877.791.9571 |

About the Author:

Dejan Lukan is a security researcher for InfoSec Institute and penetration tester from Slovenia. He is very interested in finding new bugs in real world software products with source code analysis, fuzzing and reverse engineering. He also has a great passion for developing his own simple scripts for security related problems and learning about new hacking techniques. He knows a great deal about programming languages, as he can write in couple of dozen of them. His passion is also Antivirus bypassing techniques, malware research and operating systems, mainly Linux, Windows and BSD. He also has his own blog available here: http://www.proteansec.com/.

Writing Windows Kernel Mode Driver

Introduction

In this tutorial, we’re going to use the Windows Driver Mode (WDM) which provides us greater flexibility than other modes while being harder to use. We’ll take a look […]

windowsBootProcess-04042013

Windows Booting Process

Introduction

In the previous tutorial, we’ve seen how one would go about booting the Linux operating system by using GRUB. We presented the basic overview of the booting process in […]

linuxBooting-04032013

Linux Booting Process

Introduction

In this article, we’ll take a closer look at the booting process of the Linux operating system. We’ve already described the booting process in this article, especially how the […]

kernal-debug-symbol-04012013

Windows Kernel Debugging Symbols and Commands

Introduction
In this tutorial, we’ll introduce a few basic tools that we need to have available when doing kernel debugging on Windows. Besides that, we’ll present Windows debuggers that can […]

Sysenter-03292013

The Sysenter Instruction and 0x2e Interrupt

In this article, we’ll present a couple of examples where we’ll be using the 0x2e int instruction to interrupt the kernel and call some interrupt service routine. We’ll also […]

UDT-03282013

Protected Mode and the IDT

Introduction

The MSDOS system uses IVT (Interrupt Vector Table) to hold the interrupt vectors that are called whenever some action occurs: like an interrupt is generated. But modern execution environments, […]

Kernel-Mode-03262013

Windows Architecture and User/Kernel Mode

Introduction

Each process started on x86 version of Windows uses a flat memory model that ranges from 0×00000000 – 0xFFFFFFFF. The lower half of the memory, 0×00000000 – 0x7FFFFFFF, is […]

protected-memory-03252013

Handling Memory in Protected Mode

Introduction

In the past, systems such as MSDOS used the real mode, and it had no protections against accessing any memory address. Programs then were able to access even the […]

Physical-Address-03202013

Translating Virtual to Physical Address on Windows: Physical Addresses

Getting the Physical Address Manually

So far we’ve figured that the virtual address is the same as linear address, so in the next part of the article we can use […]

Physical-Address-03202013

Translating Virtual to Physical Address on Windows: PAE, Virtual and Linear Addresses

Checking if PAE is Enabled

This was discussed in the first portion of this tutorial: please review before proceeding.

Getting the Virtual Address

The next thing we need to do is to […]

Physical-Address-03202013

Translating Virtual to Physical Address on Windows: Segmentation

Introduction

In this tutorial, we’ll go over the process of translating a virtual address to physical address the way a processor does it. To begin, let’s present a short overview […]

Log-Keystrokes-03182013

Logging Keystrokes with MSDOS: Part 2

Before reading this article, please take a look at the first part of the article accessible here. Also note that there will be no more articles regarding hooking of […]

Log-Keystrokes-03182013

Logging Keystrokes with MSDOS: Part 1

Introduction

In the previous article, we saw how we can compile the source code to a 16-bit binary executable, create an iso image with the executable stored in them and […]

IA-32-03152013

The IA-32 Real Mode and Interrupts

Introduction

We all know that the IA-32 processors have two modes of operation: real mode and protected mode. But why would we want to talk about real mode? The first […]

Interrupt-Vector-Table03132013

MSDOS and the Interrupt Vector Table (IVT)

Introduction

Upon booting up MSDOS, we can observe the memory using the “mem /d /p” command, which will show us exactly which part of memory is used by the system, […]

MemoryModel-03132013

Memory Models

Memory

We know about user mode and kernel mode, and how programs in user-mode can only use the memory from 0×00000000 to 0x7FFFFFFF, while the system uses the memory from […]

Registers-03042013

Presenting Registers

Introduction

Let’s present all of the registers, as seen in OllyDbg:

Let’s explain this picture a little better. At the top of the picture, the general purpose registers are given. The […]

KernelDebugging-03012013

Introduction to Kernel Debugging

Introduction

Before trying to debug the kernel, we must first understand a few things. We must know what the Rings in computer security are. Let’s take a look at the […]

Reversing-If-Statement-02282013

Reverse Engineering If Statements

Introduction

Summary: In this article, we’ll present a simple program that uses ‘if’ statements and then we’ll try to reverse engineer the compiled version of the program to figure out […]

Reversing-switch-02272013

Reversing Switch Statements

Introduction

In this article we’ll take a look at all the optimizations the compilers use to assembly the high-level switch statements into their assembly representations.

Switch Statements

The first example that we’ll […]