0_1 entered the room.
0_1is GUI also possible in FASMLIB
MHajdukQuestion: Do you plane implementing regular expressions processing?
0_1i mean in futur
vidremember, 20sec latency, vid is answering questions now :)
vidokay, any further questions? :)
0_1thanks vid
MHajdukThanks. :)
Biterider entered the room.
0_1will FASMLIB have efficient algorithms for general uses
0_1ie. sorting and other stuff.
0_1since in asm it's most efficient
vid0_1: asking him in a few seconds
vidanswering now
MHajdukYes, some 'sort' procedure (as in PERL) would be nice. :)
0_1tell him that really imp. task in asm is efficiency
0_1of speed
sleepsleep back
Artlav entered the room.
sleepsleeplol, u tube
vidthis is feryno
ArtlavWhat is on the schedule?
vid0_1: speed is important regardless in language, and is just aj important in asm as in C++. But it is not important everywhere, and sometimes some other things are more important
0_1sorry to differ vid
0_1every body uses asm for efficiency (speed!)
vidnot really
sleepsleepfor fun, hobby, arts too
0_1unless an adict or hobbist
MHajdukAssembler has very simple syntax (almost none). ;)
LocoDelAssemblyfor accessing architectural parts not available with HLLs, etc
vidand even though most of them do, having fast app doesnt mean that 100% code should be as fast as possible
vidfor majority of code, you dont even need to optimize, and speed will be virtually same
0_1but a fasm lib is ought to be most powerful
0_1isn't it?
Artlav has left the room.
sleepsleepwindows even goes to invent sleep(ms)
0_1see it this way
0_1no GUI
MHajduksleepsleep(ms) ;)
0_1no regex
0_1no PLATFORM independance
0_1no frills
0_1and sad, no efficinecy
vidbut it can save you hours of programming in real applications
0_1so can C++ lib
vidwhen you need to format output you can make it in one minute, and then use rest of time to make the real bottleneck faster
vidC++ lib cannot be used in asmin normal way
0_1why use asm? efficiency?
0_1or simplicity?
0_1that was asmlib? in above ques.
sleepsleep=code detail and clarafication, knowing wat underneath
vidin the beginning i explained that assembly library is not very usable for real application development. it is for those who still want to do entire app in asm - hobbyist, students, etc..
0_1may b i'll tale you guyz later
0_1lets c what mr. x is sayin
MHajduksleepsleep: Yeah, clarification and obfuscation in the end. ;)
rCXgtg (breakfest)
rCX has left the room.
sleepsleeplol 10:26 pm here
MHajdukQuestion: What are main differences between your debugger and OllyDbg (I mean advantages)?
vidthis is NOT about FDBG, but i will ask anyway
MHajdukOk. Thanks. :)
Biteriderwho is speaking now?
SvedigDværg entered the room.
vidyeah, he's here... english please :)
MHajdukYou're Swede?
SvedigDværgSorry :$ Im danish
sleepsleepwin64, use KERNEL32?
MHajdukI was misleaded by your nick. :)
0_1 has left the room.
SvedigDværgIt means sweaty dwarf..
MHajdukAha... LOL
SvedigDværgIm sorry tired and I miss Sune :(
mandeep entered the room.
SvedigDværgim sorry, im so tired* christ..
SvedigDværg has left the room.
MHajdukHello, mandeep. :)
mandeephi all
Henriette entered the room.
LocoDelAssembly is currently away.
LocoDelAssembly is back again.
MHajdukHello, Henriette. :)
Henriettebuy sune some internet plz
vidhenriette: hi, greetings from sune and all of us :)
Henriettethank you :)
vidi am letting sune to this computer with internet
HenrietteOh my
LocoDelAssembly is currently away.
MHajdukQuestion: Is there any programming trick, which may break debugging in FDBG (As we could do with OllyDbg)? ;)
MHajduk has left the room.
