all InfoSec news
Debugging Windows Isolated User Mode (IUM) Processes
Malware Analysis, News and Indicators - Latest topics malware.news
Introduction
A few months ago I wrote about two vulnerabilities I found in the TPM 2.0 reference implementation code. While trying to verify if the virtual TPM of Microsoft's Hyper-V was affected, I found that this virtual component runs as an Isolated User Mode (IUM) process, which means that it's not possible to attach a debugger to it, not even having elevated privileges.
After looking for information on how to debug this kind of processes, I found slices of …
code debugging found hyper-v implementation introduction microsoft mode process processes reference tpm tpm 2.0 verify virtual vulnerabilities windows