A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about user-mode development.
Forum Statistics Last post
Assembler Disassembler Engines
by Dreg  - Mon Mar 15, 2010 9:17 am
16 Replies 
 77157 Views
 by tangptr
 Mon Mar 20, 2017 11:53 am
Net Framework 4.8 versions
by EP_X0FF  - Wed Oct 23, 2019 5:13 am
1 Replies 
 1462 Views
 by EP_X0FF
 Mon Nov 18, 2019 1:43 pm
Callback function
by DarkC0de  - Mon Oct 28, 2019 12:31 pm
0 Replies 
 1402 Views
 by DarkC0de
 Mon Oct 28, 2019 12:31 pm
0 Replies 
 1922 Views
 by Iradicator
 Sun Aug 11, 2019 9:08 pm
Check if process is UWP application.
by Iradicator  - Thu May 02, 2019 7:29 am
2 Replies 
 1943 Views
 by Brock
 Thu Jun 13, 2019 8:19 pm
3 Replies 
 1493 Views
 by R136a1
 Sat Apr 27, 2019 9:07 pm
2 Replies 
 1445 Views
 by Brock
 Tue Apr 16, 2019 12:42 pm
0 Replies 
 1458 Views
 by j4ck
 Wed Mar 06, 2019 4:17 am
2 Replies 
 2348 Views
 by pointer
 Fri Feb 08, 2019 1:26 pm
How to emulate LOW IL ?
by zer0cat  - Tue Jan 22, 2019 7:25 pm
6 Replies 
 3284 Views
 by Vrtule
 Fri Jan 25, 2019 10:13 pm
[C] HTTP-Downloader
by KarNak  - Sat Jan 12, 2019 11:32 am
6 Replies 
 3868 Views
 by VinayParde
 Tue Aug 06, 2019 10:26 am
[C] UserMode = AdminMode Linux
by KarNak  - Sat Jan 12, 2019 11:39 am
1 Replies 
 1697 Views
 by nimaarek
 Sat Jan 12, 2019 3:22 pm
Hook and replace Win32 application functions
by KarNak  - Sat Jan 12, 2019 11:29 am
0 Replies 
 1450 Views
 by KarNak
 Sat Jan 12, 2019 11:29 am
Avoid undocumented API calls (RtlImageNtHeader)?
by j4ck  - Wed Dec 19, 2018 3:17 am
2 Replies 
 2641 Views
 by j4ck
 Wed Dec 19, 2018 4:12 am
0 Replies 
 2197 Views
 by pointer
 Wed Nov 28, 2018 12:29 pm
1 Replies 
 2878 Views
 by mrfearless
 Mon Sep 17, 2018 3:08 am
Process Doppelganging
by EP_X0FF  - Wed Dec 13, 2017 2:31 pm
7 Replies 
 18865 Views
 by EP_X0FF
 Thu Jul 05, 2018 6:05 am
ETW discussion
by Orkblutt  - Thu May 18, 2017 10:26 am
0 Replies 
 12782 Views
 by Orkblutt
 Thu May 18, 2017 10:26 am
How I FUDed a meterpreter payload!!
by kd77  - Sun Feb 26, 2017 2:23 pm
1 Replies 
 9819 Views
 by EP_X0FF
 Sun Feb 26, 2017 4:54 pm
WMI persistence in C++
by geoffreyvdb  - Fri Aug 19, 2016 2:12 pm
0 Replies 
 18776 Views
 by geoffreyvdb
 Fri Aug 19, 2016 2:12 pm
19 Replies 
 50504 Views
 by EP_X0FF
 Thu Jul 21, 2016 5:34 am
EnumDisplayMonitors
by EP_X0FF  - Sat Jul 02, 2016 6:27 am
2 Replies 
 10594 Views
 by EP_X0FF
 Sat Jul 02, 2016 9:06 am
EntryPoint in LDR_DATA_TABLE_ENTRY
by evelyette  - Tue Dec 29, 2015 10:40 am
1 Replies 
 10035 Views
 by EP_X0FF
 Wed Dec 30, 2015 4:06 am
Hooking usage of DLL function
by evelyette  - Wed Nov 18, 2015 7:09 pm
17 Replies 
 35821 Views
 by evelyette
 Fri Dec 18, 2015 10:24 am
Proxy DLL with Exported Structure
by evelyette  - Mon Dec 14, 2015 8:20 pm
11 Replies 
 24631 Views
 by Brock
 Wed Dec 16, 2015 10:47 pm