OpenRCE

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Created: Thursday, November 27 2008 10:59.09 CST

Printer Friendly ...

Freedom for everything - total annihilation of process memory

Author: GynvaelColdwind

# Views: 2367

Sitting in my hotel room at the Polish edition of PyCON, I started to think what would happen, if a normal Windows process wipes out (almost) all of it's memory. By "wipe out" I mean to free/unmap what is possible (VirtualFree and UnmapViewOfFile), and overwrite with zeroes the rest. I've started to experiment with this, wanting to know how will the system, and other applications, react to this uncommon process condition. Below I describe the creation of a test application (I've found a few interesting (imho) problems), and a funny thing OllyDbg does while attaching to such a process...

More at my blog...
http://gynvael.coldwind.pl/?id=93

Blog Comments

bw	Posted: Tuesday, December 2 2008 08:16.33 CST
gyn you're my hero :), when i grow up i wanna be just like you :)

GynvaelColdwind	Posted: Friday, December 5 2008 14:00.46 CST
Do you want a poster of me ? ;>>> Only 9,99$ ;D Btw, post some news will ya ? ;> Another day or two and people will start mixing up our blogs, since both get updated equally frequent ;D (or should I say, with a equal delay :D)

There are 28,220 total registered users.

Recently Created Topics
Reverse Engineering ...	Jan/23
Career: DoD Agency I...	Jan/22
"Disappearing&q...	Jan/17
Career: Software Sec...	Jan/11
Where is the call st...	Jan/07
IDA Pro 6.1 Breakpoi...	Jan/01
How to create data s...	Dec/30
can i search all mod...	Dec/23
IDA symbol table exp...	Dec/20
An anti-attach trick	Dec/17

Recent Forum Posts
Reverse Engineering ...	NirIzr
"Disappearing&q...	NirIzr
Reverse Engineering ...	charlie
"Disappearing&q...	charlie
An anti-attach trick	Bass
An anti-attach trick	waleeda...
An anti-attach trick	Bass
An anti-attach trick	waleeda...
An anti-attach trick	Bass
Looking for value in...	NirIzr

Recent Blog Entries
	waleedassar	Feb/06
OllyDbg v1.10 And Hardware ...
	waleedassar	Jan/31
Yet Another Anti-Debug Trick
	RolfRolles	Jan/22
Finding Bugs in VMs with a ...
	waleedassar	Jan/13
An OllyDbg Bug Disables Sof...
	waleedassar	Jan/01
Another OllyDbg Anti-Debug ...
More ...

Recent Blog Comments
	NirIzr on:	Feb/05
Yet Another Anti-Debug Trick
	trolotou on:	Feb/05
Doudoune Moncler -Pennies F...
	waleedassar on:	Feb/01
Yet Another Anti-Debug Trick
	NirIzr on:	Jan/31
Yet Another Anti-Debug Trick
	jackchen on:	Jan/10
nike mercurial vapor iii
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit