DOCSLIB.ORG

(H2HC) 2016 – Talk 1

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
(H2HC) 2016 – Talk 1 thisslide. to copy neither reproduce reproduce neither to copy Few tricks used by allowed It is not malwares – H2HC University 2016 Borges Alexandre By Alexandre Borges 1 . Profile and TOC slide. TOC: • Introduction • DKOM • Process Hollowing • SSDT • this reproduce neither It to copy is not allowed Code Injection • Hooking – • Malware and Security Researcher. Consultant, • Finding Registries Borges Instructor and Speaker on Malware Analysis, Memory Analysis, Digital Forensics, Rootkits and Software Exploitation. • Instructor at Oracle, (ISC)2 and EC-Council. Ex- Alexandre instructor at Symantec. • Member of the CHFI Advisory Board in EC- Council. • Reviewer member of the The Journal of Digital Forensics, Security and Law • Refereer on Digital Investigation:The International Journal of Digital Forensics & Incident Response • Author of “Oracle Solaris Advanced Administration book” Introduction 3 Alexandre Borges – It is not allowed to copy neither reproduce this slide. Introduction • Tools are important, but they are not everything. • Keep your tools updated (licensed tools). • Strong knowledge about kernel (Windows, Linux and Mac OS X) and programming (by using APIs) are a must. • Sandboxes such as Cukoo are useful, but they are not efficient It is not allowed to copy neither reproduce thisslide. reproduce neither It to copy is not allowed for most complex malwares. – • Classical approach: static x dynamic analysis • Emulation: an interesting method (IDAEmu and Unicorn). • Do you use Radare2 or/and Capstone / Keystone (disassembly Borges Alexandre / assembly engine)? • Suggested lab: Windows XP SP3 + Windows 7/8 + Linux (Remnux and Kali) 4 Introduction It is not allowed to copy neither reproduce thisslide. reproduce neither It to copy is not allowed – Alexandre Borges Borges Alexandre 5 Introduction It is not allowed to copy neither reproduce thisslide. reproduce neither It to copy is not allowed – Alexandre Borges Borges Alexandre 6 Introduction It is not allowed to copy neither reproduce thisslide. reproduce neither It to copy is not allowed – Alexandre Borges Borges Alexandre 7 Tricks 8 Alexandre Borges – It is not allowed to copy neither reproduce this slide. Tricks - DKOM KPRCB ETHREAD EPROCESS *Current Thread KTHREAD KPROCESS *Next Thread APC State List Entry { It is not allowed to copy neither reproduce thisslide. reproduce neither It to copy is not allowed *Idle Thread FLINK – BLINK } Alexandre Borges Borges Alexandre KPRCB Kernel Processor Control Region Block – It contains information 9 about the processor and it is not at a fixed address anymore (since Win Vista) Tricks - DKOM flink flink flink 101 102 103 blink blink blink It is not allowed to copy neither reproduce thisslide. reproduce neither It to copy is not allowed flink flink flink – 101 102 103 blink blink blink Borges Alexandre Tricks - DKOM C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x64> windbg.exe -k com:pipe,port=\\.\pipe\com_1 kd> dt _KPRCB nt!