reverse engineering – How does polymorphic code work on the .exe file

I’m writing a paper on malware and malware analysis and would like to include a bit on polymorphic malware(Code that changes itself), not to be confused with polymorphism is OOP.

My hypothesis is that it changes the function names which change the file signature. So for example I did a test and went into vim and changed some of the function names in my hello world program which was written in c(The actual executable) and it did not change the way the code executed but it changed the file signature.

So am I wrong or is there more to it? I know there’s metamorphic code which inserts instructions and changes the actual flow of the program but I’m just talking about obfuscation and how basic polymorphic code works. If someone could answer me or point me to a research paper that would be awesome!

Web server with dart – Software Engineering Stack Exchange

Stack Exchange Network


Stack Exchange network consists of 176 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Visit Stack Exchange

Negative unit testing – Software Engineering Stack Exchange

Let’s say I have a class like this:

    public class Validator  {

        private HashSet<byte> _validFlags;

        public Validator()
        { 
            _validFlags = new HashSet<byte>
            { 
                1, 3, 4, 7, 19, 30, 47//These numbers are chosen for whatever reason and there does 
                                      //not have to be any logic here
            };
        }

        public void Validate(byte inputToValidate)
        {
            if(!_validFlags.Contains(byte))
            {
                throw new ArgumentException("Invalid argument value");
            }
        }
    }

Now, I want to write unit tests for this class.

Positive unit tests are easy for this. However, how about negative unit tests?

Basically, I want to make sure that if I pass anything but specified seven values to this method, I get an ArgumentException. Would passing all the possible byte values other than these seven be an overkill?

I understand I cannot do that if the type of the argument is long or int or float, but what about byte? It would be fairly easy to write a piece of code to populate a structure with all invalid values and just run the test that would expect ArgumentException for all of them. But, again, is that an overkill, both in terms of time needed to write such a test and the time required for that test to be executed (there could be tens or even hundreds of tests like these)? Should I just pick a few invalid values here? I am worried about allowing possible invalid values to pass through the validation because I did not cover them in my negative unit test.

I would appreciate any opinion on this topic.

reverse engineering – How was this picture of a model on a boat with a sunset in the background created?

There’s a definite “HDR feel” to the photos, but I’m not sure if any actual HDR / exposure blending tricks have actually been used — it might just be strong curves and saturation adjustment, combined with odd lighting.

  • The photo has been taken against the light, but with the sun low in the sky and behind a layer of clouds, which will tend to diffuse the light and somewhat reduce the contrast difference between the foreground and the sky. I suspect that’s really the most important “trick” here.

  • The photographer may have used a polarizing filter to darken the sky and the reflected sunlight off the water. There may also have been a fill flash involved.

  • It’s pretty likely that the luminance curve has been adjusted to add contrast to the shadows (possibly using something like the Photoshop “Shadow / Highlight” tool, rather than by directly editing the curve), and the color saturation has obviously been increased.

    It’s possible that some of the adjustment may have been masked to affect only the foreground, but it’s hard to tell for sure. The images could also be exposure fused composites, with the sky and the foreground taken from separate bracketed images (or the same RAW image with different exposure corrections), but I actually suspect that, in this case, they’re not (see below).

  • Looking at the sky, especially in the second picture, you can tell that the highlights are pretty badly clipped, and it appears to be a sharp “digital clip” rather than a smooth “film clip”.

    I would consider this a flaw (even if it does add somewhat to the “dramatic” contrast), but it also suggests to me that the photos have probably not been processed too much (beyond the obvious contrast and saturation boosts) — or, alternatively, that whoever post-processed them wasn’t skilled enough to handle the highlights properly.


Anyway, here’s a quick example of how to post-process such images to bring out the foreground. The original image is a quick snapshot I took from a boat against the sunlight, with no fill flash, using a Nikon D70s at ISO 200, f/6.0, 1/8000 s. It lacks the dramatic sunset colors, but does illustrate the general issues with shooting against the light over water:

Step 1: Original image with no exposure correction
Step 2: Exposure boosted by +2.6 in ufraw
Step 3: Color saturation boosted to 170%
Step 4: Luminance curve adjusted to balance foreground and background
Top down, left to right: (1) original image with no exposure correction, (2) exposure boosted by +2.6 in ufraw, (3) color saturation boosted to 170%, (4) luminance curve adjusted to balance foreground and background.

