Real time detecting of mutex objects

Quite clever. I’m impressed.

Peter

Anyone here seen this?

Nice. Really creative way of using ETW :slight_smile:

…with the grammar epitomising “English” that happens to be just a sort of a “fingerprint” of the certain part of the world

Do you mean Russia? :wink:

which, in turn, somehow implies that the whole “business” of malware design relies upon the outsourcing as much as its “legitimate” counterpart does.

I don’t think one random post implies anything general.

In other words, the “evil genius” image of a hacker becomes more and more of a myth these days, with the exploits getting chiefly designed by the security researchers who don’t intend to make any actual use of them, and design them just as a “proof of concept” thing…

Do not underestimate enemies. I’d expect standard Gaussian curve with script kiddies and this one on the left side and who knows who is on the right side?

Do you mean Russia? :wink:

Nope…

Sure they’ve got their own “fingerprints” down there, but these are totally different ones. For example, if you come across something along the lines of “I wanted to ask” in the sense of “I would like to ask”; pearls like “feeling myself good”; missing articles or use of “very” all over the place (i.e “very cold” instead of “freezing”,“very funny” instead of hilarious",etc), then you may,indeed, have a good reason to suspect someone from that part of the world. However, if you come across “I’m having a doubt” in the sense of “I’ve got a question”; “same” in the sense of “it”; “guide on/in XYZ”(typically combined with the previously mentioned “fingerprint”), then you can be 100% sure that your “target” is located somewhere around 3K+ miles south-east of Moscow

Furthermore, I don’t see any reason why someone from Russia would want to pose as “James Smith” in a technical NG - AFAIK, they prefer
the politics-oriented sites and NGs for this purpose.

[enter OT mode]

BTW, once we are at it, I just wonder if I may have had accidentally solved, by a mere serendipity,“the unsolved mystery” of our “Windows fanboy’s” sudden disappearance from NTDEV. Probably, he just changed his"occupation", and now poses as some “Big Bad Max from New York” in some politics-oriented NGs, effectively sending the readers of the said NGs on the floor right on the spot? Taking into account his propensity to make the political speeches on NTDEV in few months preceding his mysterious “disappearance”, this suggestion does not really seem to be as outlandish as may be deemed at the first glance. Taking into account his “productivity rate” that is comparable to that of a machine-gun, the readers of the target NGs must be having a truly enjoyable time indeed…

[leave OT mode]

I don’t think one random post implies anything general.

As you may have guessed, “one random post” (and even dozen of them) is insufficient for even considering “Discovering the poster’s origins and geographic location by means of analysing their English grammar” project, let alone actually implementing it (which holds true for both artificial neural networks and the “natural” ones). Therefore, we must be speaking about the “sufficiently large” dataset here, don’t you think…

I’d expect standard Gaussian curve with script kiddies and this one on the left side and who knows who is on the right side?

I think it simply does not make any sense to speak about this curve without mentioning percentiles. How many standard deviations away from the mean are those “in the know” located at in this particular case?

Anton Bassov

However, if you come across “I’m having a doubt” in the sense of “I’ve got a question”; “same” in the sense of “it”; “guide on/in XYZ”(typically combined with the previously mentioned “fingerprint”), then you can be 100% sure that your “target” is located somewhere around 3K+ miles south-east of Moscow

Sure. I just couldn’t resist, sorry :wink:

I think it simply does not make any sense to speak about this curve without mentioning percentiles.

Why not? It can be applied to almost anything so why not here?

How many standard deviations away from the mean are those “in the know” located at in this particular case?

How can I know? We don’t have sufficient data. I can only presume we see the dumb and incompetent side and in turn I presume there is also opposite side. The existence of successful malware indicates it.

 > Why not? It can be applied to almost anything so why not here?

Simply because speaking about the Gaussian curve in context of the statistical analysis without making any reference to the percentiles and standard deviations is pretty much the same thing as speaking about the results of temperature measurements without making any reference to either kelvins or degrees…

I can only presume we see the dumb and incompetent side and in turn I presume there is also opposite side.

The very first thing that gets into my head is that those of the former type may be simply making the actual use of the tools and “methodologies” developed by those of the latter one, despite their “fairly limited”, so to say, understanding of the underlying principles that make these tools and “methodologies” tick. Whenever they encounter a problem, they post their questions to the technical NGs so that we can have a good laugh.

The existence of successful malware indicates it.

