Windows Event Logger + HyperDbg

18 views

Skip to first unread message

kevin larson

unread,

Sep 21, 2010, 6:44:00 PM9/21/10

to hype...@googlegroups.com

Hey, I was wondering if it would be possible to interact with the windows event logger from within HyperDbg. I want to scrape the data from a userspace program, and I was wondering if you had ever considered using Windows Events in conjunction with HyperDbg. I have my doubts about events working when HyperDbg is active, and figured this would be the place to ask.
-Kevin

Aristide Fattori

unread,

Sep 28, 2010, 2:40:29 PM9/28/10

to hype...@googlegroups.com

Hi Kevin,

sorry for late, these have been some very busy days :-/

Yes, we considered that :-) Our idea was to use an user-space program
that waits for notifications from hyperdbg and then takes car of
interacting with windows event logger. We already developed and
deployed a stub user-space --> hyperdbg communication scheme through
the use of VMCALL instruction. In a couple of weeks I (hopefully) will
be able to get back to the code and I am planning to implement some
more "user-space to hypervisor" functionalities :-)

Cheers,
Aristide

--
GnuPG Key on keyserver.pgp.com ID 0x25578128
http://security.dico.unimi.it/~joystick/

Reply all

Reply to author

Forward

0 new messages