Windd 1.3 Final! (x86 and x64)
EDIT: 1.3.20091113 version contains a fix for incorrect size bug and raw memory dump.
EDIT: 1.3.20091024 version contains a fix for networking feature under Vista and Later.
Download windd 1.3
Win32dd and Win64dd are finally mature enough to be released which is a very good news.
First, I would like to thanks Nicolas Ruff, Andreas Schuster, Scott Noone from OSR Online, Rob T. Lee, Laurent Gaffie, Jimmy Marchetto and Sol_Ksacap for providing either assistance, feedbacks and/or beta-testing for this version.
Compability List:
Raw memory dump:
- Windows 2000 (32-Bits)
- Windows XP (32-Bits and 64-Bits)
- Windows 2003 (32-Bits and 64-Bits)
- Windows Vista (32-Bits and 64-Bits)
- Windows 2008 (32-Bits and 64-Bits)
- Windows 7 (32-Bits and 64-Bits)
- Windows 2008 R2 (32-Bits and 64-Bits)
Microsoft crash dump:
- Windows XP (32-Bits and 64-Bits)
- Windows 2003 (32-Bits and 64-Bits)
- Windows Vista (32-Bits and 64-Bits)
- Windows 2008 (32-Bits and 64-Bits)
- Windows 7 (32-Bits and 64-Bits)
- Windows 2008 R2 (32-Bits and 64-Bits)
Features:
- Raw dump generation
- Standalone Microsoft crash dump generation
- Network support (client + server)
- SMB path support
- MD5, SHA-1 and SHA-256 hash support
- Support 3 mapping methods for both full crash dump and raw memory dump generation
- Support 3 content rules
- Fast
- 32-bits and 64-bits support
- Can hibernate the system.
- Can generate a Blue Screen of the Death
- Support of machine with more than 4GB of RAM.
Microsoft Windows has an internal limitation which does not allow to generate a Microsoft Full Crash dump if the local machine has more than 2GB of physical memory. Of course, this limitation does not affect windd but it was funny and a good surprise to see Windbg correctly works with 8GB Microsoft crash dump (successfuly tested by Jimmy).
Links:
windd main page
Download windd 1.3
How to rule Windbg?
Debug Tutorial Part 4: Writing WINDBG Extensions
R.I.P. Xpress – Welcome TLZ
I was reading an article about Windows 8 and 9 (which should support IA-128 architecture) when I highlighted:
Researched new algorithms and programming methods to build Hibernate/Resume Integration API that can integrate and utilize the new TLZ file compression engine for the Hibernate/Resume component of new Windows 8 Operating System.
Using C and C++ programming languages in SourceInsight, developed a 100% functional C wrapper for C++ functions and the Hibernate/Resume Integration API, which will be used in Windows 8 replacing Windows Vista’s Xpress compression engine.
Apparently and according to his resume the author, Bo Qin, is a student at University of Washington. That is cool to see that some academics are working on cool projects (while some people are wasting time to find a way to write an exploit which will be used by script-kiddies or stupid consultants and while media are claiming white-hats are challenging Microsoft).
Anyway, Xpress compression algorithm, introduced in Windows XP and still used in Windows 7 and actually used for Windows Hibernation, Hyper-V, Windows Mobile, SMB protocol etc., should be replaced by TLZ algorithm that should be introduced in Windows 8.
Call for Beta-Testers :: windd utility RC2 (32-bits & 64-bits)
Finally, I recently managed to find some time to updated win32dd, now called windd and part of a project codenamed “Pangowings *” (inspired by pangolin mammal). windd supports both 32-bits and 64-bits version (not Itanium, but x64-based) version of Windows from Windows XP to Windows 7.
All executables (including drivers) are digitally signed. And I suggest to people to always check this.
Would be nice to have people with more than 4GB to test it.
Here is a summary of the changelog:
- 2008-09-09
- 1.3. Major update
- - Network support (both client and server in one executable).
- - 64-bits support.
- - Very fast.
- - MD5, SHA-1 and SHA-256 hash support.
- - Support 3 mapping methods for both full crash dump and raw memory dump generation.
- - Can generate BSOD.
- - Can hibernate the system.
- - Microsoft crash dump fully compatible with Windbg
So, if you want to test it.:
Links
windd main page
Direct link to windd RC2
Randoms:
Here is also an interesting reading my friend Laurent Miltgen-Delinchamp pointed out:
Error when entering Hibernation on a Windows 7-based computer
Windows 7 Memory Manager and Committed Memory – SystemCommittedMemoryInformation
In Windows 7 build 7100, SYSTEM_INFORMATION_CLASS had been updated, and some of its classes like SystemLowPriorityInformation updated. Moreover, new classes are introduced like SystemCommittedMemoryInformation.
This useless post covers SystemCommittedMemoryInformation class which is part of Windows 7 Memory Manager and aims at retrieving information about committed memory.
Function: NtQuerySystemInformation
Class: SystemCommittedMemoryInformation
Privilege: None
Output size: 0×10 bytes
typedef struct _COMMITTED_MEMORY_INFORMATION
{
ULONG MmAvailablePages;
ULONG MmTotalCommittedPages;
ULONG MmTotalCommitLimit;
ULONG MmPeakCommitment;
} COMMITTED_MEMORY_INFORMATION, *PCOMMITTED_MEMORY_INFORMATION;
Ressources:
Source + Executable available here.
Security 2.0 – Fairy tales and the art of deception
Yesterday, I wrote a post about TwitPic and Twitter.
According to the blog of TwitPic, we can read this:
Yesterday we were made aware of a vulnerability with our email posting system that would allow someone to brute force someone’s Twitpic email PIN by trying every combination until one worked. A fix has been put in place to prevent this from happening.[...]
I want to make it clear that this was NOT a Twitter issue, but a Twitpic issue, and I take full responsibility for it. Once I contacted Twitter about the issue on our end, they worked with us to help remedy any unauthorized postings and they were extremely helpful. Kudos to the Twitter team.[...]
I want to apologize to anyone this has affected and I want you to know that we take security seriously.
The thing is: They still use a 4 DIGITS PIN code. So it means, both Twitter and TwitPic worked on this vulnerability to fix it and both of them are NOT shocked by the 10^4 possibilities of the 4 DIGITS PIN code. It’s getting funnier and funnier.
IMHO, if I should make a comparaison: it is like when a very big vendor fix an integer overflow but forget that the type of the integer is signed.
.. Shame.
