+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Developer (https://hashcat.net/forum/forum-39.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-40.html)
+--- Thread: Is there some thing wrong of deal with rules (/thread-10301.html)
Is there some thing wrong of deal with rules - hellohihi - 08-28-2021
The rule deal function is
DECLSPEC int apply_rules (CONSTANT_AS const u32 *cmds, u32 *buf, const int in_len)
{
int out_len = in_len;
for (u32 i = 0; cmds[i] != 0; i++)
{
const u32 cmd = cmds[i];
const u8 name = (cmd >> 0) & 0xff;
const u8 p0 = (cmd >> 8) & 0xff;
const u8 p1 = (cmd >> 16) & 0xff;
// we need to guarantee input length < 256 otherwise functions like rule_op_mangle_switch_last() and others will read out of boundary
out_len = apply_rule (name, p0, p1, buf, out_len);
}
return out_len;
}
and the Extract memory rule definition is
Extract memory XNMI Insert substring of length M starting from position N of word saved to memory at position I
lMX428 p@ssW0rd p@ssw0rdw0
with the name = X, the parameter N and M can be stored in p0 and p1, but parameter I can't be passed to apply_rule function.
Am I right ?
RE: Is there some thing wrong of deal with rules - Chick3nman - 08-28-2021
The code you are looking at is the code for applying rules on the GPU. The rule you have selected, extract_memory, is only available on the host/CPU side, and is marked as being only available in hashcat legacy or when using -j/-k on the wiki and in the documentation. The relevant code for running that rule is here:
https://github.com/hashcat/hashcat/blob/master/src/rp_cpu.c#L796
RE: Is there some thing wrong of deal with rules - hellohihi - 08-28-2021
I see, there is no Extract memory implement in kernel mode