Tuesday, December 12, 2023

Operating system - Part 1:

 In our blog, we published several articles on OS concepts which mostly on the perspective for malware analysis/security research. In few instances, we explained the concepts of threads, process and other OS concepts. Recently, we planned to make a golden post or you can call gold mine post on operating system. These articles could go in a fashion as several parts which includes discussion on the popular operating systems and its components. Before that, we are copying the previous posts related to Operating system:

Secure OS: https://www.edison-newworld.com/2013/12/secure-operating-systems.html

Security-focused operating system: https://www.edison-newworld.com/2013/12/security-focused-operating-system.html

The Great Debate: iOS vs Android - Which Mobile Operating System Reigns Supreme?


Process and Thread: edison-newworld.com/2023/01/process-and-thread.html

Delving into Operating System Internals: A Comprehensive Guide for Malware Researchers


Overview of Operating Systems

Operating systems (OS) form the backbone of modern computing, serving as the crucial interface between hardware and software. As we embark on this exploration of operating systems in this multi-part blog series, it's essential to first grasp the fundamental role they play in the digital realm. An operating system is more than just a piece of software; it is the orchestrator that manages and coordinates all the resources of a computer system. From handling basic input and output operations to managing memory, processes, and user interactions, operating systems are the silent conductors that ensure the seamless functioning of our devices.

Importance of Operating Systems

The significance of operating systems becomes apparent when we consider the diverse array of computing devices that surround us. Whether it's the personal computer on your desk, the smartphone in your pocket, or the servers powering the internet, each relies on a specialized operating system to enable communication between hardware and software components.

In this series, we will unravel the layers of complexity that operating systems bring to the table. We'll explore the historical evolution of operating systems, from their humble beginnings to the sophisticated structures they have become. Understanding this evolution provides valuable insights into the challenges and solutions that have shaped the computing landscape.

Scope of the Blog Series

This series aims to demystify the world of operating systems, catering to both beginners seeking a foundational understanding and seasoned tech enthusiasts keen on delving into advanced concepts. We'll traverse the intricacies of operating system architecture, dissect the key components that make them tick, and examine the various types of operating systems that cater to different computing needs. As we progress through this journey, we'll not only explore the current state of operating systems but also peek into the future, contemplating the emerging trends and technologies set to redefine how operating systems function.

So, buckle up as we embark on this enlightening voyage through the heart and soul of computing – the Operating System.

Evolution of Operating Systems

Early Operating Systems

The journey of operating systems traces back to the dawn of computing. In the early days, computers were large, room-filling machines operated by punch cards and paper tapes. The first operating systems were rudimentary, designed primarily for batch processing. One notable example is the General Motors Operating System (GMOS), developed in the 1950s for the IBM 701.

Milestones in OS Development

The 1960s witnessed significant milestones in operating system development. The introduction of multiprogramming allowed several tasks to run concurrently, improving overall efficiency. IBM's OS/360, released in 1964, marked a turning point by providing a standardized operating system across different hardware platforms. The 1970s ushered in the era of time-sharing systems, enabling multiple users to interact with a computer simultaneously. UNIX, developed at Bell Labs, emerged as a pioneering operating system known for its portability and modularity.

Modern Operating Systems

The advent of personal computers in the 1980s brought about a shift toward user-friendly interfaces. Microsoft's MS-DOS and Apple's Macintosh System Software were among the early players in this era. The graphical user interface (GUI) revolutionized user interactions, making computing more accessible. The 1990s saw the rise of Windows operating systems dominating the PC market, while UNIX variants and Linux gained prominence in server environments. The development of Windows NT marked a shift towards a more robust and secure architecture.

In the 21st century, mobile operating systems like Android and iOS have become ubiquitous, powering smartphones and tablets. The Linux kernel's widespread adoption in servers and embedded systems highlights the growing importance of open-source solutions. As we explore the evolution of operating systems, it becomes clear that each era brought unique challenges and innovations, shaping the landscape of modern computing. In the subsequent sections of this series, we will dissect the key components that have evolved alongside these operating systems and delve into the intricate mechanisms that govern their functionalities.

Understanding the Heart of the Operating System
At the core of every operating system resides a vital component known as the kernel. Think of the kernel as the conductor of the computing orchestra, orchestrating the interaction between hardware and software components. It is the first program to load during the system boot and remains in memory throughout the computer's operation.

Key Responsibilities of the Kernel
Process Management
One of the primary responsibilities of the kernel is process management. It oversees the execution of processes, allocating resources such as CPU time and memory to ensure a smooth and efficient operation. The kernel decides which processes get access to the CPU and in what order, managing the multitasking capabilities of the operating system.

