This repository contains the code of some ancient system tools that I have written in my spare time, or when I was working for one of various old companies (I have received all the permissions to pubblish them).
They have been almost created for studying purposes, but they all work pretty good. Here is the list of included tools:
- x86 Memory Bootkit
A tool that enables Windows Vista/7/8/8.1 32-bit systems to use all the available physical memory (up to 64GB), thus removing the 4GB compatibility limitations. This tool include "Bootkits" technologies (compatible both with UEFI and BIOS) and a fully fledged Installer. Use it only for studying purposes. The first UEFI bootkit was written by me in the year 2012, and this code demonstrate that a company (Quarkslab) has stolen the project in the year 2013 without even mention me. By the way this was another story.
Full analysis link: https://news.saferbytes.it/analisi/2013/02/saferbytes-x86-memory-bootkit-new-updated-build-is-out/.
The project has been abandoned in the fall of year 2013.
Thanks to Marco Giuliani (@eraserhw) for allowing me the pubblication.
- Windows 8 AppContainers
This tool was designed to study the AppContainers architecture of the new (at that time) Windows Operating System and was ONLY a draft. It includes an Appcontainer command-line launcher app, a Test Application, and a tool that peek inside some of the Windows 8 security features.
Full analysis link: https://news.saferbytes.it/analisi/2013/07/securing-microsoft-windows-8-appcontainers/.
The project has been abandoned in the fall of year 2013 (after the complete analysis paper has been delivered).
This project has been developed while working in SaferBytes. Again, thanks to Marco Giuliani (@eraserhw) for allowing me the pubblication.
- PeRebuilder
This application is the only one that is actually still supported in the present days. It is a tool that is able to help malware researches that always dump a complete PE file (Portable Executable) from memory using a debugger (like WinDbg, and NOT Ollydbg :-), just kidding right now...). The tool is able to automatically reconstruct the PE, and save it in a form that the Windows Loader is able to run (fixing the file alignment, relocating each section, fixing the Import address table, and so on...)
If you are a security enthusiast or a malware anlyst give it a try and, if you need some support or you have some new ideas, feel free to reach me at [email protected].
- Talos Hypervisor
The original Hypervisor that I wrote for Talos in the year 2015. It was originally an internal project, but now I got the authorization to publish it. The hypervisor is only a skeleton and lacks some features like the usage of EPTs, but could be useful as a starting point.
This project is similar to others created by external security researchers and friends:
The "bin" folder of this repro contains the compiled binaries created from the source code. Use them at your own risk.
All the tools and code included in this repository are distributed using the "AaLl86" license :-). So, basically, you are free to use, redistribute and modify the code BUT only under the following conditions:- Mention the original project
If you plan to include some of the code that you have found here, or if you get the inspiration for a new tool based on the concepts expressed here, you need to mention the original author in your code/publication (me in this case) - Don't harm anyone
The concepts and code stored in this repository could produce bad effects if used in the wrong way. I do not want anybody doing malicious things with it. If so, I will immediately DELETE all the code and not publish anything anymore.
Last revision: 11/11/2023 (Autumn :-))
by AaLl86