Search found 4 matches

by IChooseYou
Fri Jun 12, 2015 2:44 pm
Forum: Completed Malware Requests
Topic: Duqu 2.0 14712103ddf9f6e77fa5c9a3288bd5ee
Replies: 0
Views: 3642

Duqu 2.0 14712103ddf9f6e77fa5c9a3288bd5ee

https://securelist.com/files/2015/06/Th ... eturns.pdf

Long shot, but if anybody can provide this or the CTwoPENC.dll module it would be great.

NVM, I'm an idiot: http://www.kernelmode.info/forum/viewto ... =16&t=3900
by IChooseYou
Sat Mar 14, 2015 5:51 am
Forum: User-Mode Development
Topic: Application Verifier Custom Providers
Replies: 12
Views: 37389

Re: Application Verifier Custom Providers

EP_X0FF wrote:Get rid of CRT.
The post limitation is extremely annoying.

Getting rid of the c run times sounds like a pretty shitty fix.
I just don't understand why Microsoft's verifier _CRT_INIT and my _CRT_INIT are so different from each other.
by IChooseYou
Sat Mar 14, 2015 1:52 am
Forum: User-Mode Development
Topic: Application Verifier Custom Providers
Replies: 12
Views: 37389

Re: Application Verifier Custom Providers

Download Application Verifier and test this application with it. I tried it. Application verifier works. My problems seems to be initializing CRT on Windows 7. I skipped _DllMainCRTStartup by setting /ENTRY to DllMain . Surprisingly that worked on Windows 7 (and crashed on Windows 8). Win7 x86 buil...
by IChooseYou
Fri Mar 13, 2015 1:27 am
Forum: User-Mode Development
Topic: Application Verifier Custom Providers
Replies: 12
Views: 37389

Re: Application Verifier Custom Providers

This works on Windows 8 & Server 2012 but fails on Windows 7 x64 with this error: http://i.imgur.com/PnrMoyh.png http://i.imgur.com/OMahd9J.png It's so early in the loading process that I'm having a hard time debugging this. The stack in olly shows this: .text:1002C185 ; START OF FUNCTION CHUNK FOR ...