Memory Management
Memory management is another critical function of the kernel. It is tasked with allocating and deallocating memory space as needed by different processes. This involves maintaining a memory map, handling virtual memory, and ensuring that each application gets the necessary space without interfering with others.

Device Drivers
The kernel acts as a bridge between the hardware and software layers by incorporating device drivers. These drivers are specialized modules that enable the operating system to communicate with various hardware components, from hard drives to printers. The kernel provides a standardized interface, allowing applications to interact with hardware without needing to understand its intricacies.

System Calls
Facilitating communication between applications and the kernel are system calls. These are predefined functions that provide a controlled entry point into the kernel, allowing applications to request services like file operations, input/output, and network communication.

Types of Kernels
Monolithic Kernel
In a monolithic kernel architecture, all core services, including process management and device drivers, are implemented in a single, unified kernel space. While this design offers efficiency, any error or crash in one part of the kernel can potentially impact the entire system.

Conversely, a microkernel approach involves keeping the kernel minimalistic, with essential functions. Additional services are moved to user space, enhancing system stability. Microkernels promote modularity and ease of maintenance but may incur a slight performance overhead.

Hybrid Kernel
A hybrid kernel combines elements of both monolithic and microkernel architectures, aiming to strike a balance between efficiency and stability. This design allows for flexibility in tailoring the operating system to specific requirements.

The Significance of Kernel Development
Kernel development is a continuous process, with ongoing efforts to enhance performance, security, and compatibility. Open-source operating systems like Linux benefit from a collaborative approach, with contributions from a global community of developers.

Types of Operating Systems
Operating systems come in various forms, each tailored to specific computing needs. Understanding the types of operating systems is crucial for selecting the right platform for a given application. In this section, we'll explore three fundamental classifications:

Single-User vs. Multi-User OS
Single-User Operating Systems:
Designed for individual users, single-user operating systems are prevalent in personal computers and laptops. They cater to the needs of a single user at a time, providing a straightforward and personalized computing environment.

Multi-User Operating Systems:
Contrastingly, multi-user operating systems support concurrent access by multiple users. These systems are common in business environments, servers, and mainframes, facilitating collaboration and resource sharing.

Single-Tasking vs. Multi-Tasking OS
Single-Tasking Operating Systems:
In a single-tasking environment, only one task is executed at any given time. Once a process is initiated, it continues until completion before another task begins. This simplicity is suitable for straightforward applications and early computing systems.

Multi-Tasking Operating Systems:
Modern operating systems, on the other hand, employ multi-tasking capabilities. They allow multiple processes to run simultaneously, enabling users to switch between applications seamlessly. This enhances productivity and responsiveness in today's complex computing environments.

Real-Time Operating Systems (RTOS)
Real-Time Operating Systems:
Real-time operating systems are designed to process data and complete tasks within strict time constraints. These systems are crucial in scenarios where timely and predictable execution is essential, such as in industrial automation, medical devices, and aerospace applications.

Understanding the distinctions between these types of operating systems provides a foundation for comprehending their diverse applications. As we progress through this series, we'll delve deeper into the unique characteristics and functionalities of each type, shedding light on their roles in the broader computing landscape.

Operating System Architectures
The architecture of an operating system defines its underlying structure and organization, influencing its performance, reliability, and flexibility. In this section, we'll explore three prominent operating system architectures:
Understanding the nuances of these operating system architectures is crucial for system developers and administrators. The choice of architecture influences factors such as system responsiveness, scalability, and ease of maintenance. In the subsequent sections, we'll delve into the inner workings of each architecture, uncovering their advantages, challenges, and real-world applications.

Operating System Functions
The operating system is a complex software entity responsible for managing various aspects of a computer system. In this section, we'll explore the core functions that the operating system performs to ensure the seamless operation of hardware and software components.

Process Management
At the heart of the operating system lies the task of managing processes. The OS oversees the creation, scheduling, and termination of processes, allocating resources such as CPU time and memory to ensure efficient execution. It also facilitates communication and synchronization between processes.

Memory Management
Efficient utilization of memory is essential for optimal system performance. The operating system is responsible for allocating and deallocating memory space as needed by various processes. It employs techniques like virtual memory to provide an illusion of a larger memory space than physically available.

File System Management
Organizing and storing data on storage devices fall under the purview of file system management. The operating system creates a structured approach to access and manage files, directories, and storage space. It ensures data integrity, security, and efficient retrieval.