_KPRCB +0x000 MxCsr : Uint4B ….. +0x007 IdleHalt : UChar It is not allowed to copy neither reproduce thisslide. reproduce neither It to copy is not allowed +0x008 CurrentThread : Ptr64 _KTHREAD – +0x010 NextThread : Ptr64 _KTHREAD +0x018 IdleThread : Ptr64 _KTHREAD +0x020 NestingLevel : UChar +0x021 PrcbPad00 : [3] UChar kd> !prcb Borges Alexandre PRCB for Processor 0 at fffff80002bf8e80: Current IRQL -- 13 Threads-- Current fffff80002c06cc0 Next 0000000000000000 Idle fffff80002c06cc0 11 Processor Index 0 Number (0, 0) GroupSetMember 1 ...... Tricks - DKOM kd> nt!_ETHREAD +0x000 Tcb : _KTHREAD +0x368 CreateTime : _LARGE_INTEGER +0x370 ExitTime : _LARGE_INTEGER +0x370 KeyedWaitChain : _LIST_ENTRY +0x380 ExitStatus : Int4B …. kd> dt _KTHREAD It is not allowed to copy neither reproduce thisslide. reproduce neither It to copy is not allowed nt!_KTHREAD – +0x000 Header : _DISPATCHER_HEADER +0x018 CycleTime : Uint8B …… +0x04c MiscFlags : Int4B Borges Alexandre +0x050 ApcState : _KAPC_STATE +0x050 ApcStateFill : [43] UChar +0x07b Priority : Char 12 +0x07c NextProcessor : Uint4B Tricks - DKOM kd> dt nt!_EPROCESS +0x000 Pcb : _KPROCESS +0x160 ProcessLock : _EX_PUSH_LOCK +0x168 CreateTime : _LARGE_INTEGER +0x170 ExitTime : _LARGE_INTEGER +0x178 RundownProtect : _EX_RUNDOWN_REF It is not allowed to copy neither reproduce thisslide. reproduce neither It to copy is not allowed +0x180 UniqueProcessId : Ptr64 Void – +0x188 ActiveProcessLinks : _LIST_ENTRY +0x198 ProcessQuotaUsage : [2] Uint8B +0x1a8 ProcessQuotaPeak : [2] Uint8B ... Borges Alexandre kd> dt nt!_LIST_ENTRY +0x000 Flink : Ptr64 _LIST_ENTRY 13 +0x008 Blink : Ptr64 _LIST_ENTRY Tricks - DKOM kd> !process 0 0 **** NT ACTIVE PROCESS DUMP **** PROCESS 89e43830 SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000 DirBase: 00334000 ObjectTable: e1000c98 HandleCount: 253. Image: System PROCESS 89b92340 SessionId: none Cid: 0178 Peb: 7ffde000 ParentCid: 0004 DirBase: 10980020 ObjectTable: e15227a8 HandleCount: 19. Image: smss.exe PROCESS 89957020 SessionId: 0 Cid: 025c Peb: 7ffdf000 ParentCid: 0178 It is not allowed to copy neither reproduce thisslide. reproduce neither It to copy is not allowed DirBase: 10980040 ObjectTable: e15f6858 HandleCount: 356. Image: csrss.exe – PROCESS 898e0020 SessionId: 0 Cid: 0280 Peb: 7ffd6000 ParentCid: 0178 DirBase: 10980060 ObjectTable: e143a500 HandleCount: 525. Image: winlogon.exe PROCESS 89ae6020 SessionId: 0 Cid: 02e4 Peb: 7ffdd000 ParentCid: 0280 Borges Alexandre DirBase: 10980080 ObjectTable: e197c8e8 HandleCount: 262. Image: services.exe ..... 14 Tricks - DKOM kd> dt nt!_EPROCESS 89ae6020 // (base of this _EPROCESS) +0x000 Pcb : _KPROCESS +0x06c ProcessLock : _EX_PUSH_LOCK +0x070 CreateTime : _LARGE_INTEGER 0x01d22032`83696cc6 +0x078 ExitTime : _LARGE_INTEGER 0x0 +0x080 RundownProtect : _EX_RUNDOWN_REF It is not allowed to copy neither reproduce thisslide. reproduce neither It to copy is not allowed +0x084 UniqueProcessId : 0x000002e4 Void – +0x088 ActiveProcessLinks : _LIST_ENTRY [ 0x89afee28 - 0x898e00a8 ] +0x090 QuotaUsage : [3] 0x17d0 +0x09c QuotaPeak : [3] 0x1c88 Borges Alexandre kd> x nt!psact* 15 8055a158 nt!PsActiveProcessHead = <no type information> Tricks - DKOM kd> dt nt!_LIST_ENTRY 8055a158 [ 0x89e438b8 - 0x897d7b78 ] +0x000 Flink : 0x89e438b8 _LIST_ENTRY [ 0x89b923c8 - 0x8055a158 ] +0x004 Blink : 0x897d7b78 _LIST_ENTRY [ 0x8055a158 - 0x899415e0 ] kd> dt nt!