Since Windows 2000, Microsoft provides a feature called Hibernation also know as suspend to disk that aims to save the system state into an undocumented file called hiberfil.sys. This file contains all the physical memory saved by the Operating System and aims to be restored by the user the next time the computer is powered [ Read More ]
This paper exposes part II of my previous article about Windows Vista and internals structures. This one is talking about the 32bits version and aims to show new authencity tricks. Download it from the following link: Windows_Vista_32bits_and_unexported_kernel_symbols.pdf Cheers,
Hi, I’m gonna published my (the?) first paper of the year 2007 !! :) This article is talking about Windows Vista 64bits and its system structures which are proteged against rootkit. I also explain how these structures can be authentified without Pathguard. Windows Vista 64bits and unexported kernel symbols.pdf Happy New Year !!!
Windows Vista x64, is my first 64bits Operating System before it I never had been interested about 32-64bits compabilities. It started when I used the Daniel Pistelli’s tool called “Explorer Suite”,which is available at the following link : http://ntcore.com/download.php, I noticed that Windows Live Messenger, which is a x86 binary, is just linked by four [ Read More ]
