A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about user-mode development.
Forum Statistics Last post
Assembler Disassembler Engines
by Dreg  - Mon Mar 15, 2010 9:17 am
16 Replies 
 74583 Views
 by tangptr
 Mon Mar 20, 2017 11:53 am
Check if process is UWP application.
by Iradicator  - Thu May 02, 2019 7:29 am
2 Replies 
 854 Views
 by Brock
 Thu Jun 13, 2019 8:19 pm
3 Replies 
 499 Views
 by R136a1
 Sat Apr 27, 2019 9:07 pm
2 Replies 
 514 Views
 by Brock
 Tue Apr 16, 2019 12:42 pm
0 Replies 
 576 Views
 by j4ck
 Wed Mar 06, 2019 4:17 am
2 Replies 
 1275 Views
 by pointer
 Fri Feb 08, 2019 1:26 pm
How to emulate LOW IL ?
by zer0cat  - Tue Jan 22, 2019 7:25 pm
6 Replies 
 2155 Views
 by Vrtule
 Fri Jan 25, 2019 10:13 pm
[C] HTTP-Downloader
by KarNak  - Sat Jan 12, 2019 11:32 am
5 Replies 
 2297 Views
 by AxtMueller
 Tue Mar 26, 2019 12:36 am
[C] UserMode = AdminMode Linux
by KarNak  - Sat Jan 12, 2019 11:39 am
1 Replies 
 940 Views
 by nimaarek
 Sat Jan 12, 2019 3:22 pm
Hook and replace Win32 application functions
by KarNak  - Sat Jan 12, 2019 11:29 am
0 Replies 
 771 Views
 by KarNak
 Sat Jan 12, 2019 11:29 am
Avoid undocumented API calls (RtlImageNtHeader)?
by j4ck  - Wed Dec 19, 2018 3:17 am
2 Replies 
 1834 Views
 by j4ck
 Wed Dec 19, 2018 4:12 am
0 Replies 
 1515 Views
 by pointer
 Wed Nov 28, 2018 12:29 pm
1 Replies 
 2165 Views
 by mrfearless
 Mon Sep 17, 2018 3:08 am
Process Doppelganging
by EP_X0FF  - Wed Dec 13, 2017 2:31 pm
7 Replies 
 17798 Views
 by EP_X0FF
 Thu Jul 05, 2018 6:05 am
ETW discussion
by Orkblutt  - Thu May 18, 2017 10:26 am
0 Replies 
 12081 Views
 by Orkblutt
 Thu May 18, 2017 10:26 am
How I FUDed a meterpreter payload!!
by kd77  - Sun Feb 26, 2017 2:23 pm
1 Replies 
 9091 Views
 by EP_X0FF
 Sun Feb 26, 2017 4:54 pm
WMI persistence in C++
by geoffreyvdb  - Fri Aug 19, 2016 2:12 pm
0 Replies 
 18057 Views
 by geoffreyvdb
 Fri Aug 19, 2016 2:12 pm
19 Replies 
 48911 Views
 by EP_X0FF
 Thu Jul 21, 2016 5:34 am
EnumDisplayMonitors
by EP_X0FF  - Sat Jul 02, 2016 6:27 am
2 Replies 
 9866 Views
 by EP_X0FF
 Sat Jul 02, 2016 9:06 am
EntryPoint in LDR_DATA_TABLE_ENTRY
by evelyette  - Tue Dec 29, 2015 10:40 am
1 Replies 
 9208 Views
 by EP_X0FF
 Wed Dec 30, 2015 4:06 am
Hooking usage of DLL function
by evelyette  - Wed Nov 18, 2015 7:09 pm
17 Replies 
 34246 Views
 by evelyette
 Fri Dec 18, 2015 10:24 am
Proxy DLL with Exported Structure
by evelyette  - Mon Dec 14, 2015 8:20 pm
11 Replies 
 23337 Views
 by Brock
 Wed Dec 16, 2015 10:47 pm
Application Verifier Custom Providers
by EP_X0FF  - Fri Aug 08, 2014 5:31 pm
12 Replies 
 43467 Views
 by billbudsocket
 Wed Nov 04, 2015 6:13 pm
AV SP Discussion & Bypass
by R00tKit  - Tue Feb 21, 2012 7:58 am
121 Replies 
 223295 Views
 by EP_X0FF
 Wed Nov 04, 2015 4:47 am
Cannot call any API within hook?
by puzzlex  - Tue Oct 20, 2015 12:33 pm
2 Replies 
 8181 Views
 by puzzlex
 Wed Oct 21, 2015 9:26 am