Hey there, Today I’m gonna show you how to make a kernel mode debugging using VMWare and Windbg and Windows. So why should you do this ?! It’s clear , everything such as Kernel Mode Driver Debugging , searching for zero days and understanding windows mechanism. There are other types of kernel debugging as described in […]
Author: Sinaei
Bochs Emulator – Config & Build on Windows and OS X
Introduction Bochs is an x86 – x86-64 multiplatform emulator that provides emulation of CPU Instruction Fetching without using Hypervisor technologies like Intel’s VT-x and AMD-V. One of the benefits of emulation rather than virtualization is that you can execute instructions of old discontinued CPU structures in modern CPU or run Intel’s instructions on an AMD […]
- CPU
- ...
A partial survey among non-general purpose registers
Hi guys, In the past few days, I was searching about non-general purpose register then I saw the following pictures that give me a new idea of posting about the non-general purpose registers. These pieces of information might have some fault because of my misunderstandings about some of them, if you see any fault then […]
- Kernel Mode
- ...
Assembly Challenge : Jump to a non-relative address without using registers
During developing a dispatch table for some instructions in binaries, one of the challenging problem which I faced, was changing the registers state in a way that doesn’t affect the program flow! So it might seem simple at first glance but what makes it complex is that I can’t use relative jumps or relative calls […]
A first look at some aspects of Intel's "Vanderpool" initiative
A few hours ago, I was working on Intel VT-x which enables a hardware support for virtualization then I saw the following slides which gives me lots of information about Hypervisor instructions,VMM, Virtual machine control structure (VMCS) and other practical information. I don’t know about its author actually but I should give my thanks to […]
Build a Simple Pin Tool
In this post, I prepare a post about how to build your first pin tool. Building a pin tool is somehow difficult. After compiling the first program, there where lots of new problems, so, believe me, it annoys you a lot but keep in mind if you discover a new problem in compiling, please comment […]
Pinitor – An API Monitor Based on Pin
Pinitor is an API Monitor based on instrumentation that can be used in researching binaries about which Windows Native API or Custom Exported dll function is called. You can use Pinitor from Intel’s Pin.
Detecting CPU Structure in .Net Framework
The title seems simple, just getting CPU structure to detect if your program running on an AMD64 or an Intel x86 machine. Remember when you install a 32-bit operation system on a 64-bit machine then all features are 32 bit so your program supports only 32-bit processor and can’t be a 64-bit one even if […]
Get everything from .Net Reflection
In the previous posts, I’d explained about low-level languages and play around kernel-mode reversing but now let’s dig into the high-level languages. In this post, I’m gonna share a comprehensive method that took more than two weeks for me to build such small and perfect function to play with .Net framework reflection. I also share […]
Fooling Windows about its internal CPU
In this post, I’m gonna show you how you can fool windows about its internal structure and sometimes give it wrong information about its internal capabilities or internal information which can bring you a lot of fun. (At least for me !) But don’t do that it can hurt your system actually but this post is about […]