MHajduk entered the room.
f8 has left the room.
MHajdukThanks. :)
LocoDelAssembly is back again.
MHajdukQuestion: How FDBG treat self-modifying code? Could you debug such programs?
vidtheyre trying to fix the screen garbling issue now
vidanswerign now
MHajdukThanks. :)
mandeepa general ques: Is it better to debug for asm code or a HLL code?
vidmandeep: do you mean whether FDBG is better for HLL or ASM code?
mandeepno generally
mandeepi mean generally, which is more suited?
vidfor writing the debugger, or the code being debugged?
mandeepfor debugging an .EXE
vidhmm, can you rephrase the question? I don't understand it :.
LocoDelAssemblyhe means if in a given program written in an HLL it is better to debug it in HLL level or assembly level
vidokay, one second
mandeepif a code was written in asm/HLL it is easy/hard to debug, especially when i do not have the code, only .exe. And what if i have the code?
Sfeli entered the room.
mandeepin particular my ques. is: Is it helpful in debugging if the code is in asm or if you know asm?
MHajdukHello, Sfeli. :)
vidwell, if you don't have source, you will be debugging in assembly mode
vidwhether using a high-level debugger for high-level code is useful or not depensd on your own personal preference :)
vid(still f0dder in front of the computer btw)
mandeepthx guys.
vidhope your question was answered and that we understood it correctly :)
mandeep has left the room.
sleepsleep too tired,
vidpersonally, I use assembly level debugging sometimes even when writing highlevel code
sleepsleepwatch recorded version later
LocoDelAssemblyme too, OllyDbg is soo sweet :D
LocoDelAssemblybye sleepsleep
sleepsleep has left the room.
vidI think FDBG is going to be pretty sweet as well once its a bit more polished - work on olly is going very slow
LocoDelAssemblybut FDBG does work with 32-bit apps?
vidjust a sec
vidamswering now
MHajdukQuestion: Could FDBG save disassembled code?
LocoDelAssemblythanks, didn't know
vidso only 64bit code, and debugger not disassembler
vid(he means 64 when he says 46 :))
LocoDelAssemblyAhp, I heard wrong, so only 64-bits
MHajdukThanks. :)
vidyeah, 64-bit support took him quite a while, so he's focusing on that... requires some more work on the disassembly unit as well as other things to also support 32bit
rCX entered the room.
Sfeli has left the room.
vidseems like OpenOffice isn't too good at handling microsoft powerpoint slides, sorry for the very garbled screens
LocoDelAssemblyhohoho, this one is really messed :P
LocoDelAssemblyupload it to gmail and then use the link "view as HTML" ;)
Biterider has left the room.
vidI hope that we can get the video edited a bit and uploaded somewhere later no
Biterider entered the room.
f8 entered the room.
MHajdukf0dder: Place them in YouTube. ;)
vidhaving connection troubles?
vidhajduk: we'll figure out something :)
vidI hope this chat text can be saved... I think it can, but probably doesn't have timestamps
LocoDelAssemblyyes, you can save it but as plain TXT and without timestamps
MHajdukA year ago chat was saved and placed on FASM forum.
vidwe need a better chat system for the next conference
LocoDelAssemblyI'll try to dump browser memory to see later how the format could be recovered
vidI guess something IRC-based would be a good idea, as long as we can find a decent web applet for it as well, so everybody will be able to connect... but that'll be for next year
vidthe only-break-on-branch thing for debugging is VERY useful btw
vidbecause your traced code won't be interrupted on every instruction, thus running faster
vidgood if you want to unpack something and try automagically finding original entrypoint
LocoDelAssemblyis this feature supported on all Athlon64?
