我们想对上面选择区域进行求和,发现求和结果竟然是0, 这显然不对;
调查到不对的原因是选择区域是文本,对这些区域用右键菜单转换成数值格式,发现左上角还是箭头,说明转化不成功;
网上有一些教程说可以用别的方式批量转文本为数值,比如用数据菜单中的分列功能, 我没有尝试,现在用Excel数组公式来解决这个问题:
1. 选中用来存sum的结果的单元格;
2. 生成公式模版如下
3. 在公式编辑栏中改公式为
=SUM(VALUE(起始单元格:N138))
4. 按CTRL+SHIFT+ENTER结束, 注意这会告诉EXCEL这是有数组为参数的公式(按完快捷键它会显示为下面的形式:
=SUM(VALUE(N123:N138))
This tutorial will teach you how to set up Sublime Text to edit files in ssh server.
1. Open Sublime Text and hit “ctrl + `”. This will show console. Copy and paste the Python code from packagecontrol.io or as following
import urllib.request,os,hashlib; h = '6f4c264a24d933ce70df5dedcf1dcaee' + 'ebe013ee18cced0ef93d5f746d80ef60'; pf = 'Package Control.sublime-package'; ipp = sublime.installed_packages_path(); urllib.request.install_opener( urllib.request.build_opener( urllib.request.ProxyHandler()) ); by = urllib.request.urlopen( 'http://packagecontrol.io/' + pf.replace(' ', '%20')).read(); dh = hashlib.sha256(by).hexdigest(); print('Error validating download (got %s instead of %s), please try manual install' % (dh, h)) if dh != h else open(os.path.join( ipp, pf), 'wb' ).write(by)
into the console terminal and hit enter.
2. Hit “ctrl + shift + p” to bring up the package manager. Search for "Install Package" and select it.
3. Check we are in installing package context and search and hit for rsub (a client to connect to the proxy app at ssh server). on succ, will print:
[rsub] Server running on localhost:52698
If already installed rsub, everytime Sublime starts, this message showed.
I suggest installing Xshell ( select English when decide language ).
Following is a saved login config:
Install rsub:
sudo wget -O /usr/local/bin/rsub https://raw.github.com/aurora/rmate/master/rmate sudo chmod a+x /usr/local/bin/rsub
Consider you are in /var/www/html of your ssh server and want send file jsdo.html to Sublime:
sudo rsub jsdo.html
Use Sublime to edit this file and save, at ssh server, you will see the file changed after saved from Sublime.
There are two ways to create an SSH tunnel, local and remote port forwarding (there's also dynamic forwarding, but we won't cover that here).
Imagine you’re on a private network which doesn’t allow connections to a specific server. Let’s say you’re at work and imgur.com is being blocked. To get around this we can create a tunnel through ssh server which isn’t on our network and thus can access Imgur.
$ ssh -L 9000:imgur.com:80 user@example.com //local port is targeting at imgur.com's port 80 with help of ssh server user@example.com .
Now open your browser and go to http://localhost:9000 , nobody is going to see what sites you’re visiting, they’ll only see an SSH connection to your server.
ssh -L 9000:localhost:5432 user@example.com
For here, the tunnel is localhost:9000 and ssh_server:5432; for easy maintain, local port and ssh port can be the same. the ssh_server can accept multiple connections at same port.
Say that you’re developing a Rails application on your local machine, and you’d like to show it to a friend. Unfortunately your ISP didn’t provide you with a public IP address, so it’s not possible to connect to your machine directly from the internet.
Sometimes this can be solved by configuring NAT (Network Address Translation) on your router, but this doesn’t always work, and it requires you to change the configuration on your router, which isn’t always desirable. This solution also doesn’t work when you don’t have admin access on your network.
To fix this problem you need to have another computer, it can be any server on the internet or your company We’ll tell SSH to make a tunnel that opens up a new port on the server, and connects it to a port on your machine:
$ ssh -R 9000:localhost:3000 user@example.comThe syntax here is very similar to local port forwarding, with a single change of -L for -R. First you need to specify the port on which th remote server will listen, which in this case is 9000, and next follows localhost for your local machine, and the local port, which in this case is 3000.
There is one more thing you need to do to enable this. SSH doesn’t by default allow remote hosts to forwarded ports. To enable this open /etc/ssh/sshd_config and add the following line somewhere in that config file.
GatewayPorts yes
Make sure you add it only once!
$ sudo vim /etc/ssh/sshd_config
And restart SSH
$ sudo service ssh restart
For more info, refer to https://blog.trackets.com/2014/05/17/ssh-tunnel-local-and-remote-port-forwarding-explained-with-examples.html
A ESPP invest period is often 6 months, each month an amount is invested.
When the company buys the shares for you, you do not owe any taxes. You are exercising your rights under the ESPP. You have bought some stock. So far so good.
When you sell the stock, the discount that you received when you bought the stock is generally considered additional compensation to you, so you have to pay taxes on it as regular income.
If you hold the stock for less than a year before you sell it, any gains will be considered compensation and taxed as such. If you hold the shares for more than one year, any profit will be taxed at the usually lower capital gains rate.
For me, espp shares are often sold Feb or Aug after the 15th day.
An example of an RSU grant is the easiest way to understand the concept. Let's say Sue works for ABC Corp and was awarded 300 RSUs on May 1, 2011.
