Why reinventing the wheel isn't always wrong

Recently I was talking with one of my colleagues about computer science and the skills of those who have just taken their degree in Italy. We both agreed that the kind of knowledge you get attending the college is indeed more theoretical than practical ( and trust me, "informatic engineering" courses…

About (re)distributing open source apps ( dSploit )

It's a while I see compiled dSploit versions pop up on Google Play Store, most of the times the actual changes are just a matter of icons, other times are merely compiled versions of one of the nightly releases. Altough I can not ( and really don't want to ) avoid this…

Programmatically identifying and isolating functions inside executables like IDA does.

Even though it's one of the tools I use on a daily basis, Hex-Rays IDA always fascinates me for its completeness and the huge amount of informations it is able to extract using just a "simple" static analysis approach and being myself a "make yourself the tools you need" guy…

libpe - A fast PE32/PE32+ parsing library.

I've just published on github libpe, a C/C++ library to parse Windows portable executables ( both PE32 and PE32+ ) written with speed and stability in mind, released under the GPL 3 license. Currently the library is released as a Microsoft Visual Studio solution containing the library itself and an example…

On Windows syscall mechanism and syscall numbers extraction methods

Everyone who's familiar with operating systems theoretical structure, whether he attented a college course or he has just read a book on this subject, knows the concept of a system call i.e. how a user space application talks with the kernel asking it to perform various jobs such as…

Termination and injection self defense on Windows >= Vista SP1

On a previous post I've talked about how to perform API hooking at kernel level on 32bit Windows systems to prevent a process from being terminated. Today I'm gonna talk about OBR and callbacks, mainly to show how to achieve the same result on 64bit systems starting from Vista SP1…