Over The Wire - PullThePlug

Title of the post nearly sums it up.  In win32, single stepping over a popf that sets the trap flag.  The trap flag when examined using GetThreadContext reports the trap flag as being clear.
I tried for the first time installing OllyDbg today also, but Olly has no problem in detecting the trap flag as set.  [...]

In my bid to emulate win32 seh (in my emulator), I needed (to test my emulator) to single step through exception handling.  My first approach was to just single step through the program by setting the trap flag in the eflags register.  I had some problems with this.
One of the problems is single stepping through [...]

UPDATE:  This isn’t a bug after all.  Aspect provided documtation of what is actually occuring.
It’s a feature since pentium pro computers to do ‘fast string’ or block operations.  A block operation (eg, movb) of 64 bytes is performeed if ecx >= 64, if edi is aligned to 8 an byte boundary, and if esi and edi are not [...]

Another CPU bug uncovered while testing my emulator.   I came across a repne scasb while emulating the win32 version of upx.  The logic of scasb (scan string), to paraphrase the intel manuals is

SRC = dereference(edi)
temp = al -  SRC
SetStatusFlags(temp)
update_edi

In the code I ran across, %al was set to 0, the byte at (%edi) was 70 [...]

I have my emulator running reasonably successfully on upx now.  It’s actually an auto unpacker, and identifies when the program is unpacked by monitoring execution on previously written memory.  In the process of emulating file io I came across a particular bug in gdb.
The file descriptor returned from an open call inside the debuggee, was [...]

I’ve been writing an x86 emulator, and to debug it, I ran it on a p4 computer in parallel to a debugger on a target program (a upx packed binary).  Well.. I got to shl $8, %eax where eax = 0×00ffffff.
The intel documentation says that the overflow flag is only changed for 1 bit shifts.  Suprisingly, [...]

In some binaries, basic blocks may be connected only by jumps.  These basic blocks may also be non contiguous in the file, ie scattered throught the binary.
In cases like this, if your looking at the disassembly, you need to constantly jump throught the image to have the logical order of the control flow.  When the [...]

Some procedures, following a calling convention simply return (ret), without modifying the stack pointer (they expect the caller to perform stack correction).  In another call convention, procedures (callees) modify the stack using retn $0xhh.
Yesterday I made some changes to my disassembler, so that it would look at the stack correction in procedures.  But there is a possibility of inconsistency when [...]

There was a time when I was very openminded and pragmatic. Sadly though, I've been pushed into some kind of defensive posture for a while now because everyone keeps attacking me on my choice to use Debian and Debian derivatives over anything else. Because of this, a lot of my replies can be snappy and condescending.

I'll apologize for that right now :)

One of the readers (Karanbir Singh) of this blog (who ever thought people would be reading this) suggested that I look at Puppet or CFEngine as a better means of maintaining a large number of servers.
At first I was very sceptic about this solution and replied very quickly that it was probably no good in my case. However, after thinking about it for a while walking in the snow (yes, spring has just begun and its snowing... this global warming thing is starting to act up) I realised that it is (or could be) actually a nice solution.