50 award will vest every 6 months. Sue's first batch of 50 units of restricted stock vested on November 1, 2011. ABC was trading at $10 and Sue's employer sold 23 shares(46%) and remitted the withholding tax to CRA. Sue's second batch of 50 units of restricted stock vested on May 1, 2012. ABC was trading at $12 and Sue's employer again sold 23 shares and remitted the withholding tax to CRA. In both cases, her employer included $500 and $600 in employment income and $230 and $276 in income tax deducted in Sue's T4 for 2011 and 2012 respectively(so sue pay income tax for $270 and $324, for year 2011 and 2012).
On May 15, 2012, ABC hit $15 and Sue sold the 54 shares of ABC Corp that she holds. Sue's adjusted cost base is $11 (27 shares acquired at $10 and 27 shares acquired at $12). Since she sold for $15, her capital gains are $216, which she would declare when filing her 2012 tax return in Schedule 3, if no deduction from paychecks | payrolls.
RSU is too complex for tax, later never consider RSU.
My evaluation for this plugin is: it's too young but promising.
I firstly introduce the plugin, then evaluate it from two aspects: Automated and Manual Analysis.
VMAttack is an IDA plugin which generates and analyses trace log of PE. If trace is not validly produced, the plugin is useless.
Trace generation is automatic and upon completion it will produce a success notification in IDAs output window.
Traversed paths will be colored in a shade of blue, where a darker shade represents a higher number of traversals. We can get a global distribution of traced code with a glance.
Initially it shows system and customer calls and args, this is useful when the PE has explicit function boundaries and give gross view. VMAttack can STEP over system funcs while extract args, which save sapce for trace.
As the best way to understand this plugin is to practice it, so I also collected ALL the tools and writed installer( install.bat ) for praticing.
The demo samps include the obfuscated binary and source binary of an add function:
addvm_3AE2BABAA4920BEF3E466F34B0075FFB.exe addvm_B4E34E39CFDD13E65D070E9FB9717620.vmp.exe
They are available at https://github.com/anatolikalysch/VMAttack/tree/master/Example/addvmp . In the team discuss, I send an email titled as 'decode vmprotect is possible?', that email tell constuction of that vmp sample detailed, debug it with my mimic program, then practice VMAttack after perform install.bat. by this way it's easy to understand this plugin, in this way, we can better evaluate it.
Automated Analysis extract useful informations from the trace log automatically or semi-automatically. It includes Input / Output Analysis, Clustering Analysis, Grading Snalysis, Dynamic Trace Optimization, Static deobfuscate.
The input/output analysis could provide leads as to how the input arguments of the VM function are used and whether there is a connection between function input and function output.
evaluation: for realworld samples, connection between function input and output can be exposed, but not obviously, not very clear.
If a group of insts executed more than one time, they may be taken as cluster. For example, if Cluster Heuristic Threshold set as 3, then if an address is encountered more than twice, it's taken as start of a cluster.
evaluation:Clustering is a good feature, it can folder and reduce trace by a lot, especially Greedy Clustering option is set. VMAttack can quickly remove unnecessary clusters. It can also rollback wrongly removed clusters. If basic block detection was not deactivated in the settings, the clusters themselves are additionally subdivided into basic blocks.The basic block description is a good summary, further more, instructions whose computations are simply overridden are not displayed, which is good feature of in-block deobfuscation.
Each inst, block of insts, cluster of insts has different importance. The grade of an inst is affected by Memory usage Importance, Clustering Importance, Input/Output Importance, and so on.
At the end of the grading analysis the now graded trace will be presented in the grading viewer. The trace can now be filtered either by double clicking a grade or via context menu where the user will be prompted to input the grade threshold to display.
evaluation:Clustering Analysis is useful. For example, if you decide Input/Output Analysis is very very important, then inst having largest grade should be the inst do the add op on two adders.
Dynamic Trace Optimizations which make the trace easier to read.
evaluation:Foldering constants, Folding not used operand are good feature of deobfuscations.
The static deobfuscate function tries to statically determine the instructions that will be executed by the byte code in the provided virtual machine function. The semi-automatic version of this analysis tries to determine all necessary values(later will introduce the values) automatically.
evaluation:refer to the Manual Analysis version of Static deobfuscate for the evaluation.
most Manual Analysis features are depending on following VM Context model:
.vmp0:00404339 8A 06 mov al, [esi] .vmp0:0040433B 0F B6 C0 movzx eax, al ; op code .vmp0:0040433E 83 C6 01 add esi, 1 .vmp0:00404341 FF 24 85 9C 43 40 00 jmp dword ptr ds:inst_engines[eax*4]
There are three ways to decide VM Context:
Following are so called Manual Analysis features:
.text:0040102E ; .text:00401000 .text:0040102E ; .text:00401000 55 push ebp .text:0040102E ; .text:00401001 89 E5 mov ebp, esp .text:0040102E ; .text:00401003 8B 55 08 mov edx, [ebp+arg_0] .text:0040102E ; .text:00401006 8B 45 0C mov eax, [ebp+arg_4] .text:0040102E ; .text:00401009 01 D0 add eax, edx .text:0040102E ; .text:0040100B 5D pop ebp .text:0040102E ; .text:0040100C C3 retn edi:0 eax:16ABC6 //affected ebp:28FF88 esp:28FF60 edx:AFFE1 //affected ebx:7EFDE000 esi:0 ecx:76728E8A
.vmp0:0040432C 89 E5 mov ebp, esp ; vms_top .vmp0:0040432E 81 EC C0 00 00 00 sub esp, 0C0h ; vmd , vm data, virtual registers edi:28FF3C eax:28FF58 ebp:28FF4C edx:28FF50 ebx:28FF44 esi:28FF48 ecx:28FF54
Except for previous features, the plugin provide an "Deobfuscate from..." menu, it seems it try to deobfuscate vm byte code, but I believe this feature is not realized.