A forum for reverse engineering, OS internals and malware analysis 

Search found 4315 matches

 Go to advanced search

Ransom/AveMaria

 by EP_X0FF ¦  Wed Feb 27, 2019 2:22 pm ¦  Forum: Malware ¦  Topic: Ransom/AveMaria ¦  Replies: 0 ¦  Views: 441

https://www.zdnet.de/88351787/malware-ave_maria-nutzt-unegepatchte-sicherheitsluecken-zur-rechteausweitung/ https://securityaffairs.co/wordpress/79757/malware/the-ave_maria-malware.html Primitive copy-paste ransomware. VT https://www.virustotal.com/en/file/0cc95d376267ae78c309fd5f60f3083670b1c2616b...

Re: Question about WinObjEx output

 by EP_X0FF ¦  Sat Feb 23, 2019 2:02 am ¦  Forum: Newbie Questions ¦  Topic: Question about WinObjEx output ¦  Replies: 1 ¦  Views: 276

It mean what written. IRP handler of object located in one module is set to handler in the other module.

Patchguard in win7 doesn't check some areas. As far as I remember inline hooking of win32k table was used by sandboxie before. Microsoft closed this in Win8. http://www.kernelmode.info/forum/viewtopic.php?f=14&t=2416 As for your links: 1) https://stackoverflow.com/questions/20552300/hook-zwterminate...

Re: How to emulate LOW IL ?

 by EP_X0FF ¦  Fri Jan 25, 2019 2:41 pm ¦  Forum: User-Mode Development ¦  Topic: How to emulate LOW IL ? ¦  Replies: 6 ¦  Views: 1920

EP_X0FF , thank you, your code works good. I have one question, only for myself education. Microsoft tells, that Low Sid ID is - "S-1-16-1024"; But in book "Writing Secure Code for Windows Vista" (Howard,LeBlank) there is another string for low ID - "S-1-16-4096". Why and where is it right? That is...

Re: How to emulate LOW IL ?

 by EP_X0FF ¦  Fri Jan 25, 2019 4:06 am ¦  Forum: User-Mode Development ¦  Topic: How to emulate LOW IL ? ¦  Replies: 6 ¦  Views: 1920

Heh, well pretty much what could you expect from MSDN Microsoft code, isn't it? Try this instead. BOOL Exec( _In_ LPWSTR lpszCommandLine, _In_ LPWSTR lpszDirectory, _In_ DWORD dwSubAuthority, _In_ BOOL WaitForExit ) { BOOL cond = FALSE; BOOL bResult = FALSE; HANDLE hToken = NULL, hNewToken = NULL; S...

Re: Making ReactOS Great Again*, Part 1

 by EP_X0FF ¦  Wed Jan 23, 2019 8:22 am ¦  Forum: Tools/Software ¦  Topic: Making ReactOS Great Again*, Part 1 ¦  Replies: 9 ¦  Views: 11115

Post disapproved as offtopic. Currently your devs only succeeded in what they are presumable do better than anything else - in adding "their copyrights" https://i.imgur.com/rXcwlAH.png https://i.imgur.com/7UbtY5t.png This one doesn't even bothered to fix intentionally left bug in rocall, ofc he was ...

Re: How to emulate LOW IL ?

 by EP_X0FF ¦  Wed Jan 23, 2019 7:50 am ¦  Forum: User-Mode Development ¦  Topic: How to emulate LOW IL ? ¦  Replies: 6 ¦  Views: 1920

Re: Making ReactOS Great Again*, Part 1

 by EP_X0FF ¦  Fri Jan 18, 2019 6:11 am ¦  Forum: Tools/Software ¦  Topic: Making ReactOS Great Again*, Part 1 ¦  Replies: 9 ¦  Views: 11115

There was a paid audit of all your code made in 2015. Results were really terrifying. Really? I'm very curious about this. Who did this paid audit in 2015? Can you provide a link to where I can see more about this paid audit of ReactOS code? What else do you need? GPS coordinates of some rare pokem...

Re: Making ReactOS Great Again*, Part 1

 by EP_X0FF ¦  Wed Jan 16, 2019 4:10 pm ¦  Forum: Tools/Software ¦  Topic: Making ReactOS Great Again*, Part 1 ¦  Replies: 9 ¦  Views: 11115

Hello, At first, the previous fanboy post have been disapproved. Project that is in alpha state 20 years is a dead project. So don't waste your time posting this again. I usually don't repeat things twice or more. At second, the fairy tales about "clean rooms", "super-developers", "great contributor...

  • 1
  • 2
  • 3
  • 4
  • 5
  • 432