A forum for reverse engineering, OS internals and malware analysis 

Search found 1105 matches

 Go to advanced search

Re: My AV says my router is infected

 by rkhunter ¦  Mon Feb 25, 2019 3:07 pm ¦  Forum: Newbie Questions ¦  Topic: My AV says my router is infected ¦  Replies: 6 ¦  Views: 710

Try to reboot your router.

Google Chrome runs much processes

 by rkhunter ¦  Fri Oct 26, 2018 11:55 am ¦  Forum: General Discussion ¦  Topic: Google Chrome runs much processes ¦  Replies: 0 ¦  Views: 1132

Just FYI, I have published a blog post named "Why Google Chrome runs so much processes". It is an attempt to find answer why the browser is using much number of processes for own purposes, even if a user has opened only one or two active tabs. https://artemonsecurity.blogspot.com/2018/10/why-google-...

Re: Articles

 by rkhunter ¦  Sun Sep 30, 2018 8:45 pm ¦  Forum: Reverse Engineering and Debugging ¦  Topic: Articles ¦  Replies: 33 ¦  Views: 113078

My docs (actually a set of web-links) that I'm using every day for security reasons. - Security related pages/docs for MS, Apple, Google, Adobe, Intel. - Wide set of information about speculative execution side channel flaws that I carefully have collected from the beginning of the year. - Actual in...

Microsoft published MS-DOS source code

 by rkhunter ¦  Sun Sep 30, 2018 8:33 pm ¦  Forum: Tools/Software ¦  Topic: Microsoft published MS-DOS source code ¦  Replies: 1 ¦  Views: 1732

Re: Entry point for calling DriverEntry at ntoskrnl (Win10)

 by rkhunter ¦  Wed Aug 22, 2018 11:17 am ¦  Forum: Kernel-Mode Development ¦  Topic: Entry point for calling DriverEntry at ntoskrnl (Win10) ¦  Replies: 3 ¦  Views: 3193

Thx. I've analyzed it without applying structures and Hex-Rays. Looked for call [register+offset] and forgot about _guard_dispatch_icall.

Entry point for calling DriverEntry at ntoskrnl (Win10)

 by rkhunter ¦  Tue Aug 21, 2018 6:09 pm ¦  Forum: Kernel-Mode Development ¦  Topic: Entry point for calling DriverEntry at ntoskrnl (Win10) ¦  Replies: 3 ¦  Views: 3193

Hi all.

Does anyone remember what function at NT kernel in Win10 responds for calling DriverEntry for loading drivers? I can't find any footprints in IopLoadDriver.

Re: Undocumented structures for W2k-Win10

 by rkhunter ¦  Sat Jan 13, 2018 7:14 am ¦  Forum: Kernel-Mode Development ¦  Topic: Undocumented structures for W2k-Win10 ¦  Replies: 21 ¦  Views: 74878

Win10 RS3 (1709) + KB4056892 (Spectre/Meltdown update and KPTI) ntoskrnl pdb and structures

Question about Spectre vulnerability mitigation

 by rkhunter ¦  Fri Jan 12, 2018 6:58 pm ¦  Forum: Reverse Engineering and Debugging ¦  Topic: Question about Spectre vulnerability mitigation ¦  Replies: 0 ¦  Views: 5214

Guys, I have little question about Spectre#1 mitigation in Win10 kernel.

For what Win10 kernel trap handlers were updated with LFENCE instructions? As I understand Spectre#1 can't allow Ring 3 code to read kernel memory or to be executed as Ring 0. Or I'm wrong?

Re: Backdoor Andromeda (waahoo, alias Gamarue)

 by rkhunter ¦  Wed Dec 06, 2017 2:33 pm ¦  Forum: Malware ¦  Topic: Backdoor Andromeda (waahoo, alias Gamarue) ¦  Replies: 129 ¦  Views: 194301

Re: Undocumented structures for W2k-Win10

 by rkhunter ¦  Mon Oct 30, 2017 11:08 am ¦  Forum: Kernel-Mode Development ¦  Topic: Undocumented structures for W2k-Win10 ¦  Replies: 21 ¦  Views: 74878

Windows 10 Redstone 3 (1709) HAL (10.0.16299.15) pdb + extracted structures.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 111