Overview
Explore the intricacies of WoW64 architecture in this technical conference talk from HITB2021AMS. Dive deep into the translation design used for running 32-bit Portable Executable files on 64-bit Windows systems. Discover how to reverse engineer the WoW64 architecture, uncover potential vulnerabilities, and learn about advanced techniques for bypassing security measures. Gain insights into topics such as direct calls to 64-bit NtDLL, FireWalker's approach to bypassing EDR hooking, and rebuilding the translation engine. Benefit from the speaker's extensive experience in reverse engineering, machine language, and Windows vulnerability analysis as you explore cutting-edge concepts in cybersecurity and system architecture.
Syllabus
Intro
Outline
Chamber
Reversing Engineering
Recap
WoWGrill
WoW Injector
Taught by
Hack In The Box Security Conference