• SecureWorks Research
• Counter Threat Unit
• Threat Analyses
• Research Blog
• Newsletter
• Webcasts
• Security Tools
• Articles
• Security

• Home
• Research
• Windpl

Wind Pill

Author(s)
Joe Stewart

Latest Version
1.0

Description
This tool assists in automating the tasks involved in debugging the Windows kernel. The use of a cross-platform scripting language means they can work from UNIX or Linux operating systems, thus not having to be tied to Windows tools. Stewart developed the tool in order to make researchers’ jobs easier while working with the Windows kernel, giving the researcher the ability to debug the Windows kernel code, read and write virtual and physical memory addresses and parse undocumented structures in an easier way. One possible job that can be made easier with this tool is automating the process of pulling userland-injected code out of kernel-level malware, With this tool, a null modem cable, and some Perl and Windows kernel knowledge, they could script it in just a few hours, whereas if they were using traditional kernel debugging tools under Windows, automating the process could take much longer.

License Agreement

Copyright (C) 2007 SecureWorks, Inc. This program is free software subject to the terms of the GNU General Public License. You can use, copy, redistribute and/or modify the program under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. You should have received a copy of the GNU General Public License along with this program. If not, please see http://www.gnu.org/licenses/ for a copy of the GNU General Public License. The program is subject to a disclaimer of warranty and a limitation of liability, as disclosed below. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR, CORRECTION OR RECOVERY FROM DATA LOSS OR DATA ERRORS. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS

Agree and Download WindPl

Please note that SecureWorks cannot provide support for these tools, but feedback is appreciated.

Online Tools

Info Request

*First Name:
*Last Name:
*Company:
*Telephone:
*Email:
*Country:
*State/Province:

Comments