Security and Protection
Safeguarding the system and its data is a critical role of the operating system. It enforces security measures through user authentication, authorization, and encryption. Additionally, the OS implements protection mechanisms to prevent one process from interfering with another.
Understanding these fundamental functions provides insight into the intricate operations that occur beneath the surface of our computing devices. As we progress through this series, we'll delve deeper into each function, exploring the mechanisms and algorithms that drive these essential aspects of operating system functionality.

Case Study: Popular Operating Systems
In this section, we'll take a closer look at some of the most widely used operating systems, each with its unique characteristics and contributions to the computing landscape.

Microsoft's Windows operating system has been a dominant force in the personal computer market for decades. Known for its user-friendly interface, extensive software compatibility, and widespread adoption, Windows has evolved through various versions, including Windows 3.1, Windows 95, XP, 7, 8, and the latest Windows 10. Each iteration brings improvements in functionality, security, and user experience.

Developed by Apple Inc., macOS is the operating system that powers Macintosh computers. Renowned for its sleek design, seamless integration with Apple hardware, and a focus on user experience, macOS has undergone transformations over the years. Key versions include Mac OS X, which transitioned to macOS with subsequent updates like Mavericks, Yosemite, and the latest releases.

Linux is a powerful and versatile open-source operating system kernel that serves as the foundation for numerous distributions (distros). Ubuntu, Fedora, Debian, and CentOS are examples of popular Linux distributions. Linux is widely used in server environments, powering a significant portion of the internet, and its open-source nature encourages collaboration and customization.

Android and iOS
Mobile operating systems play a crucial role in the proliferation of smartphones and tablets. Android, developed by Google, is an open-source platform that powers a vast array of devices. iOS, developed by Apple, is known for its closed ecosystem and exclusive use on iPhones and iPads. Both systems have significantly impacted the way we interact with mobile technology.
By examining these case studies, we gain insights into the diverse approaches operating systems take to meet the needs of users across different computing platforms. In the upcoming sections, we'll delve into the challenges faced by operating systems, emerging trends, and what the future holds for these essential software components.

Challenges in Operating System Design
Operating systems are the linchpin of computing, orchestrating a myriad of tasks to ensure smooth and efficient operation. However, their design and maintenance come with their own set of challenges. In this section, we'll explore key challenges faced by operating system designers and developers.

One of the paramount challenges in operating system design is scalability. As computing environments evolve and hardware capabilities expand, operating systems must scale to accommodate increasing workloads. Ensuring that the OS can efficiently handle the demands of a growing user base and evolving technology is a continuous challenge.

Security Concerns
In an era marked by pervasive connectivity, security is a critical consideration. Operating systems must defend against a multitude of threats, ranging from malware and cyberattacks to unauthorized access. Constant vigilance and the implementation of robust security measures are imperative to safeguard user data and system integrity.

The diversity of hardware and software configurations poses a persistent challenge. Operating systems must navigate compatibility issues to ensure seamless interactions between applications and a wide array of devices. Striking a balance between innovation and maintaining backward compatibility is a delicate task.
As we explore the challenges in operating system design, it becomes evident that these issues are dynamic and interconnected. Addressing them requires a combination of technical expertise, adaptability, and a forward-looking approach. In the subsequent sections, we'll delve into the ongoing efforts to optimize operating system performance, enhance security measures, and adapt to the ever-changing landscape of computing.

Future Trends in Operating Systems
As technology advances, so do the demands on operating systems. In this section, we'll explore emerging trends that are shaping the future of operating systems and influencing the way we interact with computing devices.

Cloud Integration
The integration of operating systems with cloud computing is transforming how resources are managed and applications are delivered. Cloud integration allows for seamless data access, collaboration, and resource utilization across distributed environments. Operating systems are evolving to accommodate this shift, providing users with a more connected and flexible computing experience.

Edge Computing
The rise of edge computing brings computation and data storage closer to the source of data generation. Operating systems are adapting to this paradigm shift by optimizing for decentralized processing. Edge computing is particularly relevant in applications requiring low latency, such as autonomous vehicles, IoT devices, and real-time analytics.

AI and Machine Learning in OS
AI and Machine Learning Integration:
The integration of artificial intelligence (AI) and machine learning (ML) into operating systems is unlocking new possibilities. OS functionalities are becoming more adaptive and intelligent, optimizing resource allocation, predicting user behavior, and enhancing security measures. This trend is poised to revolutionize how operating systems interact with users and manage system resources. Exploring these future trends provides a glimpse into the evolving landscape of operating systems. As we venture into the next era of computing, operating systems will play a pivotal role in shaping the user experience, supporting innovative applications, and navigating the complexities of a hyper-connected digital world.

