A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about kernel-mode development.
Forum Statistics Last post
MM code bug check for vad erase
by 0xf0f  - Mon Mar 13, 2017 7:30 am
5 Replies 
 10872 Views
 by 0xf0f
 Wed Mar 15, 2017 11:59 am
9 Replies 
 17237 Views
 by Vrtule
 Wed Mar 08, 2017 5:55 pm
Integrity check of DLL from Driver
by evelyette  - Wed Feb 22, 2017 11:26 pm
3 Replies 
 10080 Views
 by Vrtule
 Thu Feb 23, 2017 9:04 am
KdPrint not working
by guidono  - Wed Feb 22, 2017 1:59 pm
1 Replies 
 7517 Views
 by Vrtule
 Wed Feb 22, 2017 7:51 pm
1 Replies 
 9401 Views
 by ithurricane
 Thu Feb 16, 2017 2:53 am
Mapping ntdll.dll into kernel-mode memory
by evelyette  - Fri Feb 10, 2017 11:01 pm
2 Replies 
 8723 Views
 by evelyette
 Mon Feb 13, 2017 6:50 pm
Callback on ZwOpenSection
by dazzer  - Mon Jan 16, 2017 4:09 pm
2 Replies 
 8892 Views
 by s0me
 Fri Feb 03, 2017 1:09 pm
ntkrnlmp.pdb for Win10 64-bit Build 14393?
by mkroll  - Wed Nov 30, 2016 8:19 am
1 Replies 
 19001 Views
 by mkroll
 Wed Nov 30, 2016 5:10 pm
StartService very slow
by halouworld  - Wed Sep 28, 2016 3:20 pm
0 Replies 
 19860 Views
 by halouworld
 Wed Sep 28, 2016 3:20 pm
what is the best way for communicate with Disk?
by parviz  - Tue Sep 27, 2016 6:31 am
0 Replies 
 7274 Views
 by parviz
 Tue Sep 27, 2016 6:31 am
iphlpapi.dll RPC target
by Vrtule  - Mon Aug 22, 2016 2:04 pm
3 Replies 
 10400 Views
 by Vrtule
 Sun Aug 28, 2016 6:20 pm
ZwDuplicateObject FAILED on WIN10
by myid  - Sat Aug 13, 2016 8:05 am
5 Replies 
 10586 Views
 by myid
 Sun Aug 28, 2016 4:49 pm
Determine NtUser indexes dynamically
by flauteABC  - Tue Jun 14, 2016 2:56 pm
2 Replies 
 12345 Views
 by EP_X0FF
 Sat Jul 02, 2016 10:40 am
5 Replies 
 12461 Views
 by Victor43
 Wed Jun 08, 2016 6:50 am
Basics of Windows Kernel Internals
by TSION  - Fri May 20, 2016 1:11 am
0 Replies 
 7859 Views
 by TSION
 Fri May 20, 2016 1:11 am
Callback on NtReadVirtualMemory
by segark  - Sun May 01, 2016 4:56 pm
5 Replies 
 11698 Views
 by segark
 Sun May 08, 2016 4:33 pm
how to locate and walk the TCP stack ?
by Victor43  - Fri May 06, 2016 4:27 pm
0 Replies 
 6824 Views
 by Victor43
 Fri May 06, 2016 4:27 pm
Static bypass patchGuard and DSE on win8.1
by kz丶cn  - Fri Apr 22, 2016 3:21 pm
3 Replies 
 18284 Views
 by kz丶cn
 Mon Apr 25, 2016 7:37 am
Write to win32k .text on Windows 10 x64
by flauteABC  - Tue Apr 12, 2016 3:06 pm
4 Replies 
 9951 Views
 by Dmitry Varshavsky
 Sat Apr 16, 2016 10:44 pm
Small kernel rootkit "PhoenixKit"
by Microwave89  - Sun Aug 31, 2014 1:25 am
16 Replies 
 27689 Views
 by gpcity
 Thu Apr 14, 2016 3:07 am
How to wait an APC until it finished?
by myid  - Wed Apr 06, 2016 5:09 pm
1 Replies 
 6708 Views
 by Brock
 Thu Apr 07, 2016 6:18 am
3 Replies 
 8011 Views
 by Brock
 Wed Apr 06, 2016 2:04 am
KiServiceTable list (7-10 TH2)
by EP_X0FF  - Wed Nov 11, 2015 11:25 am
3 Replies 
 10403 Views
 by EP_X0FF
 Mon Mar 14, 2016 4:28 pm
Failed to hook KiSystemCall64 in hypervisor
by rebuilty  - Tue Jan 12, 2016 2:49 pm
2 Replies 
 7484 Views
 by Dmitry Varshavsky
 Mon Feb 22, 2016 12:23 pm
PsSetCreateThreadNotifyRoutine removal
by jakeman8888  - Fri Feb 19, 2016 11:27 pm
1 Replies 
 4767 Views
 by EP_X0FF
 Sat Feb 20, 2016 11:13 am
  • 1
  • 2
  • 3
  • 4
  • 5
  • 14