Matthieu Suiche's blog

Windows Vista and unexported kernel symbols (Part II, 32bits version)

Matthieu Suiche On January - 31 - 2007

This paper exposes part II of my previous article about Windows Vista and internals structures. This one is talking about the 32bits version and aims to show new authencity tricks.

Download it from the following link:
Windows_Vista_32bits_and_unexported_kernel_symbols.pdf

Cheers,

One Response so far.

Alex Ionescu says:

February 1, 2007 at 5:14 am

ReactOS implements *all* of this to the letter, and the source code is in C and GPLed, so I’m not quite sure on why you went through the trouble of reversing it yourself and publishing it with unofficial structure definitions/constant names… nevertheless, a good read and I guess you learnt a lot while reversing it, but the final copy could’ve used the ROS code.

Twitter Updates

New commands in WinDbg 6.2.8102.0 http://t.co/Q91NXKLF # 2011/10/02

RT @joshuamsmith_: MoonSols DumpIt released free of charge. (dd for windows, great for forensics) very cool, thx to @MoonSols http://t.c ... # 2011/08/13

"Interesting Malware Trick" using MoonSols DumpIt http://t.co/ljlGpQJ # 2011/08/13

Remember 5-days private training are also available if you want to learn more. See http://bit.ly/l4RAxc for more information. #BlackHat # 2011/08/01

Second round of training about Advanced Physical Memory Acquisition and Analysis starting today ! #BlackHat #LasVegas # 2011/08/01

Happiness only real when shared.

Windows Vista and unexported kernel symbols (Part II, 32bits version)

One Response so far.

Twitter Updates

Featured Video

Sponsors

Keep connected

Recent Posts

Categories

Archives