A forum for reverse engineering, OS internals and malware analysis 

Search found 4332 matches

 Go to advanced search

Re: x64 NDIS.sys pdb wanted

 by EP_X0FF ¦  Sat Jun 15, 2019 3:08 am ¦  Forum: Reverse Engineering and Debugging ¦  Topic: x64 NDIS.sys pdb wanted ¦  Replies: 3 ¦  Views: 296

Thanks!

Re: x64 NDIS.sys pdb wanted

 by EP_X0FF ¦  Thu Jun 13, 2019 5:48 am ¦  Forum: Reverse Engineering and Debugging ¦  Topic: x64 NDIS.sys pdb wanted ¦  Replies: 3 ¦  Views: 296

Here is pdb I found. All except Windows 8.

x64 NDIS.sys pdb wanted

 by EP_X0FF ¦  Wed Jun 12, 2019 4:14 am ¦  Forum: Reverse Engineering and Debugging ¦  Topic: x64 NDIS.sys pdb wanted ¦  Replies: 3 ¦  Views: 296

Hello,
if you have please share. I interested in

NDIS pdb's for

Windows 8 (9200)
Windows 10 TH1 (10240) - found
Windows 10 TH2 (10586) - found
Windows 10 RS2 (15063) - found
Windows 10 RS3 (16299) - found
Windows 10 RS4 (17134) - found

Thanks.

Re: Windows Object Explorer 64-bit (WinObjEx64)

 by EP_X0FF ¦  Sun Jun 02, 2019 4:47 am ¦  Forum: Tools/Software ¦  Topic: Windows Object Explorer 64-bit (WinObjEx64) ¦  Replies: 15 ¦  Views: 54426

v1.7.4 added software licensing cache view (extras) resolve apisets while viewing shadow table in Windows 10 20H1 >= 18890 builds fix displaying sid user/domain information for private namespaces added refresh (f5) for private namespace dialog v1.7.3 threads list in processes dialog view file proper...

Re: WIN64AST Pro ?

 by EP_X0FF ¦  Wed May 29, 2019 3:22 am ¦  Forum: Newbie Questions ¦  Topic: WIN64AST Pro ? ¦  Replies: 1 ¦  Views: 124

Author didn't updated it for a few years as well as didn't visited this place. You can guess that answer is - nowhere.
Try this viewtopic.php?f=11&t=5316 relatively fresh.

Re: "Inappropriate" Malware

 by EP_X0FF ¦  Sun May 26, 2019 5:25 am ¦  Forum: Newbie Questions ¦  Topic: "Inappropriate" Malware ¦  Replies: 1 ¦  Views: 116

We do not create malware here. However if it sort of evilpolarbear.exe feel free to post in password protected archive.

Re: [IDAPython] VirtualAlloc of ctypes returns 0

 by EP_X0FF ¦  Sat May 25, 2019 7:26 am ¦  Forum: Newbie Questions ¦  Topic: [IDAPython] VirtualAlloc of ctypes returns 0 ¦  Replies: 11 ¦  Views: 574

I don't have any script. If this API fails then look on GetLastError result value after failed call.

Re: [IDAPython] VirtualAlloc of ctypes returns 0

 by EP_X0FF ¦  Mon May 20, 2019 4:49 pm ¦  Forum: Newbie Questions ¦  Topic: [IDAPython] VirtualAlloc of ctypes returns 0 ¦  Replies: 11 ¦  Views: 574

If VirtualAlloc params is what you supplied then it is invalid call due to Protect flag you set to 0. If you want to execute something it should be at least PAGE_EXECUTE_READWRITE assuming you will do Read/Write to that region next.

Re: Office 97-2003 macro viruses

 by EP_X0FF ¦  Mon May 20, 2019 1:55 am ¦  Forum: Completed Malware Requests ¦  Topic: Office 97-2003 macro viruses ¦  Replies: 3 ¦  Views: 248

Re: Check if process is UWP application.

 by EP_X0FF ¦  Sun May 19, 2019 2:23 pm ¦  Forum: User-Mode Development ¦  Topic: Check if process is UWP application. ¦  Replies: 2 ¦  Views: 405

Make a powershell script that runs C#, no?

  • 1
  • 2
  • 3
  • 4
  • 5
  • 434