vidshould be, can't remember exactly when it was introduced, but I think it was in early pentium and athlon machines... I even think my 700mhz slot-A athlon supported it
vidtech manuals from intel and amd should tell
viddunno if theres any public projects using this feature, but I know of a few private ones that do
videarly pentium-4 machines I meant, sorry
vidhajduk: pong
LocoDelAssemblyi'm reading AMD64 manual to see how to detect the presence of this feature to later test my slot-A 750Mhz Athlon :D
vidyou'll need some driver code, or booting to dos/whatever, but it's not too difficult :)
LocoDelAssemblyahp, no CPUID way to detect the feature?
vidhm, good question, been years since I messed with it - i;ll ask feryno, sec
MHajdukFeryno is the real Marathonian. ;) Respect for endurance. :)
vidperhaps cpuid, check the SIV program linked on wikipedia's CPUID article
vidyeah, he has a very long presentation, I hope you guys enjoy it as mcuh as me :)
Henriette has left the room.
LocoDelAssemblythanks feryno!!
vidI think it was a pretty good overview
vidmadis back again
vidI think he wrote the presentations for openoffice, they dont look all wrong :)
vidloco: vid looked through the intel manuals, it doesn;t look like theres any CPUID detection for trap-on-branch, so youll probably need to check for cpu family and stepping instead
LocoDelAssemblyyep, I don't find much information on AMD64 about detection neither :(
MHajdukQuestion: Is there any possibility to transfer some lack drivers from Linux to MenuetOS?
vidill ask in a sec
vidoh, tom interrupted, doh
LocoDelAssemblyf0dder: ----------S000001DB-------------------------- MSR 000001DBh - Pentium Pro, PentiumII - "LASTBRANCHFROMIP" Desc: stores the address from which a branch was last taken SeeAlso: MSR 000001DCh
LocoDelAssemblyso yes, the feature is ancient :D
vidhm, already implemented back then?
vidhajduk: ill ask your Q as soon as it's natural to do so, so i dont interrupt him
vidgrmbl, tom tobias interrupting again
vidoh well :)
LocoDelAssemblyI took that from http://www.oopweb.com/Assembly/Documents/InterList/Volume/MSR.LST
vidloco: that MSR just stores the last branch addr though, not the feature that traps on branches, though?
LocoDelAssemblysee MSR 000001D9h - Pentium Pro, PentiumII - "DEBUGCTLMSR" DEBUGGING CONTROL in that link
vidwant me to bag up tom tobias and dump him in a river? ;)
MHajdukHehehe... LOL
Biteriderbut he has a point
vidyeah, he does, but he keeps on repeating himself and interrupting... anyway, got a chance to ask the questoin
LocoDelAssemblyjust bug up him when he start complaining about XOR :P
MHajdukThanks. :)
Biteridervid... who is on your side? is it fOdder?
vidf0dder's me (dunno how to change nick on the chat), im in the black+red slayer tshirt
vidhope your question was answered, hajduk :)
MHajdukYes, thanks. :)
vidbut basically, no you cant just move a driver, it needs more or less a full rewrite
MHajdukYes, agree. :)
vidsituation is pretty nasty with wireless for anything but windows, damn hardware manufacturers and their unwillingness to let you use the firmware blobs
MHajdukIf MenuetOS would be developed by some company... situation may be better. But then it won't be free?
vidi dont think any company would be interested in doing so... even a thing as big as linux has problems and has to use windows drivers + NDIS wrapper to have proper wireless
vidyoud really need a commercial company with closed-source drivers and money enough to get attention, and then youd need to sign some nasty NDAs
MHajdukIt's sad that such good ideas aren't supported correctly. :(
vidi dont personally care much about menuet, but I agree that the driver/spec sigtuation in general is very bad
videven reduced specifications that only let you use basic features would be nice
vidbtw, could a couple of you guys save the chat log every once in a while? just so we don't lose it if there's some acciedent or whaever :)
LocoDelAssemblyI'm sending regular pings to prevent that but yes I'm saving a copy now
MHajdukUnfortunately, I had to re-login in the middle of the conference (error in Java applet).
f8 has left the room.