At the risk of invoking “The Hanging Judge’s” wrath I’ve got to point out that one does not really need any special technical talents in order to infect a computer that happens to be running Windows. The only thing you need is to trick a user into clicking on some file with a valid PE header and .exe extension, and the Windows Explorer will take care of the rest …

Anton Bassov

… pretty much the same thing as speaking about the results of temperature measurements without making any reference to either kelvins or degrees…

What about low, lower, average, high, higher… :wink:

At the risk of invoking “The Hanging Judge’s” wrath

Oh, I noticed you’re moderated. Maybe we should stop here before you say something unwanted :wink:

The only thing you need is to trick a user into clicking on some file with a valid PE header and .exe extension, and the Windows Explorer will take care of the rest …

That’s partially right but even with it you need some skills. Look at encryption ransomware. It can infect the site as you said but then it needs to spread all over local network (it does), encrypt drives and pass keys to an attackers to they can sell a software which reverts the damage they did. Not a small task for incompetent people IMO.

What about low, lower, average, high, higher… :wink:

Well, if something can be expressed and presented in some intuitive and easy-to-understand colloquial terms…well, then it, apparently, simply defeats the very purpose of referring to more advanced ones like the bell curve, don’t you think…

Look at encryption ransomware. It can infect the site as you said but then it needs to spread all over local network (it does),
encrypt drives and pass keys to an attackers to they can sell a software which reverts the damage they did.
Not a small task for incompetent people IMO.

The “only” question here is how much of the above gets done by those who actually pull off the attack. There is a good chance that they may be just using the tools and libraries that actually implement all the above mentioned stuff, without really understanding how these tools and libraries work and what they actually do…

Anton Bassov

well, then it, apparently, simply defeats the very purpose of referring to more advanced ones like the bell curve, don’t you think…

No. Bell curve shows there is similar number of very competent and very incompetent people. Here we mainly see the latter and not former (or maybe we don’t notice them). That was my original point. Plus there is much more average people so judging from these dumb cases doesn’t show even the basic picture.

There is a good chance that they may be just using the tools and libraries that actually implement all the above mentioned stuff, without really understanding how these tools and libraries work and what they actually do…

Well, it is possible but still they’d need to put it all together to make it working and reasonably reliable. Non-trivial money depend on it.

using a bell curve here seems to be inappropriate. Understanding all of the limitations of IQ scores, let’s start there. Any kind of computer programming has a certain threshold below which one simply can’t do it. A certain amount of abstract thought is required to understand the concepts of constants and variables along with flow of control. Incrementally harder is structured programming and systems programing - including the special topic of this forum - Windows KM programming. It seems clear then that assuming that the IQ points (however you like to count them) are normally distributed over the general population, the elect who participate here are all from the right hand side of that curve. That implies that the population of those who are eligible to participate on these topics is larger at the lower end of the spectrum and assuming some very tenuous connection that those who can and those who do participate do is somehow about the in same proportions, we see a curve with many at the bottom and few at the top. And none of us can ever really know where we are on it :wink:

what that also means is that there are relatively more questions that lead to humour and nonsense, some that have appropriate technical issues, and relatively few that contain deep technical insight and difficult problems from which we can all learn

And none of us can ever really know where we are on it :wink:

Just open a book on, say, analog filter design (I don’t even consider anything even more advanced than this, like, for example, theoretical physics), and you will get some idea about our location on the bell curve…

As you have pointed out already, our “minimum” is defined by one’s ability to grasp the concepts of constants ,variables and the control flow. For these guys, it is defined by one’s ability to solve the second-order differential equations - there is absolutely nothing that you can do in this field without this ability.

Taking into consideration the number of people who can actually do analog design, which side of the curve you think we are located at???

Anton Bassov

Any kind of computer programming has a certain threshold below which one simply can’t do it.

OK, I take your point. However, things changed and change further. I was used to what you say, there were better and worse programmers but even the worst of them were rather intelligent and technically capable people. Then I took a break and left this industry for several years doing something completely different. When I returned I was shocked what kind of people call themselves programmers and are even paid for it. Well paid and there is not enough people so even bad ones are hired. Also, programming is easier nowadays, frameworks everywhere, compare UMDF driver to WDM driver doing the same 15 years before. Piece of cake.

That implies that the population of those who are eligible to participate on these topics is larger at the lower end of the spectrum and assuming some very tenuous connection that those who can and those who do participate do is somehow about the in same proportions, we see a curve with many at the bottom and few at the top.

I see what you mean but taking above into account I’m not sure about it. Also because I can’t take an example what Anton posted as even average but I’m probably biased.

Just open a book on, say, analog filter design (I don’t even consider anything even more advanced than this, like, for example, theoretical physics), and you will get some idea about our location on the bell curve…

Well, I studied electrical engineering / analog circuits originally (migrated to computers later) and this was part of this. I don’t see what you mean. It isn’t more complicated than kernel programming, just different. Yep, second-order differential equations. So?

