A forum for reverse engineering, OS internals and malware analysis 

Search found 20 matches: j00ru

Searched query: j00ru

 Go to advanced search

Making ReactOS Great Again*, Part 1

 by EP_X0FF ¦  Mon Dec 17, 2018 1:11 pm ¦  Forum: Tools/Software ¦  Topic: Making ReactOS Great Again*, Part 1 ¦  Replies: 9 ¦  Views: 13991

... something I used 12 years ago against some Chinese antirootkits and some crapware mainstream antiviruses. For more recent info's you may refer to j00ru series of blogposts where he multiple times crashed Windows using the same principle. Idea is simple, two threads access same memory simultaneously, ...

Jump to post

Re: What Module Handles the Drawing of Windows, Cursor, etc..?

 by mrfearless ¦  Sun Oct 07, 2018 6:50 pm ¦  Forum: Kernel-Mode Development ¦  Topic: What Module Handles the Drawing of Windows, Cursor, etc..? ¦  Replies: 1 ¦  Views: 2813

... need to look: https://doxygen.reactos.org/dir_27871eb6ad510cc2c74bb4ae8f701fd6.html And some of the functions listed here might be useful: https://j00ru.vexillium.org/syscalls/win32k/32/ like NtGdiEngBitBlt, NtGdiBitBlt, NtGdiCreateCompatibleDC, NtGdiCreateCompatibleBitmap, NtGdiCreateSolidBrush ...

Jump to post

Re: ShadowSSDT win10

 by Out ¦  Mon Nov 27, 2017 10:50 am ¦  Forum: Newbie Questions ¦  Topic: ShadowSSDT win10 ¦  Replies: 3 ¦  Views: 7480

I`m test it with NtUserBuildHwndList and NtUserFindWindowEx (indexes from http://j00ru.vexillium.org/syscalls/win32k/64/)
Testing with usermode app that call EnumWindows, FindWindowA.

Jump to post

Re: loading x64 kernel mode code?

 by voroojax ¦  Wed Dec 11, 2013 10:52 am ¦  Forum: Kernel-Mode Development ¦  Topic: loading x64 kernel mode code? ¦  Replies: 8 ¦  Views: 19839

... example infecting MBR/VBR/NTFS. check these links, for more technical information. A quick insight into the Driver Signature Enforcement http://j00ru.vexillium.org/?p=377 Defeating Windows Driver Signature Enforcement #1: default drivers http://j00ru.vexillium.org/?p=1169 Defeating Windows Driver ...

Jump to post

Re: First edition of NoSuchCon Security Conference in Paris

 by kareldjag/michk ¦  Sun Apr 14, 2013 12:43 pm ¦  Forum: General Discussion ¦  Topic: First edition of NoSuchCon Security Conference in Paris ¦  Replies: 2 ¦  Views: 6896

hi,

An non ended overview of the speakers
http://www.nosuchcon.org/#speakers
Certainly interesting talks about Kernel exploitation by j00ru http://www.kernelmode.info/forum/search ... ords=j00ru and Nikita Tarakanov...
To be continued...

Rgds

Jump to post

Re: Hooking Shadow SSDT on Windows 7

 by mepitiean ¦  Sun Apr 14, 2013 9:48 am ¦  Forum: Newbie Questions ¦  Topic: Hooking Shadow SSDT on Windows 7 ¦  Replies: 10 ¦  Views: 22396

... i just take ur code nd try that for windows 7 x32 SP1 whether it is work in windows 7 i have changed the call number of apis as http://j00ru.vexillium.org/win32k_syscalls/.I got an BSOD orelse i can able to register my driver and unable to start service because i got an error like parameter ...

Jump to post

Re: Learning exploitation ?

 by Horgh ¦  Wed Dec 19, 2012 9:34 pm ¦  Forum: Newbie Questions ¦  Topic: Learning exploitation ? ¦  Replies: 3 ¦  Views: 7332

The Shellcoder's handbook Corelan.be exploit writing tutorials Technical blog posts about vulnerabilities (like VUPEN, j00ru work). Introduction To Software Exploits or Exploits 2: Exploitation in the Windows Environment or here You can train yourself on wargames like SmashTheStack ...

Jump to post

PiXiEServ

 by kareldjag/michk ¦  Sat Jun 16, 2012 7:12 pm ¦  Forum: Tools/Software ¦  Topic: PiXiEServ ¦  Replies: 0 ¦  Views: 4095

A bootkit study and research sample from Poland. The related polish paper http://j00ru.vexillium.org/blog/24_09_09/Bootkit%20vs%20Windows.pdf Blank virus total result https://www.virustotal.com/file/586c2ba8b3c9785e382fa37adb18c9f70d61ead3841c9360d0b20ad15d56353a/analysis/1339870667/ ...

Jump to post

Re: Updated windows Syscall Table

 by Tigzy ¦  Wed Nov 23, 2011 2:30 pm ¦  Forum: Kernel-Mode Development ¦  Topic: Updated windows Syscall Table ¦  Replies: 1 ¦  Views: 3336

ntapi_64: http://j00ru.vexillium.org/ntapi_64/

Jump to post

Updated windows Syscall Table

 by Tigzy ¦  Fri Nov 18, 2011 12:44 pm ¦  Forum: Kernel-Mode Development ¦  Topic: Updated windows Syscall Table ¦  Replies: 1 ¦  Views: 3336

Hello

Seen on Twitter: http://j00ru.vexillium.org/ntapi/
Updated with windows 8

Jump to post
 Go to advanced search