Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/therealdreg/win.cerdalux

WinXPSP2.Cermalus on stereoids, supporting all 32 bits Windows version. Windows Kernel Virus stuff for noobs
https://github.com/therealdreg/win.cerdalux

32-bit assembler beginner-friendly educational-software hooking malware malware-development malware-research malware-sample masm32 noobs research reversing-challenge virus windows windows-kernel windows-kernel-malware

Last synced: 4 months ago
JSON representation

WinXPSP2.Cermalus on stereoids, supporting all 32 bits Windows version. Windows Kernel Virus stuff for noobs

Host: GitHub
URL: https://github.com/therealdreg/win.cerdalux
Owner: therealdreg
License: mit
Created: 2023-07-15T11:51:04.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2023-08-11T06:18:45.000Z (over 1 year ago)
Last Synced: 2024-05-01T15:58:52.693Z (9 months ago)
Topics: 32-bit, assembler, beginner-friendly, educational-software, hooking, malware, malware-development, malware-research, malware-sample, masm32, noobs, research, reversing-challenge, virus, windows, windows-kernel, windows-kernel-malware
Language: Assembly
Homepage: https://rootkit.es/
Size: 23.1 MB
Stars: 15
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

README

Win.Cerdalux

WinXPSP2.Cermalus on stereoids, supporting all 32 bits Windows version. Windows Kernel Virus stuff for noobs

based from WinXPSP2.Cermalus by Pluf/7A69ML https://github.com/therealdreg/WinXPSP2.Cermalus/

Are you an usermode malware reverser/researcher/developer wanting to get started with the windows kernel? Then this project is for you

[![CI](https://github.com/therealdreg/Win.Cerdalux/actions/workflows/cerdalux.yml/badge.svg)](https://github.com/therealdreg/Win.Cerdalux/actions/workflows/cerdalux.yml)

# FAQ

## What is Win.Cerdalux?

...

## How it works?

...

## What are the supported Windows versions?

...

# developer steps

- Clone this repo in C:\
- Download & install in C:\ **Masm32v11r** [/stuff/masm32v11r.zip](/stuff/masm32v11r.zip)
- Download & install in C:\ **RadASM-2.2.2.4-FullPackage.zip** [/stuff/RadASM-2.2.2.4-FullPackage.zip](/stuff/RadASM-2.2.2.4-FullPackage.zip)
- Add **C:\masm32\bin** to **%PATH%**
- Open **/source/cerdalux.rap** in Radasm2 IDE and Build All
- Done!

## debug build

![radasmdebugbuild](assets/radasmdebugbuild.png)

# To-Do

## General

- [ ] dropper with .ico (new logo)
- [ ] CI/CD implementation for testing
- [ ] Write documentation
- [ ] FAQ
- [x] port to Masm32v11r
- [x] create Radasm project
- [x] basic CI for wine https://github.com/therealdreg/dregs-masm32-wine

## Features

- [ ] Multi-core support: KeSetTargetProcessorDpc + KeInsertQueueDpc...
- [ ] Support newer Windows versions
- [x] Windows XP SP2
- [x] Windows XP SP3
- [ ] 64-bit support

# Credits

- Pluf/7A69ML original author WinXPSP2.Cermalus
- David Reguera Garcia aka Dreg

# Thx

- masm32 forum https://www.masm32.com/board/index.php
- https://www.masm32.com/
- RadASM2 repo by @mrfearless https://github.com/mrfearless/RadASM2
- 29a ezine https://www.exploit-db.com/ezines/kr5hou2zh4qtebqk.onion/29A/

# Variants

- https://github.com/therealdreg/WinXPSP2.Cermalus