Note how, without exposure correction, the foreground is severely underexposed. That’s actually deliberate; it’s a lot easier to boost exposure in post than to fix blown highlights.

All of this was done with global adjustments only; of course, with careful masking, much more would be possible. The tricky part here was getting the curve adjustment to look good. Here’s a screenshot of the curve I ended up using:

Screenshot of color curves in ufraw

You can see that there’s a strong contrast boost at the bottom end (corresponding to the subject in the foreground), with a compensating flat range in the “midtones” (which, here, basically means the constrast gap between the foreground and background) and a slight S-curve in the upper range corresponding to the highlights on the water (to give them a bit more contrast).

As for dramatic lighting, I’d say it comes mostly down to picking the right time and location. Here’s the kind of background you can get with a polarizing filter and the sun low behind clouds:

Sun behind clouds, taken with a cellphone camera through sunglasses

This is, in fact, a completely unedited photo taken with an old 0.3 Mpx cellphone camera, filtered through polarizing sunglasses. You can just imagine how awesome it would’ve looked if I’d had a proper camera with me. 🙂

Page not found – Software Engineering Stack Exchange

Stack Exchange Network


Stack Exchange network consists of 176 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.

Visit Stack Exchange

Microservices shared data – Software Engineering Stack Exchange

im designing a microservices strcuture and im facing some problems on how to place data on different microservices.

For example, i have users, that suscribe to plans and the plans has different features. For example, a user can download 10 items per month.

So im thinking of building the following microservices:

  • User microservice: Mantain users data and the downloads
  • Plans microservice: Mantain plans data and the features each plan enables
  • Other microservices: Other microservices that may use the previous two to check permissions
    So when a user requests a new download, i need to get the user actual amount of downloads, the user plan and check if the actual amount of downloads allow a new download based on the plan amount of downloads limit. If its allowed, then i need to reach the users microservice to update the amount of downloads.

When im thinking about this design, im not sure of the following:

Where should i store what plan a user has? (Users or Plans microservices)
Should the microservices communicate with HTTP?

Thanks

Domain Driven Design Exercise – Software Engineering Stack Exchange

I recently found out about Domain Driven Design and I liked it. However, it is quite overwhelming and requires quite of expertise to get it right. For this reason, I wanted to try to model a simple domain using DDD and event storming.
The domain is the following:

The application allows publishers to publish small articles or books. Both publishers and users can browse, read, “pin” articles and “follow” more than one publisher to get notification about their new articles. Lets say that publishers are the same as users, with the additional functionality that they can publish.
Users have free access. Publishers have only a subscription based access. Users have an hard limit on the number of articles they can pin. However, this limit can be increased by buying a subscription. Publishers have an hard limit on the number of articles they can publish. However, this limit can be increased by buying an advanced subscription.

This is what I modelled till now and it is only a small part of it:

enter image description here

The Article Bounded Context contains a single aggregate Portfolio. The Portfolio holds the owner of the Portfolio, the created Articles entities and the ArticleQuotas ValueObject. To create an Article the Publisher has to go to the Portfolio, so that we can regulate the creation of new Articles. The Publisher can publish an Article of its Portfolio and the published Article will be visible in the PublishedArticle ReadModel. Finally, the PortfolioQuotas are regulated via events generated by the Subscription BoundedContext, by incrementing the PortfolioQuotas.
At first I was tempted to separate the concept of Article and Quotas, but then there is the problem of the eventual consistency between the creation of an Article and the Exceed of Quotas.

What I’m asking here is whether I’m going in the right direction and, otherwise, if you have some suggestions in modeling using Domain Driven Design.

