A forum for reverse engineering, OS internals and malware analysis 

Search found 11 matches

 Go to advanced search

Re: CVE-2018-20250 (WinRAR UNACEV2.DLL)

 by nimaarek ¦  Wed Mar 20, 2019 5:52 pm ¦  Forum: Malware ¦  Topic: CVE-2018-20250 (WinRAR UNACEV2.DLL) ¦  Replies: 9 ¦  Views: 1860

How to fix second file crc check's part to write a poc?

Re: My AV says my router is infected

 by nimaarek ¦  Sat Feb 23, 2019 1:26 pm ¦  Forum: Newbie Questions ¦  Topic: My AV says my router is infected ¦  Replies: 9 ¦  Views: 1672

I agree with Antelox, it's interesting for me too, share more information, please :mrgreen:
Which part is infected? firmware? or what?

Re: [C] UserMode = AdminMode Linux

 by nimaarek ¦  Sat Jan 12, 2019 3:22 pm ¦  Forum: User-Mode Development ¦  Topic: [C] UserMode = AdminMode Linux ¦  Replies: 1 ¦  Views: 936

unprivileged processes cannot trace processes that they cannot send signals to or those running set-user-ID/set-group-ID programs
Of course, if I have understood your program correctly

Re: Malware Unpack Tutorials?

 by nimaarek ¦  Sun Jan 06, 2019 3:55 pm ¦  Forum: Newbie Questions ¦  Topic: Malware Unpack Tutorials? ¦  Replies: 6 ¦  Views: 2164

Friends have given the necessary explanations, but you can read Practical malware analysis's book chapter 18 as Packers and Unpacking

Xbash Linux ver

 by nimaarek ¦  Tue Oct 09, 2018 1:58 pm ¦  Forum: Malware ¦  Topic: Xbash Linux ver ¦  Replies: 3 ¦  Views: 1529

Hi everyone, I do not know why I can not replay in Xbash topic! http://www.kernelmode.info/forum/viewtopic.php?f=21&t=5225 Why should this topic be locked? Anyway, I did research about Xbash malware that I encountered in these files and I share them with you. rootv2.sh : 9dfbc591c3c5a157828469fd3776...

Re: pass function argument as Addr

 by nimaarek ¦  Fri Aug 10, 2018 8:40 am ¦  Forum: Newbie Questions ¦  Topic: pass function argument as Addr ¦  Replies: 3 ¦  Views: 3624

Thank you, but I was wondering something else
The code I provided was an example
I wanted to know if the parameter of this function is an address
How does the kernel determine which address is for which processor?

pass function argument as Addr

 by nimaarek ¦  Sat Jul 28, 2018 9:46 pm ¦  Forum: Newbie Questions ¦  Topic: pass function argument as Addr ¦  Replies: 3 ¦  Views: 3624

Hi, I have a beginner problem, but I can not answer and can not find it :roll: I want to use a kernel function, one of its values is the memory address As a result, I wrote an in the user-mode program to print a variable's address. Something like this: int main() { while(1) { printf("%x", &a); } ret...

Prepared environment for kernel programming

 by nimaarek ¦  Sat Jun 16, 2018 4:57 pm ¦  Forum: Newbie Questions ¦  Topic: Prepared environment for kernel programming ¦  Replies: 0 ¦  Views: 2330

Hello, Is there a custom Windows operating system for kernel programming? For example, the WDK package and the Visual Studio version related to it are installed And other settings for kernel programming and debugging It has been done Like This: www.kernelmode.info/forum/viewtopic.php?f=22&t=4922&p=3...

Question about FileSystem DeviceDriver

 by nimaarek ¦  Tue Jun 12, 2018 10:01 pm ¦  Forum: Kernel-Mode Development ¦  Topic: Question about FileSystem DeviceDriver ¦  Replies: 1 ¦  Views: 2827

Hello, I need to write a device driver that hooks up FileSystem activities. if the file was created or deleted, I would be informed by the driver. The problem is that the driver should work in all versions of Windows! Is there anything possible? Does the operating system architecture work effectivel...


 by nimaarek ¦  Wed Jul 19, 2017 9:15 pm ¦  Forum: Completed Malware Requests ¦  Topic: GhostCtrl (ANDROIDOS_GHOSTCTRL.OPS) ¦  Replies: 4 ¦  Views: 6422

Are all hashes related to one malware? or not?

I need this malware to investigate (research)