Tag Archive: ZwQuerySystemInformation


[Delphi]PEB from WoW64 Process

Filed under: Coding, Delphi, SnippetLeave a comment
October 14, 2011

playing PEB (Process Environment Block) again :D . Now try Extract PEB information from 64bit process, use Wow64 api.

about WoW64 :
[url]http://en.wikipedia.org/wiki/WoW64[/url]
[url]http://msdn.microsoft.com/en-us/library/aa384274(v=vs.85).aspx[/url]

Instead of using the x86 system-service call sequence, 32-bit binaries that make system calls are rebuilt to use a custom calling sequence. This calling sequence is inexpensive for WOW64 to intercept because it remains entirely in user mode. When the custom calling sequence is detected, the WOW64 CPU transitions back to native 64-bit mode and calls into Wow64.dll. Thunking is done in user mode to reduce the impact on the 64-bit kernel and to reduce the risk of a bug in the thunk that might cause a kernel-mode crash, data corruption, or a security hole. The thunks extract arguments from the 32-bit stack, extend them to 64 bits, then make the native system call.

View full article »

Tags: , , , , , , , ,
Read More & Comment

[Delphi] Process Detection – Handle Table Enumeration

Filed under: Coding, Delphi, Snippet6 Comments
August 20, 2011

just some code requested for detect process by handle table enumeration..

View full article »

Tags: , , , ,
Read More & Comment

[Delphi] Hidden Thread Detection

Filed under: Coding5 Comments
May 25, 2011

Got borred today so code some snippet, maybe bisa dijadikan referensi…

Apa yang saya coding hari ini merupakan implementasi dari chat dengan teman saya ( fajar anggiawan ) 2 bulan yang lalu. Waktu itu saya tanya2 about bagaimana sih pcmedia mendeteksi stealty virus (virus yang menggunakan teknologi untuk menyembunyikan dirinya like code injection) berhubung pada waktu itu lagi gempar2nya virus ramnit. Om Fuajar pun memberikan kisi2 dalam mendeteksi virus like ramnit tersebut yaitu dengan :

View full article »

Tags: , , , , ,
Read More & Comment

[Delphi] Unlock File And Share Nice Utils

Filed under: Coding, Delphi, Snippet2 Comments
April 21, 2011

Tadi keasikan browse blognya IvanleF0u’s, eh saya liat ada tutorial yang menarik yaitu tentang system handle information dan bagaimana sih program file unlocker bekerja … ? link tutornya here (bahasa france so use translate google :P ). Garis besar dari tutorialnya sih untuk meng’Unlock file maka perlu membebaskan penggunaan dari file itu seperti kill processnya, jika berupa dll unload it, and close handlenya di system handle information.

adapun codenya saya share satu unit aja yah, malas extract :D , btw here u go the code..
View full article »

Tags: , , , , , ,
Read More & Comment

[Delphi] PEB Module Manipulation

Filed under: Coding, Delphi, SnippetLeave a comment
April 18, 2011

Beberapa fungsi PEB module manipulation, semoga berguna..

View full article »

Tags: , , , , , ,
Read More & Comment
Follow

Get every new post delivered to your Inbox.