_EPROCESS 0x89e438b8 - 0x088 -l ActiveProcessLinks.Flink -y ImageFileName ActiveProcessLinks.Flink at 0x89e438b8 --------------------------------------------- +0x088 ActiveProcessLinks : [ 0x0 - 0x0 ] +0x174 ImageFileName : [16] "" It is not allowed to copy neither reproduce thisslide. reproduce neither It to copy is not allowed kd> dt nt!_EPROCESS 0x89e438b8-0x088 -l ActiveProcessLinks.Flink -y ImageFileName – ActiveProcessLinks.Flink at 0x89e43830 --------------------------------------------- +0x088 ActiveProcessLinks : [ 0x89b923c8 - 0x8055a158 ] +0x174 ImageFileName : [16] "System" Borges Alexandre ActiveProcessLinks.Flink at 0x89b92340 --------------------------------------------- +0x088 ActiveProcessLinks : [ 0x899570a8 - 0x89e438b8 ] 16 +0x174 ImageFileName : [16] "smss.exe“ Tricks - DKOM • It is possible to perform DKOM from kernel drivers, but it is also feasible to execute it from userland: • It enables the SeDebugPrivilege by using: • RtlAdjustPrivilege(SE_DEBUG_PRIVILEGE, TRUE, FALSE, &oldpriv); • NtQuerySystemInformation ( ) it locates the based address of the It is not allowed to copy neither reproduce thisslide. reproduce neither It to copy is not allowed kernel module (ntoskrnl.exe): – • NtQuerySystemInformation(SystemModuleInformation, &infomod, sizeof(infomod), NULL); • Extracts the base address of the kernel execute module Borges Alexandre (ntoskrnl.exe): 17 • kernelbase = (ULONG)infomod.Modules[0].ImageBase Tricks - DKOM • PsInitialSystemProcess variable it points to _EPROCESS for the System process. Therefore, we have to get the PsInitialProcess address: • kernelhandle = LoadLibraryA(kernelfilename); // ntoskrnl.exe • psinitialsys_addr = (ULONG)GetProcAddress(kernelhandle, "PsInitialSystemProcess") – (ULONG)kernelhandle + kernelbase; It is not allowed to copy neither reproduce thisslide. reproduce neither It to copy is not allowed • Walk in the linked list searching for a target process to hide – (remember about offset 0x88 – ActiveProcessLinks). • NtSystemDebugControl( ) it reads and writes Borges Alexandre (DebugSysReadVirtual DebugSysWriteVirtual) 4 bytes to a specific address in kernel memory. Thus, it is possible to overwrite the Flink and Blink pointers. 18 Tricks - DKOM • NtSystemDebugControl( IN SYSDBG_COMMAND Command, // IN PVOID InputBuffer OPTIONAL, IN ULONG InputBufferLength, OUT PVOID OutputBuffer OPTIONAL, IN ULONG OutputBufferLength, OUT PULONG ReturnLength OPTIONAL ); It is not allowed to copy neither reproduce thisslide. reproduce neither It to copy is not allowed – • NtSystemDebugControl( SysDbgReadVirtual, &dbgmembuff, Alexandre Borges Borges Alexandre sizeof(dbgmembuff), NULL, 0, 19 NULL); • Tricks - DKOM root@kali:~/volatility25# python vol.py --profile=WinXPSP2x86 -f /malwares/malware2.vmem psxview Volatility Foundation Volatility Framework 2.5 Offset(P) Name PID pslist psscan thrdproc pspcid csrss session deskthrd ExitTime ---------- -------------------- ------ ------ ------ -------- ------ ----- ------- -------- -------- 0x06499b80 svchost.exe 711 True True True True True True True 0x04b5a980 VMwareUser.exe 109 True True True True True True True 0x05f027e0 explorer.exe 216 True True True True True True
Load more

Recommended publications
  • Microsoft Macro Assembler Version 5.1.PDF
