Here is a working source code to exploit iPhone. You might use this code to do some evil things like jailbreak, blah,blah,blah.

 Download the code here!

Please click here to download dcopy

A screen shot of dcopy:

(continue reading…)

这是我2003年写的一个老古董软件，当时是参考Codeproject一篇文章写的，今天整理电脑的时候居然发现了那份源代码。我重新编译了一下，放出来，说不定有同志需要。

功能介绍：

DirMon的功能类似于FILEMON，不同之处在于DirMon是通过调用ring 3的函数来实现目录的监控，指定目录下的所有写操作包括文件的添加，删除和修改都会被记录下来。

DirMon操作简单，使用方便，占用系统资源少。但DirMon并不是一个底层的驱动级监控工具，只是一个应用层的小监控工具，这个软件已经到此为止了，放在这里或许只是为了纪念。

请点此处下载DirMon。

此使用说明基于SysReveal v1.0.0.63，后续版本还会陆续进行更新。

SysReveal概述

功能简介

SysReveal是一个适合高级用户使用的系统扫描和病毒检测工具。SysReveal提供诸多强有力的功能来检查系统中可能存在的威胁，辅助用户进行病毒检测和系统修复。SysReveal的主要功能包括系统进程管理，系统驱动管理，内核信息管理，网络连接管理，系统启动管理，文件管理，注册表管理。所有这些功能都是通过系统的底层接口实现，从而有效的防止病毒以及ROOTKIT通过各种方式进行隐藏和保护。

运行环境

SysReveal可在以下32位操作系统环境下正常运行：

• Windows XP
• Windows Server 2003
• Vista
• Windows 7
• Windows Server 2008

SysReveal不支持以下操作系统：

• Windows 95/98/ME
• Windows 2000
• 所有64位操作系统

(continue reading…)

EICAR 2010: RAINY DAYS IN PARIS

Eddy Willems

G Data Software and EICAR, Belgium

The 19th EICAR conference took place last month in the heart of the beautiful city of Paris at the école Supérieure d’Informatique, Electronique, Automatique (ESIEA). The second International Alternative Workshop on Aggressive Computing and Security (iAWACS’10) was held immediately before the conference at the same venue, and EICAR delegates were also able to attend this event. iAWACS’10 included workshops on smart cards and crash courses on securing PLC networks, but the most noteworthy item on the agenda was the anti-virus evaluation challenge ‘PWN2KILL’, the aim of which was to attempt to bypass anti-virus software and evaluate its effectiveness in practical terms. A technical summary is available on the iAWACS website. [David Harley shares his views on the challenge on p.2 – Ed.]

GETTING STARTED

After an official EICAR members meeting and welcome party on the Sunday evening, the real meat of the conference began on Monday morning with an opening address from the chairman of EICAR, Rainer Fahs, continuing with a keynote from Christophe Devine – better known as the father of ‘Aircrack’ – about problems related to AV testing. He described a series of tests and rated their usefulness. Devine believes that, in most cases, careful inspection reveals no real winners, and several tests are not even relevant to the real world. He proposed an initiative called AVerify, an open-source anti-virus test suite which would facilitate the creation of reproducible, more reliable tests. AVerify would be inspired by the EICAR test file, maintained independently of EICAR but following the same code of conduct.

(continue reading…)

I will attend EICAR 2010 in Paris from 7th May to 15th May. Wish I could lucky enough to meet some guys who are also interested in ARK and have tried SysReveal.

在重写SysReveal文件系统解析的工程中，我参考了ReactOS freeldr fs部分的代码，NTFS-3G以及FatFS。其他又参看了PEDIY论坛sudami以及ProgmBoy的提供的一些代码。

(continue reading…)

(Original URL: http://www.citforum.ru/operating_systems/windows/ntfs/)

Artem Baranov

Content

General

General concepts NTFS

Table MFT

Attributes

Catalogs

Common attributes

Links

 

(continue reading…)

Windows操作系统的注册表里面保存着诸多的系统数据，其中病毒和恶意软件主要会关注启动项以及一些重要的注册表项。而这些注册表项的集合可谓是条目繁多，这为注册表清理工具带来了很大的难度。基于扩展性的考虑，SysReveal在新的版本里面通过让用户自定义XML的方式以支持清除更多的注册表项。以下是一个简单的例子。

< ?xml version="1.0" encoding="GB2312">
<sysrevealstartups version="1.0" name="All Section" icon="AUTO_ALL">
  <category name="自启动项" icon="AUTO_ALL">
    </category><category name="AppInit" icon="AUTO_DLL">
      <item Attributes="STRINGLIST" Key="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows" Value="Appinit_Dlls"/>
    </category>
 
</sysrevealstartups>

(continue reading…)

现在的过年早已没有小时候过年的美好感觉了，但好歹不用舟车劳顿，算是好好休息了几天。中间抽了点时间做了个SysReveal检查启动的界面，没太多技术含量，但是既然别人都有，我也就加上了，计划到月底或者下月初完成，顺便会把上个版本的BUG一起修一下。

(continue reading…)