IMPORTANT:
This section is not updated anymore and contains mostly really old stuff kept as an archive.
If you're interested about new stuff it's best to visit either j00ru's or gynvael's blogs.
(rss/atom is imported into the news subpage of this site as well)

Applications

Float Tracer
code by j00ru

The main aim of Float Tracer is to monitor the specific process' execution and log the occurences of FPU instructions, showing its dissassembly, address, optionally modified STx value etc.
It can also mark the immediate values you specify, as well as instructions, value ranges of ST0-ST7 registers, and so on :)

Current version: 0.0.1 (published 2008-01-28)
tracer_0.0.1.zip

ExcpHook Windows Exception Monitor
code by gynvael.coldwind

ExcpHook is an open source (see license.txt in archive) exception monitor that uses kernel mode to monitor for user mode exceptions.
This software is provided AS IS. The author does not guarantee that this program works, is bugfree, etc. The author does not take any responsibility for eventual damage caused by this program. Use at own risk.

Current version: 0.0.5-rc2 (published 2009-02-03)
ExcpHookMonitor_0.0.5-rc2.zip (read more)
ExcpHookMonitor_0.0.4.zip


Discovered vulnerabilities

Gadu-Gadu 7.7 [Build 3725] and Tlen IM's 6.00.2.69 Multiple Low/Med Vulnerabilities
discovered by j00ru, disclosed 2008-07-02

Related security advisory

FireFox 2.0.0.11 and Opera 9.50 beta Remote Memory Information Leak
discovered by gynvael.coldwind, disclosed 2008-02-16

Related security advisory

SDL_Image 1.2.6 GIF Buffer Overflow
discovered by gynvael.coldwind, disclosed 2008-01-23

Related security advisory
DoS PoC GIF file

Opera 9.50 beta and 9.24 Remote DoS
discovered by gynvael.coldwind & Simey, disclosed 2007-12-05

Related security advisory

Gadu-Gadu 7.7 [Build 3669] Buffer Overflow Vulnerability
discovered by j00ru, disclosed 2007-11-22

Exploitation article (published 2007-12-07)
Related security advisory
Successful exploitation video

WinImage 8.10 Multiple Vulnerabilities
discovered by j00ru, disclosed 2007-08-15

Related security advisory


Research papers and other

DLL Spoofing (in polish)
paper by gynvael.coldwind, originaly published 2006-08-28, reuploaded 2008-02-15

Read the paper

Microsoft VirtualPC 2004 [build 528] Detection
research by gynvael.coldwind, published 2006-08-02

Read the paper


Publications

See also our other publications.

Articles

Comic