    Microsoft. Macro Assembler Version 5.1 • For the MS® OS/2 or MS-DOS® Operating System Microsoft Macro Asset bier version 5.1 puts all the speed and power of assembly-lar uage programming within easy reach. Make your programs run faster by linking assembly-language subroutines to your Microsoft QuickBASIC, BASIC compiler, C, FORTRAN, and Pascal programs. Technical Highlights If you're accustomed to programming beyond the level of documentation the correct model for your subroutine, in a high-level language like Microsoft supplied with previous versions of just use the MODEL directive and choose QuickBASIC, BASIC compiler, QuickC, Microsoft Macro Assembler. This totally the model you need. To start your data C, FORTRAN, or Pascal, Microsoft revised guide provides a complete and segment, just add a DATA directive; Macro Assembler version 5.1 is the bridge well-organized explanation of Microsoft to create a stack, add a STACK directive; you've been looking for to the assembly- Macro Assembler and the instruction and to begin writing instructions, use language environment. You can, for sets it supports. the CODE directive. example, use the powerful graphics func- What's more, the Mixed-Language High-level language interface tions of Microsoft QuickBASIC or the Programming Guide included with Micro- macros help you declare your subroutines, efficient math functions of Microsoft soft Macro Assembler version 5.1 con- set up stack parameters, and create local FORTRAN and then add time-critical tains complete, easy-to-follow instructions variables. In addition, version 5.1 offers routines in Microsoft Macro Assembler. on how to call assembly-language sub- MS-DOS interface macros that make it Easier to learn and use.
    [Show full text]
  • MASM61PROGUIDE.Pdf
    Introduction (C) 1992-1996 Microsoft Corporation. All rights reserved. Programmer's Guide Microsoft® MASM Assembly-Language Development System Version 6.1 For MS-DOS® and Windows™ Operating Systems Microsoft Corporation Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this document maybe reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of Microsoft Corporation. ©1992 Microsoft Corporation. All rights reserved. Microsoft, MS, MS-DOS, XENIX, CodeView, and QuickC are registered trademarks and Microsoft QuickBasic, QuickPascal, Windows and Windows NT are trademarks of Microsoft Corporation in the USA and other countries. U.S. Patent No. 4,955,066 Hercules is a registered trademark of Hercules Computer Technology. IBM, PS/2, and OS/2 are registered trademarks of International Business Machines Corporation. Intel is a registered trademark of Intel Corporation. NEC and V25 are registered trademarks and V35 is a trademark of NEC Corporation. Document No. DB35747-1292 Printed in the United States of America. Macro Assembler 6.1 (16-bit) - MSDN Archive Edition Page 1 MASM Features New Since Version 5.1 (C) 1992-1996 Microsoft Corporation. All rights reserved. Introduction The Microsoft® Macro Assembler Programmer’s Guide provides the information you need to write and debug assembly-language programs with the Microsoft Macro Assembler (MASM), version 6.1. This book documents enhanced features of the language and the programming environment for MASM 6.1. This Programmer’s Guide is written for experienced programmers who know assembly language and are familiar with an assembler.
