Blogspot - redplait.blogspot.com - протез памяти
General Information:
Latest News:
exref.pl 24 Aug 2013 | 09:29 pm
a very common problem in static code analysis is finding an exported functions that refers to some desired address. For example KseEngine has 21 references in windows kernel but only 5 of these functi...
wincheck rc8.49 21 Aug 2013 | 08:35 pm
Download mirror Changelog: add checking of shims inside apphelp.dll add checking of ole32 hook callbacks like pfnInitHookOle/pfnUninitHookOle/pfnEnableHookObject etc add some identification of appl...
how to find ntdll!LdrpHashTable 7 Aug 2013 | 08:21 pm
Old article (warning - it is written in French and has eye-breaking font) describes a good idea of loaded modules cross-scaning using LdrpHashTable. But Ivanlef0u did not show how you can find address...
Inside the Microsoft Build Engine 4 Aug 2013 | 09:03 pm
it seems that book contains huge amount of misprints. for example on page 79: The syntax when accessing a static property would be as follows: $({ClassName}::{PropertyName}) o`k, lets check sample of...
wincheck rc8.48 26 Jul 2013 | 08:15 pm
Download mirror Changelog: add some support of windows server 2012 r2 fixed logic for addresses extracting from windows 8.1 preview win32k.sys fixed opening of protected processes on windows 8.1 pr...
updated perl binding for IDA Pro 17 Jul 2013 | 06:23 pm
I add functions for accessing cmd structure Now you can do things like this: Sample of output: real: lea ebp, [edx+ecx*4], lea: ea: 2E29172 flags: 0 insnpref: 0 segpref: 0 ip: 2E29172 auxpref: 18...
wincheck rc8.47 10 Jul 2013 | 08:07 pm
Download mirror Changelog: interrupts dumping now works on w8.1 preview 32bit fixed NDIS interfaces under w8.1 preview fixed registry notifiers for w8.1 preview 64bit modules loaded by wdfldr now ...
interrupts in w8.1 8 Jul 2013 | 07:01 pm
Lets see what windbg !idt command say: Dumping IDT: 37: 817d0acc hal!HalpX86InterruptSpuriousService c0: 817d0b78 hal!HalpX86InterruptStubService d1: 817d1878 hal!HalpTimerClockInterrupt d2: 817d1b54...
wincheck rc8.46 4 Jul 2013 | 06:16 pm
Download mirror Some initial support of windows 8.1 preview was added Known problems: -idt option does not work on 32bit w8.1. Btw !idt command in windbg also shows trash NDIS interfaces are not sho...
w8.1 preview GetVersionEx - wtf ? 2 Jul 2013 | 06:18 pm
Some simple code: OSVERSIONINFOEX osvi; ZeroMemory(&osvi, sizeof(OSVERSIONINFOEX)); osvi.dwOSVersionInfoSize = sizeof(OSVERSIONINFOEX); if (!::GetVersionExW((LPOSVERSIONINFOW)&osvi)) return 0...