Didier Stevens (Security Consultant, Contraste BV)

HITB LAB TITLE:  Windows x64: The Essentials

HITB LAB ABSTRACT:

In this 120 minute lab session, we will touch upon important differences between 32-bit and 64-bit Windows.

Did you know WoW64 (Windows 32-bit on Windows 64-bit), the system that allows you to run 32-bit applications on 64-bit Windows, presents applications with a different view on the file system and the registry?

Why wouldn’t you use a 32-bit AV program on x64 Windows, but can you compile a 64-bit application on a 32-bit machine?

Did you know 32-bit processes can’t load 64-bit DLLs and 64-bit processes can’t load 32-bit DLLs?

Did you know that x64 shellcode is significantly different from 32-bit shellcode because of the calling convention?

Here are some of the exercises for the workshop attendees:

• How to develop and inject an x64 DLL

• How to develop x64 shellcode

• How to develop and sign an x64 kernel driver

• How does WoW64 allow us to run 32-bit applications on a 64-bit system?

• How do we “break” out of WoW64?

ABOUT DIDIER STEVENS

Didier Stevens (Microsoft MVP Consumer Security, CISSP, GSSP-C, CCNP Security, MCSD .NET, MCSE/Security, RHCT, OSWP) is an IT Security Consultant currently working at a large Belgian financial corporation. He is employed by Contraste Europe NV, an IT Consulting Services company (http://www.contraste.com). In 2012, Didier founded his own company (http://DidierStevensLabs.com). You can find his open source security tools on his IT security related blog at http://blog.DidierStevens.com.