Introduction In the previous article we’ve seen that whether we’re using the int 0x2e interrupt or sysenter instruction, the same method in kernel is being
Abstract Over the years, the Linux operating system has become more popular among the developer community due to a significant cost advantage over proprietary platforms.
Introduction You’ve probably heard about Windbg before, right? It’s a Windows debugger written by Microsoft that’s used by developers and hackers for debugging the OS.
Let’s present the whole PE file structure with the picture below (taken from [5]): At the beginning there’s a DOS header, which is an MS-DOS
You can take a look at the previous article before reading this one. If you already understand the basics of IAT table, then you can skip
We know that when the operating system loads the executable, it will scan through its IAT table to locate the DLLs and functions the executable
Simple Example of Export Directory Let’s take a look at a simple example to understand how the export directory is used by the executables/libraries. Let’s
INTRODUCTION: In 1988, the first buffer overflow was exploited to compromise many systems. After 20 years, applications are still vulnerable, despite the efforts made in
In the previous part of the article, we’ve explained how to compile the Windows kernel driver. Now that we know how to compile the driver,
Introduction In the previous article, I’ve written and described a kernel mode driver, but I haven’t actually done anything with it. There’s something missing in that
Introduction If you haven’t read the first two articles yet, here and here, then you probably should, because they are essential to understanding what we’ll
General Overview Before going any deeper on this subject, we need to clarify a huge ambiguity regarding signing for versioning and signing for protecting. A
Details of Driver Development Environment In the previous article , we saw that upon installing WDK 7.1.0, we got build environments for Windows 7, Windows
Introduction In this tutorial, we’re going to use the Windows Driver Mode (WDM) which provides us greater flexibility than other modes while being harder to
Introduction In the previous tutorial, we’ve seen how one would go about booting the Linux operating system by using GRUB. We presented the basic overview
Introduction In this article, we’ll take a closer look at the booting process of the Linux operating system. We’ve already described the booting process in
Introduction In this tutorial, we’ll introduce a few basic tools that we need to have available when doing kernel debugging on Windows. Besides that, we’ll
In this article, we’ll present a couple of examples where we’ll be using the 0x2e int instruction to interrupt the kernel and call some interrupt
Introduction The MSDOS system uses IVT (Interrupt Vector Table) to hold the interrupt vectors that are called whenever some action occurs: like an interrupt is
Introduction Each process started on x86 version of Windows uses a flat memory model that ranges from 0×00000000 – 0xFFFFFFFF. The lower half of the