In the concluding section, we'll summarize the key insights from our exploration of operating systems, reflecting on their evolution, current state, and the exciting possibilities on the horizon.

Recap of Part 1
In the inaugural part of our journey, we laid the groundwork for understanding the intricate world of operating systems. We explored their fundamental role as the bridge between hardware and software, witnessing their evolution from the early days of computing to the sophisticated systems that power our digital lives today.

Sneak Peek into Part 2
Part 2 delved deeper into the complexities of operating systems, unraveling their architectures, key components, and the challenges faced by designers. We navigated through the various types of operating systems, dissected their architectures, and scrutinized their critical functions. Our exploration reached a crescendo with a case study on popular operating systems, providing insights into the diverse landscapes of Windows, macOS, Linux, Android, and iOS.

As we conclude this two-part series, our journey through operating systems has been nothing short of enlightening. From the humble beginnings of early computing to the cutting-edge trends shaping the future, we've gained a comprehensive understanding of the heartbeat of modern computing.

What Lies Ahead
The path forward promises even more exciting revelations as we continue our exploration into Part 3. Advanced topics, case studies, and a closer look at emerging technologies await. Operating systems, the unsung heroes of our digital experiences, are poised to undergo further transformations, adapting to the demands of an ever-evolving technological landscape.

Join us in the next installment as we delve into the depths of operating systems, unraveling their complexities and anticipating the innovations that will define the future of computing.

Post by

Sunday, December 3, 2023

FAR Manager Tutorial: Generating SHA256 Hash for Files

 In the last post, we blogged about FAR Manager for string search features which is helpful for malware analyst to find the specific suspicious string presence in the large set of files. In this post how we can use FAR Manager for hash calculation of a file. Technically, FAR Manager doesn't have a built-in feature for calculating the SHA256 hash of a file. However, we can use external tools to achieve this. One such tool is `CertUtil`, which is available in Windows. Basically, these steps can be done with normal command prompt but I am just explaining it using FAR Manager.

Here are the steps to calculate the SHA256 hash of a file using FAR Manager and `CertUtil`:

1. Open FAR Manager and navigate to the location of the file for which you want to calculate the SHA256 hash.

2. Press `Alt+F2` to open the command prompt at the bottom of the FAR Manager window.

3. Type the following command to calculate the SHA256 hash of the file using `CertUtil`: 

   certutil -hashfile <filename> SHA256


   Replace `<filename>` with the actual name of the file you want to calculate the hash for.

   For example:

   certutil -hashfile example.txt SHA256


4. Press `Enter` to execute the command.

5. The SHA256 hash of the file will be displayed in the command prompt.

Note: Make sure that `CertUtil` is available in your system's PATH. In most Windows installations, it should be available by default.

Alternatively, you can use third-party tools like `sha256sum` or PowerShell commands if they are more convenient for your workflow.

Post by 


Saturday, December 2, 2023

Far Manager Tricks: Uncovering Malicious Strings Like a Pro

 Far Manager is a powerful file manager and text-based user interface for Windows, and it can be useful for various tasks, including malware analysis. To find whether a particular string is present in files within a folder, you can use the following steps:

1. Open Far Manager:

   Launch Far Manager and navigate to the directory where you want to search for the string.

2. Use the Find File Feature:

   Far Manager has a built-in feature for finding files that contain a specific string. To use this feature, press `Alt+F7` or go to the "Commands" menu and select "File search."

3. Specify Search Parameters:

   - In the "Search for" field, enter the string you want to search for.

   - You can set other parameters such as file masks, search in subdirectories, and more based on your requirements.

4. Initiate the Search:

   - Press `Enter` to start the search.

5. Review Search Results:

   - Far Manager will display a list of files that contain the specified string.

   - You can navigate through the list and select a file for further analysis.

6. View and Analyze Files:

   - After identifying files of interest, you can view their content by pressing `F3` or using the viewer panel.

   - Analyze the contents of the files to understand the context in which the string is present.

7. Navigate to the String:

   - If the string is found in a file, you can navigate to the specific occurrence by using the search feature within the viewer. Press `Alt+F7` while viewing the file and enter the string to locate its occurrences.

8. Repeat as Needed:

   - If you want to search for the same string in other directories or with different parameters, you can repeat the process.

Far Manager's search capabilities are powerful, and they can be customized to suit your specific needs. This method allows you to quickly identify files containing a particular string within a given folder or directory, facilitating malware analysis and investigation.

Post by


Setting up breakpoints in VirtualAlloc and VirtualProtect during malware analysis:

 Malware analysts add breakpoints in functions like `VirtualProtect` and `VirtualAlloc` for several key reasons: Understanding Malware Behav...