    [Show full text]
  • Programming in Assembler – Laboratory
    Programming in Assembler – Laboratory Exercise No.1 Installing MASM 6.14 with Programmers Workbench environment During the Exercise No.1 students are to install and configure Microsoft assembler MASM 6.14 with full environment for program writing and debugging. Environment consists of: - The Microsoft Macro Assembler (MASM) - Editor - Debbuger CodeView - A project management („make”) utility - A source-level browser - A complete online reference system All parts of this environment should be installed. They all are intergated with one shell tool - The Programmer’s WorkBench (PWB). To install the MASM 6.14 environment the following are needed: - Instalation version of the MASM 6.11 - Patch to update the MASM 6.11 to 6.14 - Documentation of the environment All needed materials can be accessed from location D:\lab_assembler\ Step by step guide for installation: - Read the documents in Getting Started folder – they describe installation process - Read the packing.txt file – it describes files to be installed - Install the MASM 6.11 running setup.exe from DISK1 folder with default parameters - Refer to documentation for help about installing parameters - Unpack the MASM 6.14 update running the ml614.exe - Refer to documentation in readme.txt file for updating process - Update MASM 6.11 to 6.14 running the patch.exe To run the PWB environment first set the environment variables using the new-vars.bat located in the BINR directory. Now it is possible to correctly run the pwb.exe. After installation test the functions of the tools writing simple assembler program. TITLE HELLO .MODEL small, c, os_dos ; Could be any model except flat .DOSSEG ; Force DOS segment order .STACK .DATA ; Data segment msg BYTE "Hello, world.", 13, 10, "$" .CODE ; Code segment .STARTUP ; Initialize data segment and ; set SS = DS mov ah, 09h ; Request DOS Function 9 mov dx, OFFSET msg ; Load DX with offset of string ; (segment already in DS) int 21h ; Display String to Standard Out .EXIT 0 ; Exit with return code 0 END .
    [Show full text]
  • Windows Multi-DBMS Programming
    • Windows Multi-DBMS Programming Using C++, Visual Basic®, ODBC, OLE2, and Tools for DBMS Projects Ken North John Wiley & Sons, Inc. New York • Chichester • Brisbane • Toronto • Singapore : . ... • - . Contents Preface XXV Chapter 1 Overview and Introduction 1 The Changing Face of Development 2 Overview 2 Required Hardware and Software 3 Chapter 2 Windows Software Development: Concepts and Issues Terms and Concepts 5 Windows Features and Database Applications 7 Processes, Tasks, and Threads 7 Multitasking 8 Protected Addresses and Safe Multitasking 8 Threads: NetWare and Win32 9 Scheduling 9 Windows Programming 10 Static and Dynamic Linking 11 Dynamic Link Libraries 12 INI Files 12 Resources and Help Files 12 Dialog Boxes 13 Custom Controls 14 Notation 14 Windows Developer's Notebook 15 Baselines 15 Version Control 16 Common Development Steps 16 VH viii Contents Pseudocode 17 Debugging 17 Visual Programming 19 Formal Development Methods 19 Crafting Code for Windows 20 GUI Design Considerations and Database Applications 20 Chapter 3 Database Applications: Concepts and Issues 22 Building Database Applications 22 Database Architectures 23 DBMS Evolution 23 ISAM 24 Network and Hierarchical Databases 24 SQL and Relational Databases 25 Desktop, File Server, and Client-Server 29 Terms and Concepts 30 SQL Concepts 38 Database Design 39 Network Database Design 40 Relational Database Design 40 Query Optimization 45 Issues 48 Sample Database and Applications 49 Info Enterprises 49 Sample Applications 50 Road Map for Database Developers 55 Tools
    [Show full text]
  • Universal Subscription End-User License
    Universal Subscription End-User License Agreement DEVELOPER EXPRESS INC DEVEXPRESS .NET Controls and Frameworks Copyright (C) 2000-2021 Developer Express Inc. Last revised May, 2021 END-USER LICENSE AGREEMENT FOR ALL SOFTWARE DEVELOPMENT PRODUCT(S) INCLUDED IN THIS DISTRIBUTION IMPORTANT - PLEASE READ THIS END-USER LICENSE AGREEMENT (“AGREEMENT”) CAREFULLY BEFORE DOWNLOADING OR USING THE SOFTWARE DEVELOPMENT PRODUCT(S) INCLUDED IN THIS DISTRIBUTION/INSTALLATION. This Developer Express Inc ("DEVEXPRESS") AGREEMENT constitutes a legally binding agreement between you or the business and/or entity which you represent ("You" or "LICENSEE") and DEVEXPRESS for all DEVEXPRESS products, frameworks, widgets, source code, demos, intermediate files, media, printed materials, and documentation ("SOFTWARE DEVELOPMENT PRODUCT(S)") included in this distribution/installation. By purchasing, installing, copying, or otherwise using the SOFTWARE DEVELOPMENT PRODUCT(S), you acknowledge that you have read this AGREEMENT and you agree to be bound by its terms and conditions. If you are representing a business and/or entity, you acknowledge that you have the legal authority to bind the business and/or entity you are representing to all the terms and conditions of this AGREEMENT. If you do not agree to any of the terms and conditions of this AGREEMENT or if you do not have the legal authority to bind the business and/or entity you are representing to any of the terms and conditions of this AGREEMENT, DO NOT INSTALL, COPY, USE, EVALUATE, OR REPLICATE IN ANY MANNER, ANY PART, FILE OR PORTION OF THE SOFTWARE DEVELOPMENT PRODUCT(S). All SOFTWARE DEVELOPMENT PRODUCT(S) is licensed, not sold. 1. GRANT OF LICENSE.
