Search found 52 matches

by Microwave89
Wed Mar 23, 2016 10:11 am
Forum: Tools/Software
Topic: Hook Analyser 1.4
Replies: 10
Views: 25976

Re: Hook Analyser 1.4

Hey, seems that your Hook Analyzer 3.3 process is not x86-64 aware when opening the respective image files for a process. I externally opened notepad.exe, then choose to open and hook into a process (I pressed "2" on the welcome screen of Hook Analyzer) and entered the notepad.exe PID as told. Next ...
by Microwave89
Thu Mar 17, 2016 9:48 pm
Forum: General Discussion
Topic: Welcome back KM.info
Replies: 1
Views: 5432

Re: Welcome back KM.info

Yes, full acknowledge!
I truly missed this community! In my opinion it is an outstanding data base of highly advanced knowledge!
I was just about asking someone what would be the replacement for it...glad there isn't need anymore.

Kind regards,
Microwave89
by Microwave89
Wed Dec 30, 2015 2:54 pm
Forum: Newbie Questions
Topic: NtXxx System Call Stub Change in Windows 10 525+
Replies: 2
Views: 5139

Re: NtXxx System Call Stub Change in Windows 10 525+

But compatibility with what? And is it behaving as expected if I receive a #GP if I currently attempt to invoke the int 2E instruction on my Windows 10 Core 2 Duo machine?

Best regards
by Microwave89
Fri Dec 18, 2015 10:08 am
Forum: User-Mode Development
Topic: Hooking usage of DLL function
Replies: 17
Views: 25822

Re: Hooking usage of DLL function

I did not test it completely (with multiple hooks active) yet but syntax-wise it looks promising. I will lose some words about it after the weekend since unfortunately I have to work for the university project now... Or even better, I'll put it online then so you have everything you need such as dif...
by Microwave89
Wed Dec 16, 2015 9:30 pm
Forum: User-Mode Development
Topic: Hooking usage of DLL function
Replies: 17
Views: 25822

Re: Hooking usage of DLL function

As I also needed true inline assembly in a new project I used GCC for it. Before doing so I tried to sign up for the students Intel C++ compiler, since allegedly it is capable of x86-64 inine assembly too, but I did not receive any further answer after trying to make them add my university to their ...
by Microwave89
Sun Dec 06, 2015 4:05 pm
Forum: Tools/Software
Topic: RogueKillerPE
Replies: 5
Views: 18768

Re: RogueKillerPE

Thanks for the share! However, I noticed two minor "bugs", at least in my opinion. 1.) Shouldn't the OriginalEntryPoint of the file be named OEP instead of EOP? I can find more related information on the web when looking up "PE" "OEP" instead "PE" "EOP". 2.) When I test the tool with an x64 executab...
by Microwave89
Fri Nov 27, 2015 6:48 pm
Forum: Newbie Questions
Topic: Monitoring Windows Services
Replies: 6
Views: 6018

Re: Monitoring Windows Services

Regarding Services: See Windows Internals 6, Part 1, "Services".
Not all services must have a DLL, only those with "shared" type.
Own services are just of an exe with a special main, "SvcMain" iirc.

Kind regards,

Microwave89
by Microwave89
Sun Nov 22, 2015 8:52 pm
Forum: Newbie Questions
Topic: NtXxx System Call Stub Change in Windows 10 525+
Replies: 2
Views: 5139

NtXxx System Call Stub Change in Windows 10 525+

Hi Kernelmode.info! Upon attempting something (can't remember what exactly it was) that relied on the x64 ntdll.dll system call layout being unchanged I stumbled across the new system call layout. Instead of simply loading eax with the system call number and then issuing the 0F 05 instruction as bef...
by Microwave89
Sat Nov 07, 2015 12:22 am
Forum: Tools/Software
Topic: VrtuleTree: A Really Simple DeviceTree
Replies: 20
Views: 37469

Re: VrtuleTree: A Really Simple DeviceTree

Unfortunately, I cannot check out the tool properly since it tells "Cannot create snapshot" if I click on "File" - "Create snapshot". I'm running Windows 10 x64 Build 10240. If I click on "File" - "Log" - "Test..." it says there has occurred an access violation and nothing happens. The tool does not...
by Microwave89
Sat Nov 07, 2015 12:04 am
Forum: Tools/Software
Topic: [2017-11-05]ARK for Windows X64: WIN64AST(Page10#96)
Replies: 98
Views: 297862

Re: [2015-08-04]ARK for Windows x64: WIN64AST(Page8#78)

Hi m5home, Since I'm extensively using the behavior blocker function I noticed another BSOD that seems to be reproducible reliably. The issue occurs if I attempt to create a process with an initial thread in it using the well known steps listed below. NtCreateSection("csrss.exe") NtCreateProcess NtC...