Samuel Tulach
@tulachsam
Followers
915
Following
13K
Media
32
Statuses
48
web: https://t.co/IcZoSJKtPf git: https://t.co/TKQZNpsQHp
Joined April 2020
Protecting processes PML4 address using a global kernel exception hook. Does not trigger PatchGuard and is compatible with HVCI. Bit unstable, does not handle any edge cases at all, just wanted to experiment with it a little. https://t.co/SzFA5kBUHa
Trying to implement "cr3 shuffling" used by some anticheats. Spend last 4 days going back and fourth between IDA and WinDbg. It works already, but after a while the system crashes :/
1
30
185
Submitted it to the official Hex-Rays plugins list as well. I hope they will eventually allow you to download and install plugins automatically from within IDA itself.
0
0
6
Pushed yet another small update to unxorer, this time improving performance by a bit (std::move skill issue)
2
0
24
Had some time, so I've added custom handling of few AVX2 instructions to unxorer. It now works with the popular xorstr library even with AVX being enabled.
0
0
18
> for no meaningful reason
@vxunderground I mean to be fair I think kernel mode anti cheat is a bad software pattern. It puts an unnecessary amount of risk in the kernel, for no meaningful reason. But I hear what you’re saying.
0
1
56
SecureFakePkg doing numbers... But in all seriousness, I hope they have basic checks to catch this and, at least for now, only kick people for it - since even those without intent to cheat might try it without realizing the possibility of getting banned.
Well, it's never too late, but it's finally good to see this happen, as it does impact cheats greatly. This is a good step in the right direction for the entire gaming ecosystem. Good job to both @CallofDuty and @Battlefield's anti-cheat teams for pushing towards a more secure
0
0
17
I have decided to release it now, even though it's still pretty much WIP. Not sure how soon I will get back to it, since it has already fulfilled its purpose of getting strings that I needed from huge memory dump.
Working on stack string resolver (very original, I know). It uses unicorn as backend and forces execution of all possible paths by saving/restoring emu state and forcing conditions on conditional jumps. (1/2)
1
4
54
More news coming to you from the soon-to-be-released IDA 9.2: we're taking the first step toward making development on top of #IDA more accessible—by open-sourcing the C++ SDK and IDAPython: https://t.co/Z1BfcZLW5d
#ReverseEngineering #DevTools #Infosec #Cybersecurity
hex-rays.com
We're taking the first step toward making development on top of IDA more open and accessible: we’re open-sourcing the C++ SDK and IDAPython.
6
60
254
Here is the source code of the test app and comparison to flare-floss. (2/2)
0
0
6
Working on stack string resolver (very original, I know). It uses unicorn as backend and forces execution of all possible paths by saving/restoring emu state and forcing conditions on conditional jumps. (1/2)
3
1
37
I wrote a small utility so that I can permanently get rid of Windows Defender in my test VMs (package installed with dism). I thought I will need to disable tamper protection in settings first and then run it, but... no?🤨
1
1
29
Here it is. Didn't have much time to test it out, but the basic functionality should be working. https://t.co/KH5Phv7qlP
Super cool project, if you haven't yet, check it out. I have started porting it over to Windows. After fighting with hacky macros and different handling of packed structures in MSVC, I've got everything working except the loading part (need to work on kmode component).
1
4
38
Seems to be working fine on stock install of both win10/win11. Not sure what's causing it to fail on my main install.
0
0
3
Found a signed and not blacklisted driver that allows read/write of MSRs, physical memory mapping and allocation of contiguous memory, it works on win10, but on win11 it fails to map the allocated memory region :/
3
0
6
Super cool project, if you haven't yet, check it out. I have started porting it over to Windows. After fighting with hacky macros and different handling of packed structures in MSVC, I've got everything working except the loading part (need to work on kmode component).
You can now jailbreak your AMD CPU! 🔥We've just released a full microcode toolchain, with source code and tutorials.
2
2
47
And ofc that I fix it right after posting it :)) (IRQL was overwritten in the hook chain, restoring it fixed it)
0
0
14
Trying to implement "cr3 shuffling" used by some anticheats. Spend last 4 days going back and fourth between IDA and WinDbg. It works already, but after a while the system crashes :/
1
2
49
Is this intentional or did @TheBattlEye just stopped stripping handle permissions for UnityCrashHandler64.exe for no reason? Pretty sure it did in the past...
0
0
17