zer0m0n & ReactOS Build Environment

Posted on Wed 14 September 2016 in zer0m0n by Jurriaan Bremer

Many of you will know zer0m0n, a kernel driver developed for Cuckoo Sandbox by Nicolas Correia, Adrien Chevalier, and Cyril Moreau. In particular, zer0m0n has been developed to improve the analysis capabilities of Cuckoo as well as to further hide its presence.

After almost three years of part-time development by the French guys, the time has come for the Cuckoo team to mainstream its integration and usage. However, as most if not all Cuckoo developers (and users) run Linux-based operating systems, it is preferable that we find a way to develop 32-bit and 64-bit Windows kernel drivers on Linux-based systems.

After reaching out to Alex Ionescu, the Windows kernel guru himself, I was informed that ReactOS has an entire ReactOS Build Environment (aka RosBE from now on). This was all pretty easy to get started with and I had built my own ReactOS kernel within the hour, or so. Unfortunately though, based on the limited resources available on this topic, currently it’s not possible to build a 64-bit ReactOS kernel on non-Windows based systems. Naturally this needs to be investigated, as ReactOS provides everything else that you will be needing for building Windows kernel drivers (API definitions, header files ...


Continue reading