Also because I can’t take an example what Anton posted as even average but I’m probably biased.

Well, my example of some imaginary “James Smith” asking about SSDT hooking for the purpose of capturing the passwords is admittedly a contrived one, for the simple reason that Peter tends to simply ban posters who ask questions like that. After all, in this particular example our “James Smith” does not even try to deny that his goals are nefarious and malicious.

However, when it comes to the technical side, this example is not contrived at all. Just check the archives, and you will see PLENTY of examples of posters asking us to “resolve their doubts in the same” on handling interrupts in a USB driver or reading a disk file from ISR.
For example, someone named “VinayKP” was sort of shocked when he “discovered”, after having had been asking NDIS-related questions on NTDEV for almost two years(!!!), that network devices were not directly accessible to the apps (IIRC, he was unaware of the socket layer’s very existence).

It isn’t more complicated than kernel programming, just different. Yep, second-order differential equations. So?

I was shocked what kind of people call themselves programmers and are even paid for it.

I guess you have answered your own question. Can you imagine someone with no basic knowledge of even algebra,let alone calculus, calling themselves analog engineers, let alone getting hired as the ones??? Sounds ridiculous,don’t you think. However, a university with a CS course not covering the basics of C language, let alone the ones of the OS/compiler/linker/parser/etc design, becomes just sort of a norm these days…

Anton Bassov

1 Like

However, when it comes to the technical side, this example is not contrived at all.

Sure, I’ve seen many such examples in the past.

I guess you have answered your own question. Can you imagine someone with no basic knowledge of even algebra,let alone calculus, calling themselves analog engineers, let alone getting hired as the ones??? Sounds ridiculous,don’t you think.

Nope. I couldn’t imagine it for programmers 10 years ago and now it routinely happens. I mean it proves nothing.

Well, this discussion became a bit tiresome, partially my fault, I admit. My whole point was IF there is substantial amount of wannabe funny hackers there SHOULD be also smart ones.

Excuse me …

I see lot of self-propagating error in this thread now …

How do you determine IQ ( by looking at Mach, Sc., Engineering skills ??). IMO, this only gives some estimates of it to be believed… How about other fields ?

Coders at work , is a good book to spend some time on reading it. Lots of them never finished colleges, simply they became BORED, and programming does not require those abstract classes to be good at.

Well, lot of universities in US, still teaches c/c++/asm, Compiler, OS ( oh well avoid Tanenbaum :-), networking… two of my boys going thru these at present :-). But again yes, universities moving on to new languages, mainly because of AI. ML etc. But still if U want, the courses are there…

-Pro

But again yes, universities moving on to new languages, mainly because of AI. ML etc.

Oh, come on - I hope you are not saying that they are “moving on” to Python,which happens to be the language of choice in these areas
(in fact, not even a language itself but a plethora of various Python-based frameworks like Keras and Numpy), are you…

Fair enough - if you want to be specialised in statistics/data science/etc, then, you probably don’t really need any low-level stuff indeed, because you are supposed to be more concerned about the math that is meant to offer the solution of the problem at hand, rather than about the under-the-hood implementation details of the tools that you use.

However, as long as you are interested in the actual CS, I would rather expect you to learn all the low-level stuff, because, in the end of the day, you are supposed, apart from the other things, to be able to actually develop the tools that higher-level-minded guys are going to use in their work…

Anton Bassov

I couldn’t imagine it for programmers 10 years ago and now it routinely happens. I mean it proves nothing.

Fair enough - everything depends on the CAD tools that are available to you. I don’t want to rule out the possibility of the emergence of some CAD tools that will reduce the analog filter designer’s involvement to setting the input parameters and desired output criteria, and will take care of the rest, effectively generating the filter specification. However, I am speaking about the situation in its current state, and tools like that don’t seem to be anywhere in sight for the time being

Anton Bassov

Well I m scared of any snakes, childhood experience? It all depends on who gets involved in what. Obviously we are systems programmers so … Pro

Well I m scared of any snakes, childhood experience

What about the following one:

https://www.everythingreptiles.com/20-most-popular-pet-snakes/

[begin quote]

Ball Pythons are docile creatures and are reluctant to bite.

[end quote]

Obviously we are systems programmers so

Are you ready to start writing a simple Python interpreter? According to the above link, it is highly unlikely to bite you, so that it must be a pretty safe project to work on…

Anton Bassov

One college project was to write lisp interpreter using C. Then build more primitives using base interpreter.

Now clojure is a language that interests me a bit
<\ot>

Pro

Closing for reasons that should be obvious.

Peter

1 Like