Search found 1103 matches

by rkhunter
Sun Sep 30, 2018 8:45 pm
Forum: Reverse Engineering and Debugging
Topic: Articles
Replies: 33
Views: 94435

Re: Articles

My docs (actually a set of web-links) that I'm using every day for security reasons. - Security related pages/docs for MS, Apple, Google, Adobe, Intel. - Wide set of information about speculative execution side channel flaws that I carefully have collected from the beginning of the year. - Actual in...
by rkhunter
Wed Aug 22, 2018 11:17 am
Forum: Kernel-Mode Development
Topic: Entry point for calling DriverEntry at ntoskrnl (Win10)
Replies: 3
Views: 1367

Re: Entry point for calling DriverEntry at ntoskrnl (Win10)

Thx. I've analyzed it without applying structures and Hex-Rays. Looked for call [register+offset] and forgot about _guard_dispatch_icall.
by rkhunter
Tue Aug 21, 2018 6:09 pm
Forum: Kernel-Mode Development
Topic: Entry point for calling DriverEntry at ntoskrnl (Win10)
Replies: 3
Views: 1367

Entry point for calling DriverEntry at ntoskrnl (Win10)

Hi all.

Does anyone remember what function at NT kernel in Win10 responds for calling DriverEntry for loading drivers? I can't find any footprints in IopLoadDriver.
by rkhunter
Sat Jan 13, 2018 7:14 am
Forum: Kernel-Mode Development
Topic: Undocumented structures for W2k-Win10
Replies: 21
Views: 68754

Re: Undocumented structures for W2k-Win10

Win10 RS3 (1709) + KB4056892 (Spectre/Meltdown update and KPTI) ntoskrnl pdb and structures
by rkhunter
Fri Jan 12, 2018 6:58 pm
Forum: Reverse Engineering and Debugging
Topic: Question about Spectre vulnerability mitigation
Replies: 0
Views: 4209

Question about Spectre vulnerability mitigation

Guys, I have little question about Spectre#1 mitigation in Win10 kernel.

For what Win10 kernel trap handlers were updated with LFENCE instructions? As I understand Spectre#1 can't allow Ring 3 code to read kernel memory or to be executed as Ring 0. Or I'm wrong?
by rkhunter
Mon Oct 30, 2017 11:08 am
Forum: Kernel-Mode Development
Topic: Undocumented structures for W2k-Win10
Replies: 21
Views: 68754

Re: Undocumented structures for W2k-Win10

Windows 10 Redstone 3 (1709) HAL (10.0.16299.15) pdb + extracted structures.
by rkhunter
Fri Oct 20, 2017 7:30 pm
Forum: Kernel-Mode Development
Topic: Undocumented structures for W2k-Win10
Replies: 21
Views: 68754

Re: Undocumented structures for W2k-Win10

Windows 10 Redstone 3 (1709) ntoskrnl (10.0.16299.15) pdb + extracted structures.
by rkhunter
Tue Sep 05, 2017 1:25 pm
Forum: Tools/Software
Topic: Enhanced Mitigation Experience Toolkit (EMET)
Replies: 12
Views: 40754

Re: Enhanced Mitigation Experience Toolkit (EMET)

EMET on Windows 10 Insider aka PayloadRestrictions.dll and how it is loaded into a process

https://github.com/deroko/payloadrestrictions