A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about kernel-mode development.
Forum Statistics Last post
2 Replies 
 3855 Views
 by Shinji
 Fri Apr 13, 2018 12:05 pm
2 Replies 
 3718 Views
 by Vrtule
 Sun Mar 18, 2018 7:26 pm
2 Replies 
 3973 Views
 by Brock
 Thu Feb 22, 2018 10:27 pm
Undocumented structures for W2k-Win10
by rkhunter  - Fri Aug 12, 2011 4:04 pm
21 Replies 
 75029 Views
 by rkhunter
 Sat Jan 13, 2018 7:14 am
How to redirect registry key in registry callback?
by myid  - Tue Dec 19, 2017 2:04 pm
4 Replies 
 8247 Views
 by myid
 Thu Dec 21, 2017 7:28 am
2 Replies 
 5464 Views
 by chanselisee
 Sat Dec 02, 2017 2:03 pm
19 Replies 
 18365 Views
 by myid
 Thu Nov 30, 2017 1:14 pm
How to complete the pending IRP immediately?
by myid  - Mon Nov 27, 2017 6:59 am
2 Replies 
 4294 Views
 by myid
 Mon Nov 27, 2017 9:06 am
WIN64 Driver Development Basic Tutorial
by m5home  - Fri Jun 13, 2014 9:18 am
19 Replies 
 43363 Views
 by myid
 Sun Nov 26, 2017 4:47 am
Invalid ProcessId in LoadImageNotifyRoutine
by InUrFace  - Tue Nov 21, 2017 1:12 pm
2 Replies 
 4664 Views
 by Brock
 Wed Nov 22, 2017 1:28 pm
The NT Insider: July/August 2015 Issue
by rkhunter  - Fri Mar 22, 2013 7:47 am
7 Replies 
 28073 Views
 by Vrtule
 Tue Oct 03, 2017 6:50 pm
Some create process notifications cannot be removed
by myid  - Mon Oct 02, 2017 1:16 am
6 Replies 
 10372 Views
 by tangptr
 Tue Oct 03, 2017 4:39 pm
How to map an address on specified 4GB space?
by fsdhook  - Wed Sep 13, 2017 3:07 am
2 Replies 
 10432 Views
 by fsdhook
 Sun Sep 24, 2017 4:11 pm
process id type
by grechkoed  - Fri Jun 09, 2017 2:56 pm
5 Replies 
 12060 Views
 by Vrtule
 Sat Sep 09, 2017 8:49 am
7 Replies 
 14824 Views
 by myid
 Sun Sep 03, 2017 2:31 am
Reading pageable memory at HIGH_LEVEL
by pwl  - Fri Jul 07, 2017 6:22 pm
3 Replies 
 8039 Views
 by Vrtule
 Sat Sep 02, 2017 2:38 pm
0 Replies 
 4692 Views
 by grechkoed
 Thu Jul 27, 2017 3:02 pm
Paging structures for win7/win10 64bit
by pwl  - Tue Jul 04, 2017 6:31 am
2 Replies 
 6048 Views
 by pwl
 Fri Jul 07, 2017 6:02 pm
remove protection csrss system hang?
by nullpointer  - Sun May 21, 2017 9:11 am
2 Replies 
 16535 Views
 by Brock
 Thu Jun 22, 2017 8:36 pm
5 Replies 
 13527 Views
 by Brock
 Sat May 27, 2017 11:24 pm
4 Replies 
 9204 Views
 by Victor43
 Mon May 15, 2017 8:32 pm
How to link with ntoskrnl.lib?
by grechkoed  - Mon Apr 24, 2017 8:28 am
4 Replies 
 9840 Views
 by tangptr
 Tue Apr 25, 2017 12:55 pm
Thread Context Switch Callback
by sima  - Tue Apr 18, 2017 3:35 pm
0 Replies 
 6777 Views
 by sima
 Tue Apr 18, 2017 3:35 pm
4 Replies 
 19032 Views
 by pwnslinger
 Mon Mar 27, 2017 12:29 pm
7 Replies 
 19573 Views
 by 0xf0f
 Wed Mar 15, 2017 12:01 pm
  • 1
  • 2
  • 3
  • 4
  • 5
  • 14