June 22, 2013
Virtualization can be utilized to reach various goals as monitoring system, system resources and applications as well. It can be used for full system virtualuzation, but i like apporach using it just as a tool too . This post will shortly cover implementation of mini-hypervisor (which is now available on github) for intel vt-x on x64 platform, and demonstrate concept how-to-use-it.
June 4, 2013
In this post i will take a look at PatchGuard, at classic scenario of bypassing this protection and also at little bit diferent one. I will also examine new way (bust most probably not new, just reinvented cause it is too obvious and quite efective) how to locate & abuse page guard context and its behaviour.
typedef struct _KDPC
volatile USHORT Number;
__volatile PVOID DpcData;
} KDPC, *PKDPC, *PRKDPC;
PoC and some explanation of code, of its weaknes and points to research are included