LocoDelAssembly647 lines so far
vidive saved a copy as well, the more the merrier :)
MHajdukI have an idea for Ozzy: to write program in FASM for chatting for next conference. :)
vidwell, I think just using IRC would be a good optoin
MHajdukYes. I wonder, why most of the suggestions comes at the time of the conference, not before? ;)
vidany questions for madis about menuet/kolibri/etc?
MHajdukTom... ;)
vidhajduk: we need to get a bit better at planning i guess :), this is only the second conference, and the first one i've attended
vidhehe yeah tom is a bit of a blabbermouth
BiteridermenuetOS32 will not be developed anymore?
vidsec, will ask
vidsec, will ask
vidis the stream still working for you guys?
MHajdukWith FASM and OS fully written in FASM we could be completely independent. :)
MHajdukWorking, so far.
vid has left the room.
hypervista entered the room.
hypervistajust a second guys, monitoring computer vid and f0dder are using is glitching
MazeGen entered the room.
MazeGenHi guys. We've got some problems with our primary internet connection so we have to repair it now :(
LocoDelAssemblythe video stills working great
MazeGenoh, ok :)
MazeGenwe are now preparing for HyperVista and vid's presentation
LocoDelAssemblyMHajduk, you can use /ping command ;)
MHajdukThanks. :)
LocoDelAssembly-- roundtrip: 625 ms.
LocoDelAssemblypretty slow :S
MHajdukSlow? My is 735ms.
hypervista has left the room.
MazeGenthezre in the process of adjusting the camera now
Homer entered the room.
MazeGenstarting now, dunno how much latency we have, hope everything is set up correctly :)
MazeGenchrist, this secondary connection is very slow and unstable, I hope the connection used for the video stream works okay for you guys
rCXseems fine
MHajdukVideo quality is ok.
LocoDelAssemblyyes, works fine
MazeGengood, lets keep our fingers crossed
MazeGeni can hardly monitor the video from here :s
MazeGen(f0dder here again btw)
MazeGenah, appearantly the reason this secondary connection is slow, is that we're running off mazegens cell phone :)
MHajdukQuestion: Could we make hyper-hypervisor? ;)
MazeGenlike nesting?
MazeGen"it has been done actually"
LocoDelAssemblyyes, it is possible but the outermost hypervisor must emulate SVM
MHajdukThanks :)
MazeGenit's tricky, and you end up playing the cat-and-mouse game if you want to make an undetectable hypervisor
MazeGenstill working? :)
LocoDelAssemblyI had few problems at the same time you asked but surely its a local problem and works fine again
MHajdukQuestion: I suppose, that your Hypervisor will be the first commercial program written in FASM in the market? Am I right?
MazeGenwell, this secondary connection is running off mazegens cellphone, so I cant follow the video stream very well
MazeGenhajduk: the first one I\ve heard about at least
MazeGenbut theres a BIOS hacking/reverseengineering book that makes a lot of mention of fasm
MazeGengood part coming soon :)
Homerthey have changed it - they deprecated the macro support, and introduced new bugs
MazeGenyeah, even if tom tobias doesnt believe it :_
MazeGenhomer from the asmcommunity board btw?
MazeGenwelcome :) - too bad I forgot potsing a note about the conference on the asmcom board forum :(
HomerI am sure there would have been other interested parties - oh well
MazeGenwe'll try getting an edited video posted somewhere after the conference
MazeGenbut of course a bit more input and questions might have been nice
Biteridergood idea
MazeGenwe might even mix in some non-conference video stuff, hehe
MazeGen.cz has nice beer ;)
MazeGenif you can hear a baby in a bit, it's Feryno's daughter :)
HomerI was wondering :P
MHajdukYoungest conference participant. :)
MazeGenhaha yeah :)
MazeGenthe various girlfriends have been on a girlie trip during most of the conference
MHajdukFirst FASM family conference. ;)
MazeGenit's been a nice pre-conference as well
MazeGenI (f0dder) arrived thursday, most of the others during fri/sat
MHajdukQuestion: Aren't hypervisor "suspicious" for any anti-virus program?
