Archive for December, 2006
Translation of my “Patchguard alternative theory” presentation!
Presentations, Reverse Engineering, WindowsI did a translation into English of my previous presentation which explain how to realize a protector for IDT, SSDT, and syscall address on Windows 32 and 64bits.
The translation can be found at the following link : Windows Vista Kernel Security - [EN].ppt
I’m writting an article about it which will be released very soon.
Happy merry […]
First commit @ TinyKrnl !
Blogging, Programming, Reverse Engineering, TinyKRNLHi there!
I’m proud to announce I did my first commit for tinykrnl !
http://svn.reactos.ru/svn/tinykrnl?view=rev&revision=729
Cheers,
OSSIR - Windows Vista Kernel Security
Presentations, Reverse Engineering, WindowsHi there,
Today I did a presentation at the French Engineer School named Ecole Normal Supérieur. French Slides can be found at the following link OSSIR - Windows Vista Kernel Security.
In this presentation I’m showing an alternative theory to Patchguard on Windows Vista 32/64bits.
An article will be soon available.
IDTGuard v0.1 December, 2005 Build
Programming, Reverse Engineering, WindowsThis is a very interessting tool I did one year ago to realize proof of concept of my IDT authenticity theory.
Tool can be found at : IDTGuard v0.1
Note: This tool doesn’t work with Windows 2003 SP1 cause I used \\PhysicalMemory. (http://technet2.microsoft.com/WindowsServer/en/library/e0f862a3-cf16-4a48-bea5-f2004d12ce351033.mspx?mfr=true
The following paste is a sample of use with the 0×2D interrupt on Windows 2000.
Interrupt […]