W^X policy violation affecting all Windows drivers compiled in Visual Studio 2013 and previous

Back in June, I was doing some analysis on a Windows driver and discovered that the INIT section had the read, write, and executable characteristics flags set. Windows executables (drivers included) use these flags to tell the kernel what memory protection flags should be applied to that section’s pages once the contents are mapped into… Read More W^X policy violation affecting all Windows drivers compiled in Visual Studio 2013 and previous

Preventing executable analysis – Part 1, Static Analysis

In this series of posts, I’m going to discuss executable analysis, the methods that are used and mechanisms to prevent them. There are three types of analysis that can be performed on executables: Static – Analysis of the sample file on disk. Emulated – Branch and stack analysis of the sample through an emulator. Live… Read More Preventing executable analysis – Part 1, Static Analysis