A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about user-mode development.
 #16625  by STRELiTZIA
 Thu Nov 15, 2012 10:18 am
Hello,

Please, try to run these both attached samples, for those who have Windows 7 SP1 real machine.

I coded and modified these two samples for my own tests...

01- poc.exe: displays window GUI.
02- iMessageBox.exe: displays message box.

My tests result:
1- On Windows Xp Sp3 Real machine: samples run.
2- On Windows 7 Sp0 Virtual machine: samples run.
3- On Windows 8 Developer preview Virtual machine: samples run.

Regards.
Attachments
no password
(927 Bytes) Downloaded 33 times
 #16626  by EP_X0FF
 Thu Nov 15, 2012 10:29 am
None of them display anything. Win7 sp1 x64.

Size of header = 1b0, no sections - nothing to load.
 #16638  by EP_X0FF
 Fri Nov 16, 2012 9:06 am
Windows loader base algorithms works slightly different in x64 versions of Windows. In x86 it will run. Maybe we should move this discussion into public forums? There is nothing really private in tiny PE. http://www.phreedom.org/research/tinype/