Tag Archives: Windows

Windows API Hash List 2

    ModuleName= C:\Windows\SysWOW64\ntdll.dll (0xDF956BA6)        Export: A_SHAFinal(0x736DA974)        Export: A_SHAInit(0xBFC6BCC1)        Export: A_SHAUpdate(0xCF06FD70)        Export: AlpcAdjustCompletionListConcurrencyCount(0x23B53BE8)        Export: AlpcFreeCompletionListMessage(0x02E14901)        Export: AlpcGetCompletionListLastMessageInformation(0x9254AE4E)        Export: AlpcGetCompletionListMessageAttributes(0x1B542730)        Export: AlpcGetHeaderSize(0x5C9A17B2)        Export: AlpcGetMessageAttribute(0x4F2DB942)        Export: AlpcGetMessageFromCompletionList(0xE0E08C02)        Export: AlpcGetOutstandingCompletionListMessageCount(0x199B910D)        Export: AlpcInitializeMessageAttribute(0x65D95C89)        Export: AlpcMaxAllowedMessageLength(0xF650E8D2)        Export: AlpcRegisterCompletionList(0xBD8E2C03)        Export: AlpcRegisterCompletionListWorkerThread(0x8D3B647D)        Export: AlpcRundownCompletionList(0xC366721E)        Export: AlpcUnregisterCompletionList(0x7B09D25B)        Export: AlpcUnregisterCompletionListWorkerThread(0x64F5C9F9)        … Continue reading

Posted in Malware, Malware Analyzer, Windows | Tagged , , , | 4 Comments

Visual Studio linking error with .lib files

Recently when I was developing a small python extension code , I faced a linking error. I looked into the functions and other things. Everything was looking good. In the end, I noticed that library I am including is for … Continue reading

Posted in python, Windows, Windows VC++ | Tagged , , , , , | Leave a comment

List of registry keys involved in reboot pending decision

1)  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates\UpdateExeVolatile                                 => != 02)  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations => Any value       HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations2                                       Locate all entries with a status of “Pending.”3)  HKEY_LOCAL_MACHINE\SYSTEM\CurrentSetXXX\Control\Session Manager\4)  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired5)  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Services\Pending\6)  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired\Mandatory7)  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\PostRebootReporting8)  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\DVDRebootSignal9)  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending10) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootInProgress11) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ServerManager\CurrentRebootAttempts

Posted in Windows | Tagged , | Leave a comment

tcpreplay for windows (using scapy-python)

Running tcpreplay in windows is a tedious job. As far as I have searched, I couldn’t able to find any tcpreplay binary that runs in windows(newer) or an alternative. We need to compile the tcpreplay source code using cygwin and … Continue reading

Posted in Pentest, Tools, Windows | Tagged , , , , , , , , , | 7 Comments

Writing filter drivers for protection mechanism

When you start writing some code using WDK it is good to have the following two files/document. Windows 7 WDK documentation     http://msdn.microsoft.com/en-us/windows/hardware/gg487458 Kernel Data and Filtering Support for Windows Server 2008    http://download.microsoft.com/download/4/4/b/44bb7147-f058-4002-9ab2-ed22870e3fe9/Kernal%20Data%20and%20Filtering%20Support%20for%20Windows%20Server%202008.doc    Most of the protection mechanism we try … Continue reading

Posted in Windows | Tagged , , , , , , , | Leave a comment