Browsing the blog archives for June, 2006
How will you solve this integral?
One would first think of the method of Partial Fractions, including Shu-Sheng Lai(賴樹聲). However you will encounter a denominator conponent of (1+x^4) if you really do so, and what is worse, Lai doesn’t give you the correct answer to the coefficents and constants in the numerators of the fractions.
I provide my better solution in this PDF document, and you will see we need nothing but a little brain.
お姉ちゃんの愛の注射器 Version 1.3.0 Beta (Build 20060608)
Program: http://mifan.infor.org/lab/dll_inj-1.3.0-beta.rar
Runtime Library: http://mifan.infor.org/lab/qt-mt321.rar
The most significant new feature of this version, 1.3.0, is no doubt that the DLL Injector can now access KAV (Kaspersky Anti-Virus) processes. But anyway, what’s so important about Uncle Russian that it is taken as a milestone of my program? Well, KAV prevents other programs from accessing its processes by blocking the OpenProcess system call trying to attain its handles. KAV is definitely doing the right thing: to protect itself from virii and other malwares, as we already knew the fact that many virii nowadays would try to disable anti-virus softwares.
Neverthless, we still want the access to the KAV processes, and there’s an interesting fact that captures my attention. Although we cannot terminate the process kav.exe directly, which runs as the login user, the operating system can do this when we logoff. This could mean that we can do something to attain the KAV processes’ handles like the system does. Finally I found that handles of every running process were kept by a system process, csrss.exe, and, more surprisingly, they were opened with PROCESS_ALL_ACCESS flag and duplicable. By using Native API calls can we easily enumerate and duplicate those handles and thus access the KAV processes bypassing calling OpenProcess.
Thanks to Process Explorer from Sysinternals so that I can be able to discover handles opened by running processes.
