Create your own filesystem and mount it as either a logical drive or folder. Dokan (https://github.com/dokan-dev/dokany)
Below a simple command line to mount a zip archive on X:
mount.exe /r test.zip /l x /x proxy_7zip.dll
Mount.exe is a generic code/binary independant of the filesystem you wish to create.
The filesystem is implemented in a proxy/dll.
Source code and binaries is available here.
7zip proxy example is here.
NFS proxy example is here.
I had done a few proxies for ImDisk in the past based on the libyal libraries (vmdk, qcow, vhd, ewf).
This time, as the VDI image format is quite simple, I made my own proxy for VDI images.
Imdisk + Discutils could achieve the same except that discutils requires .Net 4.0 which is not always available.
As always the command line :
Download/Discuss here.
A demo to run a encrypted xored encrypted PE within the memory of another PE (and therefore possibly bypass anti virus softwares)
See https://github.com/erwan2212/XOR-freepascal about xoring / encrypting a file.
Code is currently set to use cmd.exe (x86/x64) as target host.
host32.exe/host64.exe are also provided in the zip if you wish the modify the code to use a « neutral » host.
Source code and binaries can be found here.
Clonedisk can now create Microsoft Virtual Hard Disks with different sector sizes (logical and physical).
Furthermore, while creating a new VHD, Clonedisk can also create the partition on the fly.
I have added Netcat as a mean to backup/restore over the network.
See possible netcat commands here.
I have added a 2 extra formats in latest version : VHD/VHDX and LZ4.
VHD/VHDX is using MS virtual disk API and LZ4 is using opensource LZ4 library.
While at it, I also added extra WIM compression methods (LZX and LZMS).
LZ4 is quite interesting as in some cases it is faster to compress thru LZ4 compared to using a RAW format and this despite the CPU overhead.
LZ4 files generated by Clonedisk are compatible with LZ4.exe.
How to rebuild libvmdk (and possibly any VC project) so that it depends on msvcrt.dll and no longer on msvcrtxxx.dll.
Copy/paste from this post for archiving.
-first install VC2008 express (but should be OK with VC2010 express and possibly newer VS platforms)
-install WDK 7.1
-modify your VC2008 IDE settings search paths (include and libraries) by adding WDK 7.1 paths first in the list
-add msvcrt « legacy translator » library (msvcrt_win2000.obj) to Linker -> Input -> Additional Dependencies for both DLL projects (zlib and libvmdk)
-add specific preprocessor definitions to zlib project :
vsnprintf=_vsnprintf;snwprintf=_snwprintf;open=_open;read=_read;close=_close;write=_write
And voila 
You should end up with the below, i.e a dependency to a msvcrt.dll
Following some notes around netcat here and here.
Some extra commands to backup a disk over the network :
-listen on port 9000 and dump the raw file
nc -v -l -p 9000 > dump.img
(restore with nc -v -l -p 9000 < dump.img)
-same but compressed with lz4 via stdin
nc -v -l -p 9000 | lz4.exe -1 stdin -f dump.lz4
(restore with lz4 -l -c dump.lz4 | nc -v -l -p 9000
and not with nc -v -l -p 9000 -e « lz4.exe -c dump.lz4 »)
-the same but with 7zip
nc -v -l -p 9000 | 7z a dump.7z -si
(restore with 7z e dump.7z -so | nc -v -l -p 9000)
-the same but with bzip2
nc -v -l -p 9000 | bzip2 -z > dump.gz
(restore with bzip2 -cd < dump.gz | nc -v -l -p 9000)
lz4 can be downloaded here.
bzip2 can be downloaded here.
7-zip can be downloaded here.
netcat can be downloaded here.
A few days ago, I have shared a, command line, layer 3 network sniffer based on windivert (netdump here).
The command line version offers a few options like capture or not, choose the network layer or the forward layer, etc …
Thus, sometimes it is also nice to have a simple(« start/stop ») GUI.
Now done.
Source code and binaries here on github as usual…
This version will automatically save the capture to a dated pcap file.
An interesting article about how to perform a network capture when no tools are installed locally.
Here.
In short, example :
1-netsh trace start capture=yes Ethernet.Type=IPv4 IPv4.Address=157.59.136.1
2-netsh trace stop
3-get your capture in %userprofile%\AppData\Local\Temp\NetTraces\NetTrace.etl
-open with Microsoft’s Message Analyzer app
or
-convert it with
$s = New-PefTraceSession -Path “C:\output\path\spec\OutFile.Cap” -SaveOnStop
$s | Add-PefMessageProvider -Provider “C:\input\path\spec\Input.etl”
$s | Start-PefTraceSession