Is there some thing wrong of deal with rules
#1
The rule deal function is

DECLSPEC int apply_rules (CONSTANT_AS const u32 *cmds, u32 *buf, const int in_len)
{
  int out_len = in_len;

  for (u32 i = 0; cmds[i] != 0; i++)
  {
    const u32 cmd = cmds[i];

    const u8 name = (cmd >>  0) & 0xff;
    const u8 p0  = (cmd >>  8) & 0xff;
    const u8 p1  = (cmd >> 16) & 0xff;

    // we need to guarantee input length < 256 otherwise functions like rule_op_mangle_switch_last() and others will read out of boundary
    out_len = apply_rule (name, p0, p1, buf, out_len);
  }

  return out_len;
}


and the Extract memory rule definition is

Extract memory    XNMI    Insert substring of length M starting from position N of word saved to memory at position I

  lMX428    p@ssW0rd    p@ssw0rdw0

with the name = X, the parameter N and M can be stored in p0 and p1, but parameter I can't be passed to apply_rule function.

Am I right ?
Reply
#2
The code you are looking at is the code for applying rules on the GPU. The rule you have selected, extract_memory, is only available on the host/CPU side, and is marked as being only available in hashcat legacy or when using -j/-k on the wiki and in the documentation. The relevant code for running that rule is here:

https://github.com/hashcat/hashcat/blob/...cpu.c#L796
Reply
#3
I see, there is no Extract memory implement in kernel mode
Reply