    [Show full text]
  • Microsoft Symbol and Type Information Microsoft Symbol and Type Information
    Microsoft Symbol and Type Information Microsoft Symbol and Type Information ii Formats Specification for Windows Tool Interface Standards (TIS) Version 1.0 Microsoft Symbol and Type Information Table of Contents 1. Symbol and Type Information............................................... 1 1.1. Logical Segments .......................................................................................1 1.2. Lexical Scope Linkage ...............................................................................1 1.3. Numeric Leaves .........................................................................................2 1.4. Types Indices .............................................................................................3 1.5. $$SYMBOLS and $$TYPES Definitions...................................................3 $$TYPES Definition.............................................................................................................3 $$SYMBOLS Definition ......................................................................................................4 2. Symbols ................................................................................... 5 2.1. General.......................................................................................................5 Format of Symbol Records .................................................................................................5 Symbol Indices ......................................................................................................................6 2.2. Non-modal
    [Show full text]
  • Lab # 1 Introduction to Assembly Language
    Assembly Language LAB Islamic University – Gaza Engineering Faculty Department of Computer Engineering 2013 ECOM 2125: Assembly Language LAB Eng. Ahmed M. Ayash Lab # 1 Introduction to Assembly Language February 11, 2013 Objective: To be familiar with Assembly Language. 1. Introduction: Machine language (computer's native language) is a system of impartible instructions executed directly by a computer's central processing unit (CPU). Instructions consist of binary code: 1s and 0s Machine language can be made directly from java code using interpreter. The difference between compiling and interpreting is as follows. Compiling translates the high-level code into a target language code as a single unit. Interpreting translates the individual steps in a high-level program one at a time rather than the whole program as a single unit. Each step is executed immediately after it is translated. C, C++ code is executed faster than Java code, because they transferred to assembly language before machine language. 1 Using Visual Studio 2012 to convert C++ program to assembly language: - From File menu >> choose new >> then choose project. Or from the start page choose new project. - Then the new project window will appear, - choose visual C++ and win32 console application - The project name is welcome: This is a C++ Program that print "Welcome all to our assembly Lab 2013” 2 To run the project, do the following two steps in order: 1. From build menu choose build Welcome. 2. From debug menu choose start without debugging. The output is To convert C++ code to Assembly code we follow these steps: 1) 2) 3 3) We will find the Assembly code on the project folder we save in (Visual Studio 2012\Projects\Welcome\Welcome\Debug), named as Welcome.asm Part of the code: 2.