MazeGenhajduk: ideally, the antivirus wouldn't even be able to see that it's running in a hypervisor
Homeraint there a sysinternals patch for allowing windebug to work across a lan?
MazeGenthere's some timing-attack ways to detect it and other trickery, but it's dirty stuff
MazeGenhomer: if you can find info on somethingl ike that, PLEASE let me know, it could be pretty nice
MHajdukYeah, but I was talking about compiling sources under Win.
HomerI am sure I read it on their page, which as you know, m$ have bought out now
MazeGenhajduk: not that i know of... it's still pretty new stuff and not actively used by malware yet, at least ntohing big and widespread, so... :)
MazeGenhomer: yeah, but aren't must of their old stuff still available?
HomerI just checked google's cache, all I can find is references to DbgView - perhaps I am mistaken, and that tool is what I was reading about
MazeGenwe're looking into alternatives to windbg anyway, since that obviously won't work for debugging large parts of the hypervisor
Homeressentially it just traps messages from WinDebug and redirects them..
MazeGenah yeah, that's completely diff
MazeGensome of the problems you get when doing things like hypervisor dev leaves the system in a very unstable state, so we can't really rely too much on the kernel
MazeGeni want to get some alternative done, like flushing memory to a USB flashdrive (doing our own driver code) or whatever, for those really nasty situations
LocoDelAssemblyvideo is out
MazeGentom mistakenly turned off the camera, so we will have a short output
Biteriderhere too
Homerheh ok
Homercoffee break :)
MazeGenI did that earlier as well, thought it was the zoom dial :)
Artlav entered the room.
MazeGenI could do with some water or beer, it's pretty hot and humid here by now
Biteridercool work guys
MazeGenwe\ll get the video fixed asap
MazeGenbiterider: it's still very early dev, but it _will_ end up as cool stuff :)
MazeGenof course can't talk too much about specifics of the project
rCXquick Question: Does rdtsc command (mentioned earlir) work on an 386? It seems to work in dosbox but wiki suggests that it only works on pentium.
MazeGenvideo should be back any second
MazeGenrcx: iirc it appeared with the pentiums, but a few 486s also had it (undocumented) - x86 secrets might have some more info
MazeGenor sandpile.org perhaps
MazeGenvideo workign again for you guys?
LocoDelAssemblystreamming is working good again
MazeGenheh, getting the camera adjusted for the screens is a bit complicated with the delay and the very bad connection through the cellphone :)
HomerI thought it looked pretty good
Homervery decent framerate too
MazeGengood, at least the primary net connection isn't fucking up
rCXhehe :)
MazeGenwe're on t-mobile wireless, think it's 1/1mbit, and relaying through the hypervista servers
MazeGendunno how much battery is left on mazegen's phone
MazeGenI'll have to talke to vid and hypervista about using sync.exe before loading the driver, hehe
MHajdukQuestion: Hypervisor is projected for secure computer against malware (am I right?), but it could be even more dangerous... ;)
MazeGenhypervisors can be used for malware protection, or things like vmware (although vmware claims that hardware VMX is slower in some circumstances, but that's half marketing, half truth)
MazeGenand yes, VMX can be used by malware as well, which could be VERY dangerous, which is why you should either turn off VMX or have a hypervisor intalled
MazeGenif you turn off the VMX capability it can't be turned on again without a hardware reset, so it's safe
MazeGendoing simple protection against malware is simple enough, but then there's all kinds of attacks involving various sources of DMA and bus reprogramming, which are somewhat trickier to detect
MazeGenJoanna (bluepill project) have written something on this I believe
LocoDelAssemblyyes she did
MazeGenany questions?
