#!/usr/bin/python # # #Module Name: # # sample1.py # #Abstract: # # - Display target version. # - Build a physical memory dump from a hibernation file. # #Environment: # # - Python # #Revision History: # # - Matthieu Suiche # import sys import sandman if len(sys.argv) != 3: print "Matthieu Suiche - http://sandman.msuiche.net/" print "Usage: sample.py hiberfil.sys physical_dump.vmem" sys.exit(1) s = sandman.hiber_open(sys.argv[1]) ver = sandman.hiber_get_version(s); print "Windows version %d.%d.%d\n" % (ver & 0xFF, (ver & 0xFF00) >> 8, ver >> 16) print "Generate physical memory dump..." sandman.hiber_dump(s, sys.argv[2]) print "Done." sandman.hiber_close(s)
This paper exposes part II of my previous article about Windows Vista and internals structures. This one is talking about the 32bits version and aims to show new authencity tricks.
Download it from the following link: Windows_Vista_32bits_and_unexported_kernel_symbols.pdf
Cheers,
Hi,
I’m gonna published my (the?) first paper of the year 2007 !! :)
This article is talking about Windows Vista 64bits and its system structures which are proteged against rootkit. I also explain how these structures can be authentified without Pathguard.
Windows Vista 64bits and unexported kernel symbols.pdf
Happy New Year !!!
Hi there!
I’m proud to announce I did my first commit for tinykrnl !
http://svn.reactos.ru/svn/tinykrnl?view=rev&revision=729
There are 31,328 total registered users.
[+] expand
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}