Tag: coding

Rootkits

A Hello World driver for Windows 8.1

Simple Windows 8.1 WDM Hello World driver > Create a Windows 8.1 virtual machine. (I prefer vmware) > Run a command line with administrator permissions inside vm and execute: bcdedit.exe -set loadoptions DISABLE_INTEGRITY_CHECKSbcdedit.exe -set loadoptions DISABLE_INTEGRITY_CHECKS bcdedit.exe -set TESTSIGNING ONbcdedit.exe -set TESTSIGNING ON > Restart vm. > Install Visual Studio 2013 and WDK 8.1 (host …

Kernel, Rootkits

Load – Unload drivers during development

The easiest way to load your driver into the kernel, for testing, during kernel development is by creating a system service to load the driver for you. This method, of course, is not suggested for release due to forensics issues.   Windows API functions used in service installer: > OpenSCManager establishes a connection to the …

Kernel, Rootkits

Bad file name for catalogfile from [Version] section

Inf2Cat, signability test failed. Bad file name for catalogfile from [Version] section in \mydriver.inf The above errors occur while you are trying to build a Windows 7/Windows 8 or Windows 8.1 driver in Visual Studio 2013 with WDK 8 and you haven’t specify any Catalog filename in project’s settings. > Goto project properties page. > …

Debugging, Kernel, Rootkits

Faster Windows Kernel debugging with Virtual Machines

VirtualKD is a tool that improves your kernel debugging performance with VMWare and VirtualBox. It seamlessly integrates with WinDbg and dramatically reduces debugging latency. Compatible with Windows 10 and VirtualBox 5.x. Features Significantly improves kernel debugging performance with VMWare and VirtualBox. Supports Windows XP to Windows 10, 32-bit and 64-bit. Fixes truncated Driver Verifier load …

General

SDKDDKVer.h missing but WinSDK installed

This problem often occurs when you are trying to open an older vs project with Visual Studio 2015. > Goto Project Properties > VC++ Directories > Include Directories and add: C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Include\ > Goto Project Properties > VC++ Directories > Library Directories and add: C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Lib\ > Copy RC.exe and RcDll.dll …

Kernel, Rootkits

Windows Kernel Debugging

Windows Kernel Debugging using VMware Workstation 12+Windows 7 for the target system and Windows 8.1 for the host machine. > Setup a virtual machine with Windows 7. After Windows installation shut it down. > Enable virtual printers in VMware Workstation. Goto Edit->Preferences->Devices->Enable virtual printers. > Download WDK 10 from here and install it on the …

Footprinting, Hacking, Reconnaissance

IPGeoLocation – Retrieve IP Geolocation information

IPGeoLocation is a small free, open-source tool, coded in python 3, capable of retrieving geolocation information for the targeted IP address. IPGeoLocation makes use of this IP Geolocation API – http://ip-api.com/docs/. You can find IPGeoLocation source code on Github. IPGeoLocation is licensed under GPLv3.

Debugging, Programming

Basic debugging using CDB

Î’asic debugging using the Microsoft Console Debugger (CDB). You need WDK installed. Launch an application for debugging cdb.exe file.execdb.exe file.exe   Debugging a User-Mode Process Attaching to a Running Process cdb.exe -p process_idcdb.exe -p process_id cdb.exe -pn process_namecdb.exe -pn process_name Attaching to a Running Process Noninvasively Observe running process without affecting it cdb -pv -p …