CYBERSEC 2021 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree

May 4-6 at Taipei Nangang Exhibition Center, Hall 2

Taiwan's Cybersecurity Researchers
701 Vulnerability Research Lab
  • May 6th (Thu)
  • 14:00 - 14:30
  • 7F 701H

Rebuild The Heaven's Gate: from 32 bit Hell back to Heaven Wonderland

Microsoft embeds a translation design named WoW64 (Windows 32 on Windows 64) used for running 32 bit PE (Portable Executable format) on 64 bit Windows. The design basically hosts every 32 bit PE file inside as a native standalone 64-bit process and translates every 32-bit system interrupt into a 64-bit syscall.


In this talk, we're going to talk about deep reversing engineering on WoW64 architecture how it does translations, and some uncovered issues about crossing-architecture could be abused in the wild.

General
APT CyberwarfareRed Team
Sheng-Hao Ma

Sheng-Hao Ma

Threat Researcher, TXOne Networks

Sheng-Hao Ma (aaaddress1) has over 10-year experience in reverse engineering, machine language, and Intel 8086. He has published articles about Windows vulnerability, and Reverse Engineering analysis, and was invited as a guest speaker at Black Hat Asia, DEFCON USA, VXCON, HITCON (Hackers In Taiwan Conference), CYBERSEC events, and more. 

On top of all this, Sheng-Hao Ma is a core member of CHROOT Security Group in Taiwan and is an instructor for HITCON and MOE (Ministry of Education) training course of Windows Exploit and Malware Analysis.