nixawk

``` #include #include #include #include // To ensure correct resolution of symbols, add Psapi.lib to TARGETLIBS // and compile with -DPSAPI_VERSION=1 #define ARRAY_SIZE 1024 int main( void ) { LPVOID...

Stack VS Heap

2

## Stack vs Heap So far we have seen how to declare basic type variables such as int, double, etc, and complex types such as arrays and structs. The way...

The x86 architecture has - **8 General-Purpose Registers (GPR)** - **6 Segment Registers** - **1 Flags Register** - **1 Instruction Pointer** 64-bit x86 has additional registers. ## General-Purpose Registers (GPR)...

## Debug Windows Kernel on Mac OS X  ## Server ``` serial0.present = "TRUE" serial0.fileType = "pipe" serial0.fileName = "/private/tmp/com1" serial0.tryNoRxLoss = "FALSE" serial0.pipe.endPoint = "server" ``` ### [Windows...

Windows Exploits - Unicode Buffer Overflows

2

``` #include "stdafx.h" #include #include int main(int argc, char* argv[]) { int UnicodeStrLen; UINT CodePage; DWORD dwFlags; LPCSTR lpMultiByteStr; int cbMultiByte; LPWSTR lpWideCharStr; int cchWideChar; CodePage = GetACP(); dwFlags =...

- [PsCreateSystemThread](https://msdn.microsoft.com/en-us/library/windows/hardware/ff559932(v=vs.85).aspx) - [PsTerminateSystemThread](https://msdn.microsoft.com/en-us/library/windows/hardware/ff559959(v=vs.85).aspx) - [KeDelayExecutionThread](https://msdn.microsoft.com/en-us/library/windows/hardware/ff551986(v=vs.85).aspx) - [KeInitializeEvent](https://msdn.microsoft.com/en-us/library/windows/hardware/ff552137(v=vs.85).aspx) - [KeSetEvent](https://msdn.microsoft.com/en-us/library/windows/hardware/ff553253(v=vs.85).aspx) - [KeWaitForSingleObject](https://msdn.microsoft.com/en-us/library/windows/hardware/ff553350(v=vs.85).aspx) - [KeResetEvent](https://msdn.microsoft.com/en-us/library/windows/hardware/ff553176(v=vs.85).aspx)

## References - [KeQueryTimeIncrement](https://msdn.microsoft.com/en-us/library/windows/hardware/ff553075(v=vs.85).aspx) - [KeQuerySystemTime](https://msdn.microsoft.com/en-us/library/windows/hardware/ff553068(v=vs.85).aspx) - [ExSystemTimeToLocalTime](https://msdn.microsoft.com/en-us/library/windows/hardware/ff545622(v=vs.85).aspx) - [RtlTimeToTimeFields](https://msdn.microsoft.com/en-us/library/windows/hardware/ff562884(v=vs.85).aspx) - [KeSetTimer](https://msdn.microsoft.com/en-us/library/windows/hardware/ff553286(v=vs.85).aspx)

``` HANDLE reg_key = NULL; NTSTATUS status; UNICODE_STRING key_path = RTL_CONSTANT_STRING(L"\\Registry\\Machine\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion"); OBJECT_ATTRIBUTE object_attribute = {0}; InitializeObjectAttributes( &object_attribute, &key_path, OBJ_CASE_INSENSITIVE, NULL, NULL ); status = ZwOpenKey(&reg_key, KEY_READ, &object_attribute); if (!NT_SUCCESS(status))...

## ZwCreateFile ``` HANDLE file_handle = NULL; NTSTATUS status; OBJECT_ATTRIBUTES object_attributes; UNICODE_STRING ufile_name = RTL_CONSTANT_STRING(L"\\??\\C:\\a.out"); InitializeObjectAttributes( &object_attributes, &ufile_name, OBJ_CASE_INSENSITIVE|OBJ_KERNEL_HANDLE; NULL, NULL ); status = ZwCreateFile( &file_handle, GENERIC_READ | GENERIC_WRITE, &object_attributes,...

``` /* A device driver is different from a normal user level program, so its installation and execution are more complex, because we are in the kernel space. We have...