    [Show full text]
  • Migrating ASP to ASP.NET
    APPENDIX Migrating ASP to ASP.NET IN THIS APPENDIX, we will demonstrate how to migrate an existing ASP web site to ASP.NET, and we will discuss a few of the important choices that you must make during the process. You can also refer to the MSDN documentation at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpguide/ html/cpconmigratingasppagestoasp.asp for more information. If you work in a ColdFusion environment, see http: //msdn. microsoft. com/library I default.asp?url=/library/en-us/dnaspp/html/coldfusiontoaspnet.asp. ASP.NET Improvements The business benefits of creating a web application in ASP.NET include the following: • Speed: Better caching and cache fusion in web farms make ASP.NET 3-5 times faster than ASP. • CompUed execution: No explicit compile step is required to update compo­ nents. ASP.NET automatically detects changes, compiles the files if needed, and readies the compiled results, without the need to restart the server. • Flexible caching: Individual parts of a page, its code, and its data can be cached separately. This improves performance dramatically because repeated requests for data-driven pages no longer require you to query the database on every request. • Web farm session state: ASP.NET session state allows session data to be shared across all machines in a web farm, which enables faster and more efficient caching. • Protection: ASP.NET automatically detects and recovers from errors such as deadlocks and memory leaks. If an old process is tying up a significant amount of resources, ASP.NET can start a new version of the same process and dispose of the old one.
    [Show full text]
  • Evoluzione Degli Strumenti Di Sviluppo Microsoft
    Evoluzione degli strumenti di sviluppo Microsoft Massimo Bonanni Senior Developer @ THAOS s.r.l. [email protected] http://codetailor.blogspot.com http://twitter.com/massimobonanni Agenda • Gli IDE questi sconosciuti • All’inizio era BASIC! • Anni ‘70-’80: compilatori e poco più • Anni ’90: frammentazione degli strumenti di sviluppo • Ultimi 10 anni: l’ecosistema .NET • Conclusioni IDE, questo sconosciuto • IDE è l’acronimo di Integrated Development Environment; • Un insieme di applicazioni (di solito abbastanza complesso) a supporto di chi produce software; • Generalmente consiste di: – Un editor di codice sorgente – Un compilatore e/o interprete – Un debugger – Un tool di building – Vari tools a supporto IDE, questo sconosciuto • Gli IDE possono essere multi-linguaggio o singolo linguaggio; • Alcuni IDE sono espandibili tramite plug-in o estensioni; • Negli ultimi anni gli IDE sono diventati parte di ecosistemi anche molto complessi che contemplano anche gestione del ciclo di vita delle applicazioni; IDE, a cosa serve Lo scopo di un IDE non è banalmente quello di permettere allo sviluppatore di scrivere codice ma dovrebbe permettere allo stesso di aumentare la propria produttività in tutti le fasi della realizzazione di un sistema software. IDE, a cosa serve In sintesi: “At every juncture, advanced tools have been the key to a new wave of applications, and each wave of applications has been key to driving computing to the next level.” Bill Gates La storia di Microsoft Possiamo suddividere l’evoluzione degli strumenti di sviluppo in tre fasi: – Anni ‘70-’80 : poco più che compilatori a riga di comando ed editor di base; – Anni ’90 : primi IDE a finestre (grazie all’arrivo di Windows); – Dal 2000 ad oggi: l’ambiente di sviluppo si trasforma in una vera piattaforma di sviluppo.
