"Abusing the NT Kernel Shim Engine" by Alex Ionescu at REcon 2016

Channel:
Germany ReactOS Community
Subscribers:
8,140
Published on ● Video Link: https://www.youtube.com/watch?v=qCa9icMqBNM


Duration: 59:49
3,454 views
57

"Abusing the NT Kernel Shim Engine" by Alex Ionescu at REcon 2016
This video was provided by Sébastien Duquette and http://recon.cx.
This video is licensed under Creative commons CC-BY.

The Kernel Shim Engine is the kernel’s analogue to the user-mode shim engine (ShimEng). Although the latter now has had some pretty good research done on it, the KSE remains a mystery. First introduced in Windows XP as merely a Plug-and-Play compatibility layer for custom registry flags, it morphed into a nearly-full blown Shim Engine implementation, with the ability to misuse it for both persistence and stealth hooks in the kernel. In this talk, you’ll learn how to use the KSE for hooking drivers (dispatch tables, IRPs, and entrypoints) as well as kernel APIs both legitimatelly and illegitimately. You’ll also see some WinDBG scripts & techniques for detecting and enumerating installed kernel shims for forensic purposes. Finally, a tool called DriverMon is planned for release at the conference, which uses the KSE to provide ProcMon for Drivers.



Other Videos By ReactOS Community


2017-02-08Installation Of New Trunk Build Of ReactOS And Testing Pinball Game
2017-02-08Rayman Demo running in the ReactOS NTVDM
2017-02-08Testing 3 random programs in ReactOS - Episode 2
2017-02-07Testing the Flash Player Plugin in Firefox, running in ReactOS
2017-02-07Testing 3 random programs in ReactOS - Episode 1
2016-12-25Christmas Special-ReactOS On 1920x1080
2016-12-02Some old games in 0.4.3: Chicken Invaders & NFS II SE.
2016-11-28ReactOS Evolution (0.2.0 To 0.4.3)
2016-10-26Printing on ReactOS!
2016-10-20'Hooking Nirvana" by Alex Ionescu at REcon 2015
2016-10-19"Abusing the NT Kernel Shim Engine" by Alex Ionescu at REcon 2016
2016-10-15"The Linux Kernel Hidden Inside Windows 10" techtalk by Alex Ionescu
2016-10-13Finally GOG Galaxy works in ReactOS (from the build 72966)
2016-10-11Clive Barkers Undying 2001 gameplay in ReactOS r72904
2016-09-22ReactOS running on General Dynamics Itronix GoBook III IX260+ Military Laptop
2016-09-03ReactOS 0.4.2+ and Blender 2.76
2016-09-01Drawing something in PaintTool SAI and ReactOS
2016-09-01Finally it is possible to run Windows 3.11 in ReactOS
2016-08-29Descent 2 dos game installation and gameplay in ReactOS 0.4.2+
2016-08-10ReactOS r72167: playing with FirefoxOS
2016-05-29Doom 3 + Resurrection of Evil + 1.3.1 patch on ReactOS


Tags:
reactos
libre software
free software
free operating system
libre operating system
windows nt
windows 10
winehq
open source
gpl
bsd license