LocoDelAssemblyshe shown how to hide a block of physical memory by reconfiguring the memory controller of the Athlon64
MazeGenyeah, very interesting stuff, but nothing I would fear for a generic exploit
MazeGenbut for a really targetted attack where you want to do industrial espionage, it's something you have to worry about
MazeGenvideo still working?
LocoDelAssemblya cell phone is too near of the microphone and it is introducing interference to the audio
LocoDelAssembly(well, it not happening now)
MazeGenok :)
MazeGenany more questions?
MazeGenwell do a panorama view of the people then :)
Homernot at the moment :P
MazeGenwell continue for a bti yet
MHajdukNice girls. ;)
MazeGen has left the room.
LocoDelAssemblyis unsecure saying passwords to the public ;)
rCXvideo is frozen
LocoDelAssemblyworks for me here
rCXnow it works...
f0dder entered the room.
f0ddertheeere, back on wifi
f0ddermazegen is about to do a presentation on his stuff
LocoDelAssemblyBTW, no one of you realized that the password was said with the streaming still functioning there?
f0dderLoco: can you save chat log periodically? I think mazegen accidentally closed the chat running on his machine without saving log
LocoDelAssemblyyes, I'm doing it
f0dderloco, no problem, it's a temporary pass for wifi
LocoDelAssemblyah, hahah ok
f0dderyou'd need to come to Brno within today to be able to abuse it :)
Homera bit out of my current range
LocoDelAssemblyand a good memory to remember it :P
f0dderhehe yeah
f0dderis the sound loud and clear?
Homerlooks like C64
f0dderhehe, I think it's the FAR file manager
MHajdukC64 asm obfuscation. ;)
Homerprotecting our software from ourselves
LocoDelAssemblyyes, it is readable
f0dderyeah, dunno if a white-on-black color scheme would be better, so I think we'll just stick to this
MHajdukQuestion: Do you use blocks of junk code, and if yes is it completely random generated?
Homerhave to go fullscreen to read it properly
f0dderhajduk: sec
f0dderI hope that answered your question hajduk
f0dderhe will explain further about the various stuff
f0dderdamn 20+ sec latency :)
MHajdukThanks. :)
rCXthats clever
f0dderit's good stuff :)
f0dderrelatively simple expansions atm, and you could probably do a compression for it, but once moer tricks are mixed in...
Homerloud and clear, but we have only looked at opcodes that manipulate registers - what about general pointers?
f0ddermore instructions will be added a bit later
f0dderhe wanted to show the basics of expansion first
rCXWill it eventually use differnt (random) tricks for each instruction?
Homerquestion - this expansion scheme looks to be hardcoded - is there any randomness to the expansions at all?
rCXhehe :)
f0dderhomer: well, he did show that there's different types of expansions, but it depends on the RNG, that's why a lot of it looked the same
f0dderthe templates are hardcoded, but the template picked and the immediate values are random
Homerok :)
f0dderexpansion itself isn't THAT bad, but once it's mixed with code rearrangement it becomes harder to do auto compression
f0dderhe's showing the mix now, so youll see soon
Homerlol over 100
LocoDelAssemblyguys I gotta go :(
f0dderhe needs a better initial seed for the prng I think :)
Homerhappy travels
f0dderloco, please save chatlog and email f0dder@flork.dk
f0dderif you have time
LocoDelAssemblyI'll keep this open for logging and I'll try to back soon
LocoDelAssemblyyes, I'll do it
LocoDelAssemblybye for the moment
f0dderah, that'll be ncie too, but pelase email now as well in case of crash whaever
LocoDelAssembly is currently away.
f0dderdamn unfamiliar keyboard layout
f0ddermazegen is the name of mazegen's code morphing thing too, btw
Homerah, the order of operations was rearranged too
f0dderinteresting stuff coming up now as the input becomes more complex
Artlav has left the room.
rCXI imagine this would turn 3 months of cracking into 3 years
Homervery nice - hardcoded values are obfuscated using binary operations
f0dderit does make things annoying
Homermakes searching for them a bit harder :P
f0dderrcx, try googling for informaton on starforce... that's a pretty hard system too
f0dderthey turn x86 instructions into their own 128bit VM etc
f0dderyeah homer, the constant cloaking thing is pretty nice
MHajdukQuestion: Is the code obfuscated such way much slower than original?
