About (re)distributing open source apps ( dSploit )

It's a while I see compiled dSploit versions pop up on Google Play Store, most of the times the actual changes are just a matter of icons, other times are merely compiled versions of one of the nightly releases. Altough I can not ( and really don't want to ) avoid this…

Programmatically identifying and isolating functions inside executables like IDA does.

Even though it's one of the tools I use on a daily basis, Hex-Rays IDA always fascinates me for its completeness and the huge amount of informations it is able to extract using just a "simple" static analysis approach and being myself a "make yourself the tools you need" guy…

libpe - A fast PE32/PE32+ parsing library.

I've just published on github libpe, a C/C++ library to parse Windows portable executables ( both PE32 and PE32+ ) written with speed and stability in mind, released under the GPL 3 license. Currently the library is released as a Microsoft Visual Studio solution containing the library itself and an example…

On Windows syscall mechanism and syscall numbers extraction methods

Everyone who's familiar with operating systems theoretical structure, whether he attented a college course or he has just read a book on this subject, knows the concept of a system call i.e. how a user space application talks with the kernel asking it to perform various jobs such as…

Termination and injection self defense on Windows >= Vista SP1

On a previous post I've talked about how to perform API hooking at kernel level on 32bit Windows systems to prevent a process from being terminated. Today I'm gonna talk about OBR and callbacks, mainly to show how to achieve the same result on 64bit systems starting from Vista SP1…

Process introspection for fun and profit

While studying Windows internals for my job, I had to deepen my knowledge of executable loading process, including their memory layout, address relocations and so on. I came accross the PEB ( process environment block ), a data structure ( mostly undocumented ) that NT systems use internally to handle many aspects of a…