My x64 tool bag continues to grow with this new import reconstructing tool created by TiGa (Sébastien Doucet) and demo’d at the RECon 2008 event. You can read more about this new tool and grab yourself a copy at the Collaborative RCE Tool Library. Also you can download the video of TiGa’s RECon session on x64 unpacking here and see the tool in use.
I was trying to debug a problem the other day and I set out using Lutz Roeder’s excellent Reflector for .NET tool, along with Deblector, an addin for debugging within Reflector. I loaded my target into Reflector and started the debugging addin and up popped the following dialog.
Now this dialog contains a lot of information, but to be honest it kind of overwhelmed me and didn’t really give me any good feeling about what had actually gone wrong. Obviously it was related in some way to MDbg, the managed debugger used by Reflector. So I pulled down the Managed Debugger Sample and the Deblector source and set about trying to figure what had really gone wrong. Anyway I tracked this dialog down to the following piece of code
private void DebuggerErrorEventHandler(Object sender, CorDebuggerErrorEventArgs e) { Trace.WriteLine("ManagedCallback::DebuggerError"); if (InternalHandleRawMode(ManagedCallbackType.OnDebuggerError, e)) return; e.Continue = false; InternalSignalRuntimeIsStopped(null, new DebuggerErrorStopReason()); Debug.Assert(false, "Critical failures -- received DebuggerError callback."); }
And examining the CorDebuggerErrorEventArgs object allowed my to actually find the error code 0x80131C30, this wasn’t a number I was familiar with, so I had to Google it, which led me to the fact that ICorPublish does not cross the 32/64 bit boundary. Ah, now were getting somewhere I thought, the .net flags in the header of the target I was trying to debug was set as follows
But for some (presumably good) reason, Reflector’s binary is set to ’32bit required’. As I was running on Vista x64 my target was being run as a 64 bit image, but Relfector + Deblector + the ICorPublish interface they created were running as 32 bit.
The solution to my problem, well I simply ticked the ’32bit required’ tick box in the flags section of the .net header for the target I wished to debug and everything started working.
And it even look’s like Apple are getting in on all the Home Server goodness coming out of Microsoft at the moment 🙂
Take a look at this link to find out how to turn your Mac Mini into a Windows Home Server (and put it to a good use 😉 )
Well, I’ve been away on vacation for a week and I’ve come back to find that the release candidate of Power Pack 1 is now available. So I’ve just finished upgrading my server and performing the first backup of my Vista x64 laptop 🙂 using the new x64 WHS Connector software, needless to say, this took a long time as a first backup (of a 250GB drive over wifi) but at least it all worked.
Finally some news (although ‘early June’ is still a little vague) but hopefully in the next couple of week’s we will have something to test. I wont post the email I received from Connect in full, but if you want to read more head over to the WHS Team Blog
I obviously missed this one, because it’s been out a couple of week’s, but I have now updated the K2 theme that I use to RC6. This is now fully compatible with WordPress 2.5 (I had previously been using some files from SVN)
Just a quick post to let you all know I have made a small update to the FireflyWHS setting plug-in to fix a problem reported over at the Firefly Media Server forums. In certain situations the plug-in would say that the Firefly service would need to be restarted, even though no changes had been made to it’s configuration, hopefully this is now fixed. Take a look at the bottom of my FireflyWHS page for the download link.
My favorite Hex editor is the excellent Hex Workshop. However, having just made the switch to Vista x64, I found that 32 bit shell extensions (which are COM dll’s) can not be loaded by 64 bit processes such as explorer.exe. So I hade a quick look around and came across this article by Michael Dunn and from this I have created an x64 shell extension for Hex Workshop. Feel free to download it here, just copy it to your Hex Workshop folder and register it. It was built using Visual Studio 2008, so you may need the latest MS runtime’s.
C:Program Files (x86)BreakPoint SoftwareHex Workshop v5>regsvr32 hwext64.dll
I recently bought some more memory for my laptop, mainly ‘just because’. I mean there was nothing really wrong with 2GB, but memory is so cheap at the moment…
Anyway, after removing the panel on the bottom of the laptop and removing the old memory, I inserted the new 2GB SO-DIMM’s and now I have 4GB, or do I?
I already had an idea from reading around I had done and also the experience of my boss, that I was only going to be able to see 3GB of RAM, however to my surprise Vista SP1 reported that I had 4GB 🙂 This is a new useless feature of SP1, however it can still only use 3GB 🙁
So I have taken the plunge and installed Vista x64, so far so good, but why oh why are there 2 ‘Program Files’. I mean I understand the reason behind this, but there just seems to be a random mismatch of both x86 and x64 binaries in both folders 🙁 So they might as well all be in one place in my opinion.
So now I better see if I can build some x64 native binaries 😉
WordPress 2.5 was released yesterday, so I decided to upgrade (it has a newer version number) everything appeared to go smoothly until I tried to login to the admin page 🙁
<strong>Fatal error:</strong> Call to undefined function: wp_register_sidebar_widget() in /.../.../.../wp-admin/includes/dashboard.php on line 31
Anyway a quick google later and it appeared the best solution might be to upgrade K2 to the latest nightly build also 😀
So far everything seems to be working again and i’m liking the updates to WordPress