What is Address Resolution Protocol


Address Resolution Protocol (ARP) is a network layer protocol used to convert an IP address to a physical address (MAC).  This MAC address belongs to the device that delivers the IP, for example Ethernet, which is what we usually see as Eth0 or Wlan0 for wireless.

Posted in Uncategorized. Tags: , , , , , . Leave a Comment »

Getting the IE Address URL directly!


As of right now, I am trying to fetch the URL that exists in the Internet Explorer address bar.  I tried using registry to call out to “Software\Microsoft\Internet Explorer\TypedURLs\url1” but Internet Explorer only changes the registry if the adress bar’s URL windowas entered by the user!  If you were to link to another page with a click, the registry would not be updated.  What I am doing right now is to use a different method, to find the window of the address bar and retrieve the text directly.  However, I find this method rather hard although proven effecient, a little of Google search got me into this link which right now I am using.  Whether or not it gives me the final solution, I will post it up later in a full article on how to retrieve it with the source code available!  This link has also provided me a good tool to check on windows classes, texts and its child, a little much more better than the Microsoft Spy++.  The tool is called Windowse.  Below is the link to the article that is helping me right now.

Article: http://delphi.about.com/od/windowsshellapi/l/aa060303a.htm

Analyzing network packets


Those of you that think of yourself as a hacker, do you know what does a network packet look like?  Have you ever read network packets in your life, do you know how they work?  Take a look in the TCP packet below and try to figure out what the packet is doing as well as getting the source ip address and port of the sender.

00 1c f0 39 8e 45 00 1c  f0 8a a1 71 08 00 45 00
00 34 06 6e 40 00 80 06  9a 0e c0 a8 01 02 45 a2
52 fb c0 a7 00 50 a1 f6  7c bb 00 00 00 00 80 02
20 00 15 25 00 00 02 04  05 b4 01 03 03 02 01 01
04 02

Tips: Think of the packet as an Ethernet frame.

Microsoft Detours


Detours is a library for instrumenting arbitrary Win32 functions on x86, x64, and IA64 machines. Detours intercepts Win32 functions by rewriting the in-memory code for target functions. The Detours package also contains utilities to attach arbitrary dynamic-link libraries (DLLs) and data segments (called payloads) to any Win32 binary. Read the rest of this entry »