Are 64-bit OS malware proof?

 

Preface:

As we known, computer process direct work with Kernel (Ring 0) is quite dangerous. More realistic to say is that Real mode, also called real address mode, is an operating mode of all x86-compatible CPUs. Real mode provides no support for memory protection, multitasking, or code privilege levels. Windows 95 executes drivers and process switching in ring 0, while applications, including API DLL such as kernel32.dll and krnl386.exe are executed in ring 3.

We found trick on Windows 10. For instance,  you are allow to run 16 bit application on 32 bit (Window 10) operating system. But not allow to run 16 bit application on 64 bit (Windows 10) OS.

Why? A processor limitation of 64 bit OS to execute (non-protected mode) 16-bit code. The 64-bit versions of Windows include 32-bit protected mode runtime libraries, but do not include any 16-bit protected mode runtime libraries. But how’s the mystery allow execute a Dos command prompt on 64-bit (Windows 10)OS? The Dos emulator make the magic.

The kernel of windows 10 is located at top of memory. The 64 bit OS of memory support 3.5GB RAM above, hacker have difficulties to find out the kernel process finger print in memory. Apart from that, the 64 bit operating system Kernel executable not direct reachable! Since it can’t communicate with kernel directly. Therefore a common criteria consensus 64 bits OS is malware proof.

Have you heard the weakness of superman? Kryptonite are able to reduce his power?

The origin story of Superman relates that he was born on the planet Krypton. Kryptonite is a radioactive mineral from Krypton. It was produced during explosion of Krypton. Kryptonite are able to reduce superman power. A similar scenario of 64 bit OS system. Since Kernel executable not reachable. However PAGE TABLE is loaded below 4GB. So it is possible to do the follow concept to unlock windows 10.

Viewing and Editing Registers in WinDbg

Solution: Self-ref entry technique

Reference: In 32 bits, this entry is usually located in the PAGE DIRECTORY, even with PAE enabled.
In 64 bits, this entry is located in the PML4

  • CPU CR3 register point to physical address (PA) of PML4
  • PML4(entry) point to PA of PDPT
  • PDPT(entry) point to PA of PD
  • PD(entry) point to PA of PT
  • PT contains Page Table Entries

As a result a re-used entry in the four paging levels, which means that this is used by the CPU as PML4 entry, PDPT entry, Page Directory entry and Page Table entry at the same time.

Busy this week, allow for me to complete the remaining part next week, Sorry!

40 thoughts on “Are 64-bit OS malware proof?”

  1. Some us know all relating to the compelling medium you present powerful steps on this blog and therefore strongly encourage contribution from other ones on this subject while our own child is truly discovering a great deal. Have fun with the remaining portion of the year.

  2. Howdy very nice site!! Guy .. Beautiful .. Wonderful .. I’ll bookmark your web site and take the feeds additionally¡KI’m happy to search out so many useful info right here within the submit, we want develop more strategies in this regard, thanks for sharing. . . . . .

  3. What i don’t understood is in fact how you’re now not really a lot more neatly-favored than you may be right now. You are very intelligent. You know therefore considerably on the subject of this topic, made me personally imagine it from so many various angles. Its like men and women don’t seem to be involved unless it is something to do with Lady gaga! Your personal stuffs great. All the time deal with it up!

  4. Wow, amazing blog layout! How long have you been blogging for? you made blogging look easy. The overall look of your web site is magnificent, as well as the content!

  5. Thanks , I’ve just been searching for information approximately this topic for a while and yours is the best I have found out so far. But, what about the bottom line? Are you sure concerning the source?

  6. you’re in point of fact a good webmaster. The site loading speed is amazing. It seems that you’re doing any distinctive trick. In addition, The contents are masterwork. you have done a wonderful task on this matter!

  7. Thanks for your handy post. As time passes, I have been able to understand that the particular symptoms of mesothelioma are caused by your build up of fluid regarding the lining on the lung and the breasts cavity. The illness may start within the chest vicinity and get distributed to other areas of the body. Other symptoms of pleural mesothelioma include losing weight, severe inhaling and exhaling trouble, a fever, difficulty swallowing, and swelling of the face and neck areas. It ought to be noted that some people existing with the disease never experience any serious symptoms at all.

  8. Its such as you learn my thoughts! You appear to grasp so much about this, such as you wrote the e-book in it or something. I think that you just can do with a few to power the message home a bit, but instead of that, that is fantastic blog. A fantastic read. I’ll definitely be back.

  9. I was suggested this website by my cousin. I’m not sure whether this post is written by him as no one else know such detailed about my trouble. You’re incredible! Thanks!

  10. I precisely desired to thank you so much yet again. I’m not certain the things that I could possibly have done in the absence of the actual opinions documented by you relating to this concern. It became a real distressing setting in my circumstances, but noticing the very expert strategy you treated that took me to leap for happiness. Now i am happy for this help and then pray you comprehend what a powerful job your are carrying out instructing people via a web site. Probably you’ve never met any of us.