Homera few more opcodes, a few more cycles...
Homerbigger and slower by a factor of 2 to 4 by the look of it
f0dderyou probably wouldn't want to enabel this across your entire app, for critical code peices etc, but other than that...
MHajdukThanks. :)
rCXwhat program is he using to step through the code?
f0dderthis makes cross-reference analysis in IDA just about impossible... :)
LocoDelAssembly is back again.
rCX3 jmps in a row!
LocoDelAssemblyI'm back :D
f0dderwb loco
f0dderheh, cute jump chaining going on
LocoDelAssembly904 chat lines so far
MHajdukQuestion: Do you use self-modifying code?
f0dderyou now udnerstand why it's called mazegen? ;)
LocoDelAssemblyhahaha yeah
f0dderhajduk: done :)
MHajdukOK. :)
Homerreturning to self is one thing, but returning to somewhere else is far more interesting..
Homeractually obfuscating the execution flow..
MHajdukQuestion: How about marketing effects?
f0dderi hope nobody would tro to analyze this code manually...
f0dderhajduk, marketing in which way?
MHajdukI mean, do they earn money on service/sell this?
Homerthat was interesting :)
f0dderit's used in a protector
LocoDelAssemblyThanks Mazegen!!
f0dderso you might stumble into code like this if you play with RE/cracking, it's used in the real world already
Homeryep nothing new as such
f0ddertry googling for mazegen+protector
f0dderyou'll see
Homerstill, interesting and entertaining, and educational for some I am sure
MHajdukQuestion: Are there programs, which may help in deobfuscation? Is it possible anyway?
Homercode analysis could be written with some pre-knowledge of the fixed templates
LocoDelAssemblyYes I was wondering if some algebraic analysis can beat this
f0dderit's an NP complete problem loco, so its pretty nasty to do
Homereven with randomly selected templates, we are selecting from a fixed and predetermined set
f0dderyou can't get back to the original code already, but you can do some simplification, it's not easy though
LocoDelAssemblyyes, that what I mean, "optimizing" the executable to the minimal expression posible
rCXyou could probably obfuscate the obfuscated code :)
f0dderrcx: that's what he showed with multientru
rCXhehe :)
Homeryeah, a few passes through the obfuscator would make it hell to reverse..
MHajdukThank you for presentations. :)
f0dderhomer: yes you're right, so instruction reordering IS necessary to make de-obfuscation nontrivial
Homeryou would be obfuscating inactive opcodes etc
f0dderthanks for watching and asking qustionds:)
f0dderand bearing over with my typos
LocoDelAssemblyyou're welcome ;)
Homerthank you guys, that was a great presentation
f0dderhope we can bring even more people next year :D
LocoDelAssemblyplease make sure to keep well the video of Mazegen presentation!!
Homer"and all I got was this lousy tee shirt"
f0dderenjoying the strip show? ;)
Biterider has left the room.
f0dder ) We're streaming pr0n
f0dderwe're off to a pub soon, have a nice evening everybody
f0dder20:22 here, GMT+1
rCXbye! Great Conference
f0dderloco, you got all the text captured?
rCX has left the room.
MHajduk20:22 here too. :D
LocoDelAssembly15:22 here
Homer4:23 tomorrow morning :P
LocoDelAssemblyGMT-3 in my case :D
LocoDelAssemblywhere are you?
Homereast coast
f0dder has left the room.
Homerheh, must be beer time
MHajdukSeems that's end. Bye everybody. :)
Homer has left the room.
MHajduk has left the room.