I'm working on a labview program that will talk to box via VISA commands. When I use the instrument assistant in the labview Instrument I/O palette as an open window, it will send and receive information perfectly. When I close the window and try to run it within the context of the larger program (containing only that) it says that the VISA resource is busy.
I have also tried using the Open/write/close option from the Instrument I/O palette, and that also will not allow me to access the resource. I've tried all three directly after restarting the instrument in question, so I'm pretty sure it's not actually busy.
Does anyone have experience with a similar problem, and if so how did you fix it?
Related
For a project I am working on I want to collect data of malware in a virtualbox for 30 seconds and then revert the VirtualBox back to its original state and repeat this process 500 times for 500 different malware links that I have in a txt file. Before I revert to the normal VirtualBox state, I want to collect data from a program that is monitoring that malware. What is the best way to do this?
Edit: I'd also like to point out that I have code to read the opcodes that are being used by the application. All I would like to do is automate this process for the virtualbox.
I am not aware of such a feature in virtualbox or vmware but you can always use third party tools to compare the state of the different parts (like registry) before and after the execution of malwares.
I heard Ashampoo unistaller is a great tool to do the job but personally never tested it before.
Another option is to use sanboxes like sandboxie or cuckoo sandbox to capture the changes.
Another option is to use online sandboxes like hybrid-analysis which is perfect for what you want to do.
Just keep in mind that most malwares use anti-VM techniques to prevent execution in VMs so you probably will not be able to capture all the features of the malwares.
Hope it helps.
My goal is to write to a file (that the user whenever the user launches an application, such as FireFox) and timestamp the event.
The tricky part is having to do this from the kernel (or a module loaded onto the kernel).
From the research I've done so far (sources listed below), the execve system call seemed the most viable. As it had the filename of the process it was handling which seemed like gold at the time, but I quickly learned that it wasn't as useful as I thought since this system call isn't limited to user-related operations.
So then I thought of using ps -ef as it listed all the current running processes and I would just have to filter through which ones were applications opened by the user.
But the issue with that method is that I would have to poll every X seconds so, it has the potential to miss something if the user launched and closed an application within the time that I didn't call ps -ef.
I've also realized that writing to a file would be a challenge as well, since you don't have access to the standard library from the kernel. So my guess for that would be making use of proc somehow to allow the user to actually access the information that I'm trying to log.
Basically I'm running out of leads and I'd greatly appreciate it if anyone could point me in the right direction.
Thanks.
Sources:
http://tldp.org/LDP/lkmpg/2.6/html/x978.html (not very recent)
https://0xax.gitbooks.io/linux-insides/content/SysCall/syscall-4.html
First, writing to a file or reading a real file from the kernel is a bad idea which is not used in the kernel. There is of course VFS files, like /sys/fs or /proc, but this is a special case and this is allowed.
See this article in Linux Journal,
"Driving Me Nuts - Things You Never Should Do in the Kernel" by Greg Kroach-Hrtman
http://www.linuxjournal.com/article/8110
Every new process that is created in Linux, adds an entry under /proc,
as /proc/pidNum, where pidNum is the Process ID of the new process.
You can find out the name of the new application which was invoked simply by
cat /proc/pidNum/cmdline.
So for example, if your crond daemon has pid 1336, then
$cat /proc/1336/cmdline
will give
cron
And there are ways to monitor adding entries to a folder in Linux.
I'm trying to create a piece of software that will not be susceptible to bots. Is there a way for me to code into a program a way to check in the operating system for a process just like it and then put in a shutdown mechanism if it is recognized. Think of something like netflix where if one tab in chrome is running netflix, a second tab being opened will display an "oops" message. Is there anything like this for something that does not run on a web browser? What should I be looking into?
Thanks in advance
There can be plenty of solutions; the first coming into my mind are:
1) your program checks for existence of a particular file; if the files is not found then the program continue, otherwise your programs know that another instance is running and thus can terminate immediately. If the file is not found, your program creates it and then delete it before exting.
2) you can use an operating system call or an o.s. utility program to know if another instance of your program is running (e.g.: in linux, the command ps)
have fun
i'm wondering if there is any information out there on runinng the Instruments application from the command line, or otherwise launct the app in some automated fashion externally.
I'm aware of the "instruments" command line tool, but that seems to run Instruments/DTrace silently and collects info into a log file — that's not what i want to do. I would like to emulate — essentially — what Xcode does when you press the profile button. Launch the instruments GUI and have it, say, attach to a given given Process ID, so that the user sitting in front of the Mac can then interact with the app, see the data it collects etc.
Xcode does it, so surely there must be some kind of API?
thanx,
marc
Background
We have a .NET WinForms application written in C# that interfaces to a handheld store scanner via a console application. The console application is written in good ol' VB6-- no managed code there. The VB6 application consists of several COM objects.
The .NET WinForms application refreshes the data in the scanner by invoking the console application with the right parameters. When the console application starts, it pops up a modal form reminding the user to place the handheld device into its cradle.
Problem
A customer has a bizarre situation in which the call to start the console application appears to hang before it displays the reminder form. If the user presses any key-- even something innocent like Shift or Alt-- the application unfreezes, and the reminder form appears. While it is hung, the CPU usage of the console application is very high.
We have obtained a memory dump from the command line application using ProcDump. I have some experience debugging managed dump files, but this VB 6 dump is strange to me.
We captured several full memory dumps in a row. In some of them, there appears to be COM glue stacks. For example, several dump files show a call stack like this:
msvbm60!BASIC_DISPINTERFACE_GetTICount
msvbm60!_vbaStrToAnsi
msvbm60!IIDIVbaHost
msvbm60!rtcDoEvents
msvbm60!IIDIVbaHost
msvbm60!BASICCLASS_QueryInterface
[our code which I think is trying to create and invoke a COM object]
It doesn't help that the only symbols I have are from our code. The Microsoft symbol server does not have a PDB file for msvbm60.dll (or at least not from their version which is 6.0.98.2).
Questions
I am suspecting there may be some COM threading issue that is happening only on their system.
1) How can I determine the thread state of each thread in a dump file? If this were a managed dump file, I would look at !threads and then !threadstate to figure out the thread states. There is no managed code, so I can't use sos.dll. I didn't see any hints using ~ and !teb.
2) Is there a way to see what COM objects have been created in a dump file? Again, in a managed dump, I can do a !dumpheap to get a list of managed objects. Is there something similar I can find for COM objects?
3) Can I determine the threading model of COM objects in the dump file?
You can dump thread state by using command:
~*
this will not display 'background' as a state, you will only see running, frozen or suspended.
I'm not sure how you can get information from COM objects, I have never tried but will investigate and get back to you, regards to threading model it will be difficult to infer that without painful monitoring of application state after stepping through and even with that, when you step through all other threads will run unless you use .bpsync 1 which syncs all threads to the current one, but that could cause a hang (e.g. gui thread has now been told to freeze) so I think it will be difficult unless you have access to the source code.
I can only answer question 1. Use !runaway to find the thread or threads consuming the CPU. To get all thread stacks use ~*kb1000.