Press "Enter" to skip to content

Posts published in “Tutorials”

Hypervisor From Scratch – Part 7: Using EPT & Page-Level Monitoring Features

Sina Karvandi 0

Introduction This is the 7th part of the tutorial Hypervisor From Scratch, and it’s about using the Extended Page Table (EPT) in an already running system. As you might know, paging is an essential part of managing memory on modern operating systems. Hypervisors use an additional paging table; this gives us an excellent opportunity to monitor different aspects of memory (Read-Write-Execute) without modifying the operating systems page-tables. EPT is a hardware mechanism, so it’s fast, but on the other hand,…

Reversing Windows Internals (Part 1) – Digging Into Handles, Callbacks & ObjectTypes

Sina Karvandi 6

Introduction Welcome to the first part of a series of posts about Exploring & Reversing Windows Concepts and Internals. If you reach here then you’re probably a security researcher or a programmer and this post and similar posts can help you understand what’s going on in some parts of Windows when you use objects with different users and credentials and what you can expect from Windows and how it internally works. If you want to follow other parts of this…

Hypervisor From Scratch – Part 6: Virtualizing An Already Running System

Sina Karvandi 17

Introduction Hello and welcome to the 6th part of the tutorial Hypervisor From Scratch. In this part, I try to give you an idea of how to virtualize an already running system using Hypervisor. Like other parts, this part is really dependent to the previous parts so make sure to read them first. Overview In the 6th part, we’ll see how we can virtualize our currently running system by configuring VMCS, then we use monitoring features to detect execution of…

PacketScript overview: A Lua scripting engine for in-kernel packet processing

Shahriar 0

As I was surfing the net, trying to find a way to prototype network protocols or features in Linux. I stumbled upon PacketScript. PacketScript is the an implementation of the Lua VM inside Linux kernel. Such implementations aren’t new ,luak and lunatik have been existed for some time. However what makes PacketScript different is the ability to mangle network packets with Lua. Not just running Lua code in kernel. as a matter of fact PacketScript uses lunatik underneath as its…

Hypervisor From Scratch – Part 5: Setting up VMCS & Running Guest Code

Sina Karvandi 10

Introduction Hello and welcome back to the fifth part of the “Hypervisor From Scratch” tutorial series. Today we will be configuring our previously allocated Virtual Machine Control Structure (VMCS) and in the last, we execute VMLAUNCH and enter to our hardware-virtualized world! Before reading the rest of this part, you have to read the previous parts as they are really dependent. The full source code of this tutorial is available on GitHub : [https://github.com/SinaKarvandi/Hypervisor-From-Scratch] Note: Please keep in mind that…