A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about kernel-mode development.
Forum Statistics Last post
13 Replies 
 17415 Views
 by EP_X0FF
 Fri Jun 08, 2018 6:53 pm
1 Replies 
 2866 Views
 by Vrtule
 Fri May 18, 2018 7:09 am
need help Explain this code
by lwbkm  - Wed May 02, 2018 1:35 am
6 Replies 
 7542 Views
 by lwbkm
 Thu May 03, 2018 10:04 am
10 Replies 
 11672 Views
 by nullpointer
 Thu May 03, 2018 8:24 am
List process and count packets.
by Krzysiek  - Mon Apr 30, 2018 5:49 pm
1 Replies 
 2823 Views
 by Vrtule
 Tue May 01, 2018 1:32 pm
2 Replies 
 3898 Views
 by Shinji
 Fri Apr 13, 2018 12:05 pm
2 Replies 
 3780 Views
 by Vrtule
 Sun Mar 18, 2018 7:26 pm
2 Replies 
 4031 Views
 by Brock
 Thu Feb 22, 2018 10:27 pm
Undocumented structures for W2k-Win10
by rkhunter  - Fri Aug 12, 2011 4:04 pm
21 Replies 
 75308 Views
 by rkhunter
 Sat Jan 13, 2018 7:14 am
How to redirect registry key in registry callback?
by myid  - Tue Dec 19, 2017 2:04 pm
4 Replies 
 8302 Views
 by myid
 Thu Dec 21, 2017 7:28 am
2 Replies 
 5495 Views
 by chanselisee
 Sat Dec 02, 2017 2:03 pm
19 Replies 
 18479 Views
 by myid
 Thu Nov 30, 2017 1:14 pm
How to complete the pending IRP immediately?
by myid  - Mon Nov 27, 2017 6:59 am
2 Replies 
 4331 Views
 by myid
 Mon Nov 27, 2017 9:06 am
WIN64 Driver Development Basic Tutorial
by m5home  - Fri Jun 13, 2014 9:18 am
19 Replies 
 43515 Views
 by myid
 Sun Nov 26, 2017 4:47 am
Invalid ProcessId in LoadImageNotifyRoutine
by InUrFace  - Tue Nov 21, 2017 1:12 pm
2 Replies 
 4695 Views
 by Brock
 Wed Nov 22, 2017 1:28 pm
The NT Insider: July/August 2015 Issue
by rkhunter  - Fri Mar 22, 2013 7:47 am
7 Replies 
 28124 Views
 by Vrtule
 Tue Oct 03, 2017 6:50 pm
Some create process notifications cannot be removed
by myid  - Mon Oct 02, 2017 1:16 am
6 Replies 
 10426 Views
 by tangptr
 Tue Oct 03, 2017 4:39 pm
How to map an address on specified 4GB space?
by fsdhook  - Wed Sep 13, 2017 3:07 am
2 Replies 
 10458 Views
 by fsdhook
 Sun Sep 24, 2017 4:11 pm
process id type
by grechkoed  - Fri Jun 09, 2017 2:56 pm
5 Replies 
 12094 Views
 by Vrtule
 Sat Sep 09, 2017 8:49 am
7 Replies 
 14892 Views
 by myid
 Sun Sep 03, 2017 2:31 am
Reading pageable memory at HIGH_LEVEL
by pwl  - Fri Jul 07, 2017 6:22 pm
3 Replies 
 8077 Views
 by Vrtule
 Sat Sep 02, 2017 2:38 pm
0 Replies 
 4713 Views
 by grechkoed
 Thu Jul 27, 2017 3:02 pm
Paging structures for win7/win10 64bit
by pwl  - Tue Jul 04, 2017 6:31 am
2 Replies 
 6076 Views
 by pwl
 Fri Jul 07, 2017 6:02 pm
remove protection csrss system hang?
by nullpointer  - Sun May 21, 2017 9:11 am
2 Replies 
 16564 Views
 by Brock
 Thu Jun 22, 2017 8:36 pm
5 Replies 
 13562 Views
 by Brock
 Sat May 27, 2017 11:24 pm
  • 1
  • 2
  • 3
  • 4
  • 5
  • 14