Monday Nov 16, 2009

Fun With DTrace: The Windows-Key Prank

The current episode of the German HELDENFunk podcast features an interview with Chris Gerhard about one of his favourite subjects: DTrace (in English, beginning at 14:58):

After the interview, we hear a guy called "Konteener Kalle" express his love (in German) for DTrace by playing a prank on his boss: Whenever he presses the Windows key (on an OpenSolaris system, mind you), he's punished by watching the XScreensaver BSOD hack (of course not knowing that it's just a screensaver).

That little joke challenged me to actually implement this prank. Here's how to do it.

The Idea

The idea of this prank is to start the XScreensaver Blue-Screen-of-Death screensaver (which simulates a Windows crash experience) on an OpenSolaris system whenever the user presses a certain key a certain number of times. This could be the Windows-Key (which doesn't have any real use on an OpenSolaris machine) or any other key. We count the number of key presses and only execute the BSOD after a certain number of key presses in order to make the prank less obvious.

Step 1: Identify the Windows (or any other) Key

If you have a Windows-Keyboard, this is easy: Run xev and press the Windows-Key. Take note of the keycode displayed in the xev output. Of course you can use any other key as well to play this prank. In this case, I'm using the left Control-Key, because I don't have a Windows-Key on the system I'm working on. The Control key has the keycode 37.

Step 2: Configure XScreensaver for BSOD

XScreensaver comes with a great collection of "hacks" that do interesting stuff on the screen when the screensaver activates. Check out the /usr/lib/xscreensaver/hacks directory. Each hack can be run individually, but then it will only execute inside a new window. For the BSOD illusion to be realistic, we want to execute the BSOD hack in full-screen.

This can be achieved by telling XScreensaver to demo the BSOD hack for us. It will then create a full-screen window and execute the BSOD hack inside the new window. The following command will tell XScreensaver to run a hack for us:

xscreensaver-command -demo <number>

The <number> part is a little complicated: XScreensaver looks at its config file ~/.xscreensaver where it stores a list of programs and arguments after the keyword "programs:". <number> simply refers to the number of the hack on that list. Therefore, we must create an entry in our admin user's .xscreensaver file that starts bsod(6) with the right parameters and that gives us a known number to call xscreensaver-command with.

Let's put our entry at the top of the list so we can simply use the number "1" to execute the BSOD screensaver. Somewhere in our .xscreensaver, the programs section should look like this:

  textFile:       /etc/motd
  textProgram:    date

  programs:                                                                     \\
  -               "BSOD Windoze"  bsod -root -only nt         \\n\\
  -                "Qix (solid)"  qix -root -solid -segments 100              \\n\\
  -          "Qix (transparent)"  qix -root -count 4 -solid -transparent      \\n\\

You can test this by running xscreensaver-command -demo 1.

Step 3: Write a DTrace Script That Sets Up the Trap

Now it gets more interesting. How do we use DTrace to find out when a user presses a certain key? All we know is that the Xorg server processes the keystrokes for us. So let's start by watching Xorg in action. The following DTrace command will trace all function calls within Xorg:

pfexec dtrace -n pid`pgrep Xorg`:::entry'{ @func[probefunc] = count(); }'

Let's start it, press the desired key 10 times, then stop it with CTRL-C. You'll see a long list of Xorg functions, sorted by the number of times they've been called. Since we pressed the key 10 times, it's a good idea to look for functions that have been called ca. 10 times. And here, we seem to be lucky:

  miUnionO                                                          8
  DeviceFocusInEvents                                               9
  CommonAncestor                                                   10
  ComputeFreezes                                                   10
  CoreLeaveNotifies                                                10
  key_is_down                                                      11
  FreeScratchPixmapHeader                                          12
  GetScratchPixmapHeader                                           12
  LookupIDByType                                                   12
  ProcShmDispatch                                                  12
  ProcShmPutImage                                                  12

The key_is_down function looks like exactly the function we're looking for! In fact, some googling tells us that this function's 2nd argument is the keycode of the key that is down when the function is called.

Why do we see "11" and not "10" function calls to key_is_down? Because it also counted my pressing of the Ctrl-Key when I stopped the DTrace script through Ctrl-C :).

This gives us enough knowledge to create the following DTrace script:

  #!/usr/sbin/dtrace -s

   \* BSODKey.d

   \* This D script will monitor a certain key in the system. When this key is
   \* pressed, a shell script will be executed that simulates a BSOD.
   \* The script needs the process id of the Xorg server to tap into as its
   \* first argument.
   \* One example of using this script is to punish a user pressing the
   \* Windows key on an OpenSolaris system by launching the BSOD screen saver.

  #pragma D option quiet
  #pragma D option destructive

          ctrlcount = 0;

  /arg1 == keycode/
          ctrlcount ++;

  /ctrlcount == 10/
          ctrlcount = 0;
          system("/usr/bin/xscreensaver-command -demo 1");

First, we need to enable DTrace's destructive mode (ever heard of a "constructive prank"?) otherwise we can't call the system-command at the end. The script uses the pid provider to tap into Xorg. Therefore, we need to give it the PID of the Xorg server as an argument:

pfexec ./BSODKey.d `pgrep Xorg`

It then sets up a probe that fires whenever key_is_down is called with our keycode and counts the key presses. At the end of the key_is_down function call, it checks whether we reached 10 keypresses, then executes the BSOD screen saver and resets the counter. You may need to make sure that the DISPLAY variable is set correctly for the BSOD program to show up on the victim's screen when starting this script.