    [Show full text]
  • Ptc Objectada® Version 10.0 Release Announcement
    ptc objectada® for Windows ptc objectada® 64 for Windows Version 10.0 Release Announcement New native Ada compiler release implements Ada 2012 language features and supports Microsoft Visual Studio 2017 and Windows 10 Software Development Kit (SDK) Needham, MA – June 8, 2018 –– PTC (NASDAQ: PTC) today announced the release of version 10.0 of its popular PTC® ObjectAda for Windows and PTC ObjectAda64 for Windows Ada compiler products. This new release introduces support for a substantial initial subset of Ada 2012 language features and support for development of native Windows 32-bit or 64-bit applications using the Microsoft Visual Studio 2017 development tools and libraries from the Windows 10 Software Development Kit (SDK). The Ada 2012 features implemented in this release include the dynamic contracts (preconditions and postconditions for subprograms), aspect specifications, new flexible forms of expressions, and new predefined program library packages. In addition, with this new release, ObjectAda can be configured to use any installation of the Visual Studio 2017 tools and Windows 10 Software Development Kit (SDK), thereby enabling development using the latest releases from Microsoft®. ObjectAda version 10.0 is a major new release incorporating these enhancements: – Compiler, runtime, debugger, and IDE upgrades – New Ada 2012 language support – Ada 95, Ada 2005, and Ada 2012 compiler operation modes – Windows 10 compatibility, also works with Windows 7 or later – Ada bindings to Windows APIs based on Windows 10 SDK – Development using Visual C++ 2017 tools & Windows 10 SDK libraries – Ada Development Toolkit (ADT) Eclipse interface upgrade – works with latest Eclipse versions “ObjectAda for Windows v.10.0 is the first in a series of releases PTC has planned in its phased implementation strategy for Ada 2012 language feature support.” stated Shawn Fanning, Software Development Director at PTC.
    [Show full text]
  • 3. Familiarity with MASM, Codeview, Addressing Modes
    3. Familiarity with MASM, Codeview, Addressing Modes Part I: Background The Microsoft Assembler package, MASM, is a programming environment that contains two major tools: the assembler/linker and the CodeView debugger. The assembler/linker translates x86 instructions to machine code and produces a ".exe" file that can be executed under DOS. The CodeView tool is an enhanced version of DEBUG with a graphical interface that also handles 32 bit instructions. A help program called 'qh' is a DOS-based utility that provides documentation on MASM and CodeView. Appendix A of this lab has some tips concerning MASM installation on your PC. Objectives: Learn to: A. Use the MASM program to assemble and link a program. B. Use CodeView to debug and execute an assembler language program. C. Explore some of the addressing modes available in the x86 instruction set. Pre-Lab Read Chapter 3 and Appendix C in the Irvine Textbook. Chapter 3 gives a good introduction to the Microsoft assembler, basic arithmetic instructions (add, subtract, increment, decrement), and basic addressing modes. 1. Answer Question 41 in the Irvine Textbook. 2. Answer Question 43 in the Irvine Textbook. 3. Explain what direct addressing is and give an example. 4. Explain what indirect addressing is and give an example. Lab A.1 The Assembly Language Process Using the Command line The following section explains how to assemble and link a file using the command line from a DOS window. The steps are: 1. Create or edit the source code (.asm file) using any ASCII text editor. Warning -- the file must be saved in an ASCII format - some editors like 'winword', or 'word' store the file by default in a binary format.
    [Show full text]
  • A Guide for File Extensions
    A Guide to File Extensions You will find attached a list of the extensions you might find on your pc, floppy or the internet. The list includes the extension, description, whether it's text, and the likely programs to use to view the contents. Because I included the internet there are unix, mac, … files included - where possible I've include PC programs which will read them. Some of the programs will only read or write or only accept certain variants of the file so even though a program is listed it doesn't mean it will read your particular version of the file. I have done my best to keep this accurate but this is supplied on a all care but no responsibility basis. Extension Description Ascii/Bin Viewer $$$ Used by OS/2 to keep track of Archived files ? *KW Contains all keywords for a specific letter in the ? RoboHELP Help project Index Designer. Where * is a letter eg AKW will contain the index for works starting with the letter A. @@@ Screen files used in the installation and instruction on ? use of such applications as Microsoft Codeview for C \ FoxPro Memo File for a Label (See LBL Extension) FoxBase, Foxpro ~DF A backup of a DFM file. (See the DFM File Extension) ? ~DP A backup of a DPR file. (See the DPR File Extension) ? ~PA A backup of a PAS file. (See the PAS File Extension) ? ~xx usually a backup file ? 001 Hayes JT Fax format Bin PhotoImpact 00n Used to signify a backup version of a file. It should be Either ? fine to remove them.
    [Show full text]