j00ru//vx tech blog Coding, reverse engineering, OS internals covered one more time

3Jul/104

Attacking the Host via Remote Kernel Debugger (Virtual Machines)

NOTE: This post is highly related to the research performed by Alex Ionescu. He is going to present the results of his work on the RECON2010 conference, during his Debugger-based Target-to-Host Cross-System Attacks speech. As it turns out, me and Alex have been working on the same subject concurrently - while I have only managed to perform cursory analysis of the mechanism, Alex has carried out a thorough analysis and possibly developed a PoC for a real vulnerability ;) Besides this, I would like to share some of my ideas and conclusions which I came up with, during a short period of the recent weeks ;)

Filed under: Conferences, OS Internals, Ring0, Ring3, hacking, kernel, malware, rootkit Continue reading
16Jan/103

“Descriptor tables in kernel exploitation” – a new article

Hi there!

Not so long (a few weeks, actually) ago, me together with Gynvael Coldwind had a chance to carry out a research regarding the Global and Local Descriptor Tables being used as a write-what-where target, while exploiting ring-0 vulnerabilities on 32-bit Microsoft Windows NT-family systems. The result of our work is a small article, describing the actual steps taken in order to escalate the privileges through GDT/LDT. As usual, exemplary source code snippets are available (attached to the document), so that the reader can check their effectiveness on his own.

Filed under: Assembler, C, Cpp, OS Internals, Programming, Ring0, Undocumented API, Windows 7, Windows Vista, Windows XP, hacking, kernel, rootkit Continue reading
11Nov/092

Win32k.SYS system call table

Everyone who has ever had some serious contact with how the Windows kernel mechanisms work, was probably in need to access a complete system call number list (together with the handlers' definitions). As one of the most important part of the communication process between user's applications and kernel, SSDT is commonly used for both clearly practical purposes (such as hooking  system services in order to modify the OS behavior in certain situations), as well as theoretical research or discussions.

Filed under: OS Internals, Ring0, Windows 7, Windows Vista, Windows XP, blog, kernel, rootkit Continue reading
   

Pages

Projects

Windows Graphical System Call Table x86

Windows Graphical System Call Table x86-64

Windows CSRSS Api Table

Windows CSRSS Api List

Recent Posts

Recent Comments

  • j00ru: @Ivanlef0u: Hey. As for the first question, well… there is no particular reason for using...
  • Ivanlef0u: Yo, Stupid question but why do you use GetFSBase() for GetThreadSelectorEntry() ? You can use : mov...
  • j00ru: @NCR: Mmm… you should know it, already?;D
  • NCR: @j00ru: what could it be? :P
  • j00ru: @frank boldewin: thanks mate ;) @NCR: Ahaha, yeah ;D I’ve got something for ya btw.

Categories

Blogroll