Search found 9 matches

by nimaarek
Sat Jan 12, 2019 3:22 pm
Forum: User-Mode Development
Topic: [C] UserMode = AdminMode Linux
Replies: 1
Views: 121

Re: [C] UserMode = AdminMode Linux

unprivileged processes cannot trace processes that they cannot send signals to or those running set-user-ID/set-group-ID programs
Of course, if I have understood your program correctly
by nimaarek
Sun Jan 06, 2019 3:55 pm
Forum: Newbie Questions
Topic: Malware Unpack Tutorials?
Replies: 5
Views: 525

Re: Malware Unpack Tutorials?

Friends have given the necessary explanations, but you can read Practical malware analysis's book chapter 18 as Packers and Unpacking
https://nostarch.com/malware
by nimaarek
Tue Oct 09, 2018 1:58 pm
Forum: Malware
Topic: Xbash Linux ver
Replies: 3
Views: 1211

Xbash Linux ver

Hi everyone, I do not know why I can not replay in Xbash topic! http://www.kernelmode.info/forum/viewtopic.php?f=21&t=5225 Why should this topic be locked? Anyway, I did research about Xbash malware that I encountered in these files and I share them with you. rootv2.sh : 9dfbc591c3c5a157828469fd3776...
by nimaarek
Fri Aug 10, 2018 8:40 am
Forum: Newbie Questions
Topic: pass function argument as Addr
Replies: 3
Views: 2833

Re: pass function argument as Addr

Thank you, but I was wondering something else
The code I provided was an example
I wanted to know if the parameter of this function is an address
How does the kernel determine which address is for which processor?
by nimaarek
Sat Jul 28, 2018 9:46 pm
Forum: Newbie Questions
Topic: pass function argument as Addr
Replies: 3
Views: 2833

pass function argument as Addr

Hi, I have a beginner problem, but I can not answer and can not find it :roll: I want to use a kernel function, one of its values is the memory address As a result, I wrote an in the user-mode program to print a variable's address. Something like this: int main() { while(1) { printf("%x", &a); } ret...
by nimaarek
Sat Jun 16, 2018 4:57 pm
Forum: Newbie Questions
Topic: Prepared environment for kernel programming
Replies: 0
Views: 2082

Prepared environment for kernel programming

Hello, Is there a custom Windows operating system for kernel programming? For example, the WDK package and the Visual Studio version related to it are installed And other settings for kernel programming and debugging It has been done Like This: www.kernelmode.info/forum/viewtopic.php?f=22&t=4922&p=3...
by nimaarek
Tue Jun 12, 2018 10:01 pm
Forum: Kernel-Mode Development
Topic: Question about FileSystem DeviceDriver
Replies: 1
Views: 2205

Question about FileSystem DeviceDriver

Hello, I need to write a device driver that hooks up FileSystem activities. if the file was created or deleted, I would be informed by the driver. The problem is that the driver should work in all versions of Windows! Is there anything possible? Does the operating system architecture work effectivel...
by nimaarek
Wed Jul 19, 2017 9:15 pm
Forum: Completed Malware Requests
Topic: GhostCtrl (ANDROIDOS_GHOSTCTRL.OPS)
Replies: 4
Views: 6253

Re: GhostCtrl (ANDROIDOS_GHOSTCTRL.OPS)

Are all hashes related to one malware? or not?

I need this malware to investigate (research)
by nimaarek
Tue Jul 18, 2017 9:34 am
Forum: Completed Malware Requests
Topic: GhostCtrl (ANDROIDOS_GHOSTCTRL.OPS)
Replies: 4
Views: 6253

GhostCtrl (ANDROIDOS_GHOSTCTRL.OPS)

Hello, I'm looking for GhostCtrl Android Backdoor GhostCtrl can Silently Record Your Audio, Video, and More more info: http://blog.trendmicro.com/trendlabs-security-intelligence/android-backdoor-ghostctrl-can-silently-record-your-audio-video-and-more/ A list of all the hashes (SHA-256) detected as A...