A forum for reverse engineering, OS internals and malware analysis 

Search found 48 matches

 Go to advanced search

Find what terminated your process..

 by listito ¦  Tue Sep 27, 2011 9:26 am ¦  Forum: Newbie Questions ¦  Topic: Find what terminated your process.. ¦  Replies: 5 ¦  Views: 5366

There's something very strange going on, some dll(i believe a malware) seems to be injected into all processes, and when i'm using some programs sometimes it executes invalid instructions into the dll and crashes the program, and when i try to unload the dll it suddenly terminates the program, is th...

Re: Interactive service win 7

 by listito ¦  Sat Sep 24, 2011 1:47 am ¦  Forum: Newbie Questions ¦  Topic: Interactive service win 7 ¦  Replies: 2 ¦  Views: 3227

hey thanks xqrzd, now i'd like to know why is my process consuming 100% of processor for a couple of seconds?

Interactive service win 7

 by listito ¦  Fri Aug 05, 2011 5:03 pm ¦  Forum: Newbie Questions ¦  Topic: Interactive service win 7 ¦  Replies: 2 ¦  Views: 3227

Hello,

i used to run a program with system privileges on windows xp, but can't do it in win 7, the program is executed in another context i guess, could anyone help me with that?

Re: Win x64 ring0 protection

 by listito ¦  Thu Mar 10, 2011 10:43 am ¦  Forum: Newbie Questions ¦  Topic: Win x64 ring0 protection ¦  Replies: 4 ¦  Views: 5894

hey thanks, but i'm just thinking, how secure are these callbacks?

Win x64 ring0 protection

 by listito ¦  Thu Mar 10, 2011 9:50 am ¦  Forum: Newbie Questions ¦  Topic: Win x64 ring0 protection ¦  Replies: 4 ¦  Views: 5894

Hello, i'd like to ask you guyz about something, if it's not allowed to ssdt hook in win x64, how do av's manage to detect and forbid certain types of access?

Is there any way to forbid OpenProcess() without ssdt hooking?

Re: Kernelmode Driver to Emulate Keyboard

 by listito ¦  Fri Feb 11, 2011 11:53 am ¦  Forum: Kernel-Mode Development ¦  Topic: Kernelmode Driver to Emulate Keyboard ¦  Replies: 4 ¦  Views: 6592

hey thanks for help,

but X is not running, the application is using directfb to handle inputs, i really need to make this thing :(

Re: Kernelmode Driver to Emulate Keyboard

 by listito ¦  Thu Feb 10, 2011 8:06 pm ¦  Forum: Kernel-Mode Development ¦  Topic: Kernelmode Driver to Emulate Keyboard ¦  Replies: 4 ¦  Views: 6592

ok, thanks

Any tip for linux? I just think emulating keyboard into a particular aplication running it's ok, no need to code ring0 stuff

Any idea how can i do it?

Kernelmode Driver to Emulate Keyboard

 by listito ¦  Thu Feb 03, 2011 1:47 am ¦  Forum: Kernel-Mode Development ¦  Topic: Kernelmode Driver to Emulate Keyboard ¦  Replies: 4 ¦  Views: 6592

Hello,

I'd like some help to develop a ring3 software to send some kind of flag to my kernelmode driver and simulate a keypressing in low level

And i need to do that in both windows and linux,

Any help is very apreciated