Monitoring Native Execution in WoW64 Apps

Monitoring Native Execution in WoW64 Apps

Hack In The Box Security Conference via YouTube Direct link

VALID CALL TARGETS

10 of 26

10 of 26

VALID CALL TARGETS

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Monitoring Native Execution in WoW64 Apps

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 BACKGROUND
  3. 3 WoW64 system call overview
  4. 4 THE SOLUTION
  5. 5 INJECTION CONT.
  6. 6 INJECTION #1 - WOW64LOG.DLL
  7. 7 INJECTION 32 - HEAVEN'S GATE
  8. 8 INJECTION 33 - APC
  9. 9 CFG - CONTROL FLOW GUARD
  10. 10 VALID CALL TARGETS
  11. 11 CFG IN WOW64
  12. 12 BACK TO APC INJECTION
  13. 13 SO WHERE'S THE PROBLEM?
  14. 14 OPTION #1 - NATIVIZE THE PROCESS
  15. 15 NATIVIZE THE PROCESS - DOWNSIDES
  16. 16 OPTION #2 -"THUNKLESS" APC INJECTION
  17. 17 REQUIREMENTS
  18. 18 WHAT'S IN R9?
  19. 19 INLINE HOOKS 101
  20. 20 CONSTRAINTS
  21. 21 API RE-IMPLEMENTATION
  22. 22 BACK TO THE DRAWING BOARD #1
  23. 23 WORKS ON WINDOWS 10 BUT ONLY THERE.
  24. 24 BACK TO THE DRAWING BOARD #2
  25. 25 DEEP HOOKS - RECAP
  26. 26 REFERENCES

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.