A forum for reverse engineering, OS internals and malware analysis 

Search found 4340 matches

 Go to advanced search

Re: Force unload kernel driver

 by EP_X0FF ¦  Wed Aug 14, 2019 3:47 am ¦  Forum: Kernel-Mode Development ¦  Topic: Force unload kernel driver ¦  Replies: 1 ¦  Views: 1636

Just do BSOD. Force unloads everything.
The feature you are planning is BSOD generator by design. There is no way to safely unload driver if it not support unloading itself, otherwise just call it driver unload function and pray for no BSOD.

Re: I want to ask someone to check if a PC game is infected with malware

 by EP_X0FF ¦  Tue Aug 13, 2019 3:54 am ¦  Forum: Newbie Questions ¦  Topic: I want to ask someone to check if a PC game is infected with malware ¦  Replies: 1 ¦  Views: 164

Feel free to post more info about it.

Re: [REQUEST] The Rootkit Arsenal 2nd edition

 by EP_X0FF ¦  Sun Aug 11, 2019 3:09 am ¦  Forum: General Discussion ¦  Topic: [REQUEST] The Rootkit Arsenal 2nd edition ¦  Replies: 2 ¦  Views: 105

You googled it wrong.
http://venom630.free.fr/pdf/The.Rootkit ... dition.pdf

Almost everything from this "book" is out-dated trash and was out-dated at the moment of it release.

Re: Discovering footprints of loaded and unloaded kernel mode drivers

 by EP_X0FF ¦  Sun Aug 11, 2019 3:04 am ¦  Forum: Newbie Questions ¦  Topic: Discovering footprints of loaded and unloaded kernel mode drivers ¦  Replies: 3 ¦  Views: 145

It is depends on what you want to achieve. Currently it looks like you are either cheat or anti-cheat developer. No malware works in a different way.

Re: CVE-2018-8373 Exploit(s) / HTML_EXPLOIT.YYRV

 by EP_X0FF ¦  Tue Jul 30, 2019 5:10 pm ¦  Forum: Completed Malware Requests ¦  Topic: CVE-2018-8373 Exploit(s) / HTML_EXPLOIT.YYRV ¦  Replies: 1 ¦  Views: 2256

Old topic with no replies, moved to completed. If you still need this sample let us know and we will move this request back.

Re: x64 NDIS.sys pdb wanted

 by EP_X0FF ¦  Thu Jul 04, 2019 4:26 am ¦  Forum: Reverse Engineering and Debugging ¦  Topic: x64 NDIS.sys pdb wanted ¦  Replies: 4 ¦  Views: 2159

In attach NDIS headers generated from the above PDB files with help of wbenny pdbex (https://github.com/wbenny/pdbex).

Windows 7 (7601)
Windows 8 (9200)
Windows 8.1 (9600)
Windows 10 (10240, 10586, 14393, 15063, 16299, 17134, 17763, 18362)

Re: why ExFreePool will blue screen

 by EP_X0FF ¦  Thu Jul 04, 2019 4:21 am ¦  Forum: Kernel-Mode Development ¦  Topic: why ExFreePool will blue screen ¦  Replies: 5 ¦  Views: 4681

I highly doubt he will read or answer you after more than 1 year passed since this thread last reply. Closed.

Re: My AV says my router is infected

 by EP_X0FF ¦  Thu Jul 04, 2019 2:51 am ¦  Forum: Newbie Questions ¦  Topic: My AV says my router is infected ¦  Replies: 9 ¦  Views: 2068

In your router manual.

Re: x64 NDIS.sys pdb wanted

 by EP_X0FF ¦  Sat Jun 15, 2019 3:08 am ¦  Forum: Reverse Engineering and Debugging ¦  Topic: x64 NDIS.sys pdb wanted ¦  Replies: 4 ¦  Views: 2159

Thanks!

Re: x64 NDIS.sys pdb wanted

 by EP_X0FF ¦  Thu Jun 13, 2019 5:48 am ¦  Forum: Reverse Engineering and Debugging ¦  Topic: x64 NDIS.sys pdb wanted ¦  Replies: 4 ¦  Views: 2159

Here is pdb I found. All except Windows 8.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 434