After hitting the Control-Key 10 times, we're rewarded with our beloved BSOD:


That wasn't too difficult, was it? Yes, one could have done the same thing by writing a regular script that taps into /dev/kbd or something similar. But the beauty of DTrace lies in the simplicity of this script (Tap into the right function while it's running) and in the fact that it now can be modified very easily to fire BSODs at any kind of event, including the user hitting a certain area of the screen with his mouse or selecting a particular text or whatever you choose it to be.

So, have fun with this script and let me know in the comments what kind of pranks (or helpful actions) you can imagine with DTrace!

Friday May 02, 2008

Favourite Free Fun Geek Cartoons to Cheer you up!

World economy bad? Financial results lower than expected? Stock price down the toilet? Or just bad weather?

No need to worry, last time I checked, after rain, always came the Sun, and it was stronger than ever!

Meanwhile, let me cheer you up with some favourite geek cartoons of mine:

User Friendly

User Friendly, April 15th, 2008 This strip depicts the life of the heroic employees of an ISP called "Columbia Internet". It's something like the Dilbert of sysadmins, if you will. Lots of fun references to geek culture. And if you travel often by plane, you'll enjoy the strip above, it's ah, so true... For more background, read the Wikipedia entry on User Friendly.


The future of Solaris Network Auto-Magic

Above you see the future of the Solaris Network Auto-Magic (NWAM) feature. How could the author know? xkcd is "a webcomic of romance, sarcasm, math, and language", and very funny. It became famous for it's depiction of online communities as a world map. Read more about xkcd in its about page.

Geek and Poke

Geek and Poke on Enterprise 2.0 

...and now you know the real reason why Peter and I like to drive Enterprise 2.0 at Sun :). Geek and Poke is another self-published cartoon by a guy from Hamburg called Oliver Widder.

All of these cartoons come with a license to make them redistributable, so I'm glad I could put some of my favourite strips on this page and I hope they have cheered you up a bit :). If you want some more fun, it's easy: Just click on the cartoons above to see more. But be careful, they are addictive...

What other great geek cartoons did I miss? What are your favourites? Leave a comment!

Wednesday Sep 19, 2007

Say Hello to our new Web 2.0 Bunny

Nabomuk the Nabaztag"Hello, my name is Constantin and I have a cyber-bunny." This is probably something I'll say during the next "Geeks anonymous" meeting after my wife forces me to see a shrink or something...

Anyway, meet our new guest at the Gonzalez home: Nabomuk! As you can see, he is a rabbit-ish looking little plastic high-tech fella. I didn't find a carrot this evening but he seems to like bananas, too.

Nabomuk is a Nabaztag, a new breed of Web 2.0 rabbits that are currently multiplying all over the world. They're a clever new "connected object" idea by a n innovative french company called Violet. A Nabaztag tells the weather and stock market trends, it can receive messages (Meet me on Facebook to try it out) and read RSS feeds and there's an API to program your own stuff for. It performs Tai-Chi with it's ears multiple times per day (this is not a joke), tells the time and it comes with an RFID reader that it uses to "sniff" objects. What a fun little gadget!

Of course, most of the rabbit is happening at some datacenter somewhere in the world. According to the Nabaztag entry in Wikipedia, the Nabaztag Website experienced serious service disruption problems after being overwhelmed by the many Christmas 2006 NabazTransactions. See? We told you we developed UltraSPARC T2 and Solaris with a purpose in mind! So if you happen to know anybody at Nabaztag, or if someone from Nabaztag is reading this blog, we have just the right solution for your datacenter...

Thursday Aug 09, 2007

Get Simpsonized!

Constantin SimpsonYesterday evening, I was simpsonized! The result can be seen to the right.

A brilliant viral marketing plot by Burger King and the Simpsons Movie.

Actually, the process is quite sophisticated. It involves sending a photo of yourself with good contrast and answering some simple questions and you'll get a pretty good approximization of your inner Simpson. I wonder if they use Java Advanced Imaging?

You then get the chance to modify your Simpson character, I still need to work on my hair...

Get simpsonized here

Wednesday Jul 25, 2007

Now That's What I Call Rock-Solid!

A rock-solid Sun server still functioning flawlessly.Check out this story from A system admin enters their datacenter, only to find this scene of a crushed floor and a fallen rack full of Sun equipment. This must have happened some time ago, only the sysadmin didn't notice it because all of the servers were still running as if nothing happened! Later, Sun services checked every system in the rack and the only fault they found was a simple harddisk failure.

Sun systems have a reputation for being rock-solid, no doubt... 

P.S.: "Systemheld" translates to "system hero". is a community for the unsung system admin among us, in constant danger to be disbudgeted by moronic beancounters and haunted by incompetent lusers. Sometimes, their only defense is a LART-Whip.


Tune in and find out useful stuff about Sun Solaris, CPU and System Technology, Web 2.0 - and have a little fun, too!


« July 2016