  11. Normally I don’t read post on blogs, however I would like to say that this write-up very compelled me to take a look at and do it! Your writing style has been surprised me. Thank you, quite nice post.

  12. Fantastic goods from you, man. I have understand your stuff previous to and you’re just too excellent. I really like what you’ve acquired here, really like what you’re saying and the way in which you say it. You make it enjoyable and you still take care of to keep it sensible. I can not wait to read much more from you. This is actually a tremendous website.

  13. To be sure with all your thoughts here and I love your blog! I’ve bookmarked it to ensure that I am able to come back & read more in the future.

  14. I haven¡¦t checked in here for a while because I thought it was getting boring, but the last few posts are good quality so I guess I will add you back to my everyday bloglist. You deserve it my friend 🙂

  15. Useful info. Fortunate me I found your site by chance, and I am shocked why this twist of fate didn’t happened in advance! I bookmarked it.

  16. Hello there, I discovered your website by means of Google while searching for a similar topic, your website got here up, it seems to be good. I have bookmarked it in my google bookmarks.

  17. I simply wanted to write down a quick word to say thanks to you for those wonderful tips and hints you are showing on this site.

  18. It’s always so sweet and also full of a lot of fun for me personally and my office colleagues to search your blog a minimum of thrice in a week to see the new guidance you have got.

  19. Those guidelines additionally worked to become a good way to recognize that other people online have the identical fervor like mine to grasp great deal more around this condition.

  20. I simply wanted to thank you so much again. I am not sure the things that I might have gone through without the type of hints revealed by you regarding that situation.

  21. I discovered your blog site web site on the search engines and appearance a few of your early posts. Preserve the excellent operate. I simply extra your Feed to my MSN News Reader. Seeking forward to reading much more from you afterwards!…

  22. greatwonderfulfantasticmagnificentexcellent issuespoints altogether, you justsimply wongainedreceived a logoemblembrand newa new reader. What maymightcouldwould you suggestrecommend in regards toabout your postsubmitpublishput up that youthat you simplythat you just made a fewsome days agoin the past? Any surepositivecertain?

  23. Woah! I’m really loving the template/theme of this website. It’s simple, yet effective. A lot of times it’s very hard to get that “perfect balance” between superb usability and appearance. I must say that you’ve done a awesome job with this. In addition, the blog loads extremely fast for me on Chrome. Excellent Blog!

  24. Today, I went to the beach with my kids. I found a sea shell and gave it to my 4 year old daughter and said You can hear the ocean if you put this to your ear. She put the shell to her ear and screamed. There was a hermit crab inside and it pinched her ear. She never wants to go back! LoL I know this is completely off topic but I had to tell someone!

  25. Wow, amazing blog layout! How long have you been blogging for? you made blogging look easy. The overall look of your site is great, as well as the content!

  26. I’ve been absent for a while, but now I remember why I used to love this blog. Thanks, I will try and check back more often. How frequently you update your site?

  27. (It has been simply incredibly generous with you to provide openly what exactly many individuals would’ve marketed for an ebook to end up making some cash for their end, primarily given that you could have tried it in the event you wanted.

  28. I wantedI neededI want toI need to to thank you for this greatexcellentfantasticwonderfulgoodvery good read!! I definitelycertainlyabsolutely enjoyedloved every little bit ofbit of it. I haveI’ve gotI have got you bookmarkedbook markedbook-markedsaved as a favorite to check outto look at new stuff youthings you post…

  29. Amazing article ! Extremely useful and helpful that’s provide with the useful information ,

  30. Needed to compose you a very little word to thank you yet again regarding the nice suggestions you’ve contributed here.

  31. NiceExcellentGreat blogweblog hereright here! AlsoAdditionally your websitesiteweb site a lotlotsso muchquite a bitrather a lotloads up fastvery fast! What hostweb host are you the use ofusingthe usage of? Can I am gettingI get your associateaffiliate linkhyperlink for youron yourin yourto your host? I desirewantwish my websitesiteweb site loaded up as fastquickly as yours lol

  32. If you are going for bestmost excellentfinest contents like meI domyself, onlysimplyjust visitgo to seepay a visitpay a quick visit this websiteweb sitesiteweb page everydaydailyevery dayall the time becausesinceasfor the reason that it providesoffersgivespresents qualityfeature contents, thanks

  33. I and my friends were going through the pleasant, helpful suggestions from the blog then the sudden came up with a horrible suspicion I never expressed regard to the website owner for those secrets. {

  34. Hello! Someone in my FB group shared this website with us so that I came to give it an appearance. I am enjoying the information. I’m bookmarking and will soon be tweeting this for my followers! Wonderful site and amazing design and style.

  35. This website is amazing. I will tell about it to my friends and anybody that could be interested in this subject. Great work guys!

  36. It is great to encounter a site every once in a while that is not the same from date rehashed material. Fantastic read.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.