Tag:

winapi

Total:
Show all posts

Posts with the given tag:
  • Windows CSRSS cross-version API Table,
  • ANSI Escape Codes for Windows 7 RC,
  • Windows 7 - a list of change in exports, update,
  • Enter teh ANSI Escape Code support for internal cmd.exe commands and BAT scripts,
  • Windows 7 - short list of changes in kernel32.dll exports,
  • Lightsack - how to send data from CPC 464 to PC without owning the neccesery cables,
  • Freedom for everything - total annihilation of process memory,
  • Format bug, Vista and %n,
  • An interesting anti-RE schema,
  • Missing gettimeofday function and a race condition,
  • Fibers in a thread,

    • All posts with the given tag are shown below.
    2010-05-03:

    Windows CSRSS cross-version API Table

    windows:security:winapi:csrss
    Just a redirect-post for all you Windows researcher: Matthew has published a CSRSS opcode table on his blog - go and take a look - http://j00ru.vexillium.org/?p=349&lang=en :)


    Read more...
    No comments
    2009-05-12:

    ANSI Escape Codes for Windows 7 RC

    windows:bat:re:winapi:easy:asm:c:c++:tools
    Two days ago j00ru informed me that my cmd.exe add-on (the one that adds the ultra important feature - colors!) does not work on Windows 7 RC - so I decided to have a look, and so version 0.004d came into being!


    Read more...
    20 comments
    2009-01-20:

    Windows 7 - a list of change in exports, update

    win7:windows:winapi:easy:re
    I've made a few more compares between exports in DLLs in Windows Vista SP1 and Windows 7 Beta.


    Read more...
    2 comments
    2009-01-19:

    Enter teh ANSI Escape Code support for internal cmd.exe commands and BAT scripts

    windows:bat:re:winapi:easy:asm:c:c++
    Long, long time ago, in the DOS times that is, one could configure the command prompt to be colorful, one could echo colorful messages, etc. And one could do all that thanks to the ANSI escape codes - short commands echoed to the "screen" (stdout/stderr that is) that caused the colors to change, the cursor to move, or the screen to be cleaned. ANSI escape code well working quite well in DOS, and they even worked in Windows 95/98. However, with the arrival of the NT family, the ANSI support in the console ceased to exist (well, it was still available in the command.com interpreter, but it's 16-bit running under NTVDM, what makes it not the best choice, not to mention that the NTVDM is not available in the 64-bit Windows versions). (A short offtopic: on *nix systems ANSI escape code well available almost always, and they are still available today).


    Read more...
    31 comments
    2009-01-13:

    Windows 7 - short list of changes in kernel32.dll exports

    win7:windows:winapi:easy:re
    Finally You can download the official Windows 7 Beta release (unofficially You could do it for some time now). So I've downloaded it, installed it (looks cool), and started to play...


    Read more...
    No comments
    2009-01-02:

    Lightsack - how to send data from CPC 464 to PC without owning the neccesery cables

    cpc464:easy:windows:c++:winapi
    cpc464+camera+laptopWaiting for my new programmer (which will arrive "at the end of the week") I decided to dump RAM from my new Amstrad to my PC. But there was a problem - how to do it without having any cables to connect them, without floppies, etc? Well, I found a funny way to do it ;D

    Read more...
    1 comment
    2008-11-27:

    Freedom for everything - total annihilation of process memory

    c++:assembler:windows:winapi:medium
    Sitting in my hotel room at the Polish edition of PyCON, I started to think what would happen, if a normal Windows process wipes out (almost) all of it's memory. By "wipe out" I mean to free/unmap what is possible (VirtualFree and UnmapViewOfFile), and overwrite with zeroes the rest. I've started to experiment with this, wanting to know how will the system, and other applications, react to this uncommon process condition. Below I describe the creation of a test application (I've found a few interesting (imho) problems), and a funny thing OllyDbg does while attaching to such a process.


    Read more...
    7 comments
    2008-10-23:

    Format bug, Vista and %n

    vista:windows:winapi:c:c++:format bug:security:easy
    Recently I've talked with my teammate oshogbo about the format bug (aka format string attack), and when we got to testing a sample code, a thing that should work - the %n tag, didn't work at all. What's more interesting, this behavior was Vista specific, since everything else worked well on XP. I've decided to take a look inside, and here's what I've found out...


    Read more...
    2 comments
    2008-10-21:

    An interesting anti-RE schema

    re:malware:windows:security:easy:winapi
    Some time ago I've analyzed a piece of malware, which was protected using an interesting schema...


    Read more...
    No comments
    2008-10-15:

    Missing gettimeofday function and a race condition

    c:c++:race condition:windows:easy:winapi
    Todays post will be an out of order one, and it will be dedicated to the function gettimeofday on the Windows system, or to be precise, the lack of this function.


    Read more...
    5 comments
    2008-08-26:

    Fibers in a thread

    windows:winapi:c:c++
    Inspired by noglorps post on OpenRCE I've finally decided to play with Windows fibers, and I found out that it's quite an interesting topic.


    Read more...
    2 comments