How to get every detail about SSDT , GDT , IDT in a blink of an eye

  In a few days ago I was looking for something to show me the SSDT and GDT (Which is really important in malware analyzing because most of rootkits are interested in hooking and changing this stuffs.) • SSDT (System Service Descriptor Table) • GDT (Global Descriptor Table) • IDT (Interrupt Descriptor Table) They’re really […]

Change User-Mode application’s virtual address through Kernel Debugging

Well, it’s somehow an odd topic but sometimes it could be really helpful in some situations. So what are the situations? Imagine sometimes you need to access windows stuffs that aren’t available from user-mode debuggers like ollydbg or through user-mode debugging (e.g memory after 0x7fffffff). In my experience I see some conditions that protectors make […]

Bochs Emulator – Config & Build on Windows and OS X

Introduction Bochs is an x86 – x86-64 multiplatform emulator that provides emulation of CPU Instruction Fetching without using Hypervisor technologies like Intel’s VT-x and AMD-V. One of the benefits of emulation rather than virtualization is that you can execute instructions of old discontinued CPU structures in modern CPU or run Intel’s instructions on an AMD […]

Assembly Challenge : Jump to a non-relative address without using registers

During developing a dispatch table for some instructions in binaries, one of the challenging problem which I faced, was changing the registers state in a way that doesn’t affect the program flow! So it might seem simple at first glance but what makes it complex is that I can’t use relative jumps or relative calls […]

A first look at some aspects of Intel's "Vanderpool" initiative

A few hours ago, I was working on Intel VT-x which enables a hardware support for virtualization then I saw the following slides which gives me lots of information about Hypervisor instructions,VMM, Virtual machine control structure (VMCS) and other practical information. I don’t know about its author actually but I should give my thanks to […]