Thank you very much

Share files between microservices – Software Engineering Stack Exchange

We have a service (lets say FileService) that provides API to store/download files into various stores (S3/local file etc.,)

We have a scenario where one microservice (Service A) writes a file to S3 via FileService and the same file needs to be read by another microservice (Service B). In an ideal scenario, Service A will have an API exposed to read/download this file; Service B can leverage this API and be able to read it.

However, due to the file(s) being huge, we wanted to see if its OK to have Service B read/download the file directly via FileService. (Given that Service A agrees that its fine to provide read access to Service B)

In this case as the data being shared across microservices is files, is this an acceptable pattern ? Do we foresee any issues with this approach ?

Any tools to help communicate design specs to Engineering?

All that you need is a good design handoff tool.

Design handoff takes place when requirements have been met and prototypes have been tested. The design is handed off to developers to start coding. It’s like a relay race, designers are about to finish their work and pass the baton to developers.

As designers and developers are trying to complete completely two different stages of product building. They don’t understand each other very well. Normally, designers don’t have too much perception about coding. At the same time, developers don’t have too much knowledge about the design process.

Here, I would like to recommend such a tool for you. It’s called Mockplus Cloud.

Mockplus Cloud

Mockplus Could is an all-in-one collaboration and handoff tool for designers and developers to prototype, collaborate and handoff designs in one place.

Designers can easily import wireframes, hi-fi prototypes and other visual designers directly from Sketch, PhotoShop, Adobe XD and figma. And all the related design specs, such as design spacing, measurements, assets and code snippets, are automatically generated.

So, they can directly handoff everything to developer with a single link.
Developers can also join with a link, inspect designs, view code snippets and download assets with simple clicks. All resources can be auto tailored to the platform you’re developing for.

When projects have been linked with design systems, developers can even check variable names of different colors, fonts and other components with ease. It fastens the developing process.

Here are key features of Mockplus Cloud:

Import designs with assets from Sketch, Adobe XD, PhotoShop and figma;
Upload prototypes from Axure, Justinmind, Mockplus and documents;
3.Create UI flow and interactive prototypes with drag-and-drop;
4.Comment, review, test and iterate designs with simple clicks;
5.Inspect, copy and download design specs, assets, code snippets with one click;
It connects design and engineering closely.

Hopefully, this helps.

python – Indexable iterators – Software Engineering Stack Exchange

Suppose someone designs an indexable iterator class, i.e. an iterator that supports __getitem__ for (non-negative) integer indexes such as the following:

In (1) it = indexed_iter("abcdefghij")

In (2): next(it)
Out(2): 'a'

In (3): next(it)
Out(3): 'b'

In (4): it(1)
Out(4): ???

In (5): it(2)
Out(5): ???

In (6): next(it)
Out(6): ???

What is the most intuitive behavior for outputs 4-6? Some candidate options:

1a. it(0) is the item that would be returned by next, it(1) the item after than and so on. Additionally, the iterator is forwarded as a side-effect of indexing:

In (4): it(1)
Out(4): 'd'

In (5): it(2)
Out(5): 'g'

In (6): next(it)
Out(6): 'h'

1b. Same as (1a) but idempotent; the iterator is not forwarded by indexing:

In (4): it(1)
Out(4): 'd'

In (5): it(2)
Out(5): 'e'

In (6): next(it)
Out(6): 'c'

2a. it(0) is the first item (already or to be) returned by next, regardless of the current state of the iterator. Additionally, the iterator moves at the index position as a side-effect of indexing:

In (4): it(1)
Out(4): 'b'

In (5): it(2)
Out(5): 'c'

In (6): next(it)
Out(6): 'd'

2b. Same as (2a) but idempotent; the iterator’s state does not change by indexing:

In (4): it(1)
Out(4): 'b'

In (5): it(2)
Out(5): 'c'

In (6): next(it)
Out(6): 'c'
  1. None of the above is intuitive, or at least more intuitive than the alternatives; __getitem__ should be supported at all for iterators.

This is a question about API design only; it’s not about implementation, performance, memory implications or other concerns.