[Request] NTDLL Binaries

[Cypher]

Hey guys, I'm currently interested in implementing a SafeSEH bypass in my manual mapper (huge thanks to MaiN for helping with that), however right now there's no way that anybody can think of to support it properly without doing some nasty version-specific hacks.

So, I'm requesting all copies of NTDLL that you can get your hands on from XP SP3 onwards (if possible, both x86 and x64 bins would be great, but x86 only is fine, as that's the platform I'm pushing forward on the most at the moment), so I can analyze them and look for a reliable way to pattern scan for the unexported functions/data that I need access to in order to add my manually mapped modules to the SEH 'whitelist'.

Thanks in advance.

P.S. Source code to the mapper is available on the HadesMem SVN if you want to help contribute or check out the progress. Current work is being done under /branches/v1.0.0 (I haven't merged back to trunk in a while, so don't check out from there).

EDIT:

Thanks all. Current collection :
http://www.raptorfactor.com/misc/NTDLL/


Please keep in mind that even if you have a version that matches the build number, it may actually be different to what I have, because Microsoft does not bump that number for certain hotfixed/localized/etc versions, and the code I'm working on needs to be as generic as possible, so the more data I have the better, no matter how small the differences are. If you're unsure if it's different the quickest way is to check the file size (to the byte), but a more reliable method is a simple SHA-1 hash or similar.


I will keep the public archive online and maintained so others who are after this kind of data can access it.

[DrakeFish]

You probably already have this one, but you requested all of them, so here's mine from 7:
NTDLL 6.1.7601.17514 2010-11-20
Filebeam - Beam up that File Scottie!

Both system32 and SysWOW64 versions.

I don't have any XP available right now, as I'm at school

[DarkLinux]

A list of what is needed Geoff Chappell, Software Analyst - Viewer

[Kanyle]

XP SP3: MEGAUPLOAD - The leading online storage and file delivery service
Vista SP2: MEGAUPLOAD - The leading online storage and file delivery service

Both x86.

[Robske]

5.1.2600.3520
x86

[Cypher]

​Thanks guys. Keep 'em coming!

[namreeb]

32 and 64 bit 6.0.6002.1832:

Filebeam - Beam up that File Scottie!

[Cypher]

Woot. MOAR!

EDIT:

Stupid "You've given out too much rep in the last 24hr" message.

[namreeb]

32 bit 5.2.3790.4789:

Filebeam - Beam up that File Scottie!

[Cypher]

Because I spend far too much time on Reddit:

[namreeb]

32 and 64 bit 5.2.3790.4455:

Filebeam - Beam up that File Scottie!

[KOS0937]

XP 32bit 5.1.2600.5512 Filebeam - Beam up that File Scottie!
XP 32bit 5.1.2600.2810 Filebeam - Beam up that File Scottie!

Win7 current has already been upped.

[Cypher]

Thanks .

[Steveiwonder]

Versions from a 64 bit Windows Server 2008 R2.
Multiple different builds.

6.1.7600.16385
6.1.7600.16559
6.1.7600.16695
6.1.7600.20676
6.1.7600.20826
6.1.7601.17514

MEGAUPLOAD - The leading online storage and file delivery service

EDIT: Ignore the above.

Versions from:
Windows Server 2008 R2.
Windows XP (32Bit Only)
Windows 7

Multiple builds from the Server & Windows 7.

I dont know if there are any duplicates of the Windows 7 and Windows Server 2008 R2 builds, but all copies i have are in this zip:


http://www.megaupload.com/?d=COYWCPU1

[Cypher]

Versions from a 64 bit Windows Server 2008 R2.
Multiple different builds.

6.1.7600.16385
6.1.7600.16559
6.1.7600.16695
6.1.7600.20676
6.1.7600.20826
6.1.7601.17514

MEGAUPLOAD - The leading online storage and file delivery service

Thanks heaps!

Would you happen to have the 32-bit WoW64 binaries too? On 64-bit copies of Windows the 32-bit DLLs are stored in Windows\SysWoW64 (the 64-bit ones are obviously in Windows\system32).