A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about user-mode development.
Forum Statistics Last post
Assembler Disassembler Engines
by Dreg  - Mon Mar 15, 2010 9:17 am
16 Replies 
 73892 Views
 by tangptr
 Mon Mar 20, 2017 11:53 am
2 Replies 
 228 Views
 by Brock
 Tue Apr 16, 2019 12:42 pm
0 Replies 
 339 Views
 by j4ck
 Wed Mar 06, 2019 4:17 am
2 Replies 
 1018 Views
 by pointer
 Fri Feb 08, 2019 1:26 pm
How to emulate LOW IL ?
by zer0cat  - Tue Jan 22, 2019 7:25 pm
6 Replies 
 1923 Views
 by Vrtule
 Fri Jan 25, 2019 10:13 pm
[C] HTTP-Downloader
by KarNak  - Sat Jan 12, 2019 11:32 am
5 Replies 
 1816 Views
 by AxtMueller
 Tue Mar 26, 2019 12:36 am
[C] UserMode = AdminMode Linux
by KarNak  - Sat Jan 12, 2019 11:39 am
1 Replies 
 734 Views
 by nimaarek
 Sat Jan 12, 2019 3:22 pm
Hook and replace Win32 application functions
by KarNak  - Sat Jan 12, 2019 11:29 am
0 Replies 
 584 Views
 by KarNak
 Sat Jan 12, 2019 11:29 am
Avoid undocumented API calls (RtlImageNtHeader)?
by j4ck  - Wed Dec 19, 2018 3:17 am
2 Replies 
 1590 Views
 by j4ck
 Wed Dec 19, 2018 4:12 am
0 Replies 
 1326 Views
 by pointer
 Wed Nov 28, 2018 12:29 pm
1 Replies 
 1991 Views
 by mrfearless
 Mon Sep 17, 2018 3:08 am
Process Doppelganging
by EP_X0FF  - Wed Dec 13, 2017 2:31 pm
7 Replies 
 17440 Views
 by EP_X0FF
 Thu Jul 05, 2018 6:05 am
ETW discussion
by Orkblutt  - Thu May 18, 2017 10:26 am
0 Replies 
 11909 Views
 by Orkblutt
 Thu May 18, 2017 10:26 am
How I FUDed a meterpreter payload!!
by kd77  - Sun Feb 26, 2017 2:23 pm
1 Replies 
 8904 Views
 by EP_X0FF
 Sun Feb 26, 2017 4:54 pm
WMI persistence in C++
by geoffreyvdb  - Fri Aug 19, 2016 2:12 pm
0 Replies 
 17866 Views
 by geoffreyvdb
 Fri Aug 19, 2016 2:12 pm
19 Replies 
 48510 Views
 by EP_X0FF
 Thu Jul 21, 2016 5:34 am
EnumDisplayMonitors
by EP_X0FF  - Sat Jul 02, 2016 6:27 am
2 Replies 
 9682 Views
 by EP_X0FF
 Sat Jul 02, 2016 9:06 am
EntryPoint in LDR_DATA_TABLE_ENTRY
by evelyette  - Tue Dec 29, 2015 10:40 am
1 Replies 
 8963 Views
 by EP_X0FF
 Wed Dec 30, 2015 4:06 am
Hooking usage of DLL function
by evelyette  - Wed Nov 18, 2015 7:09 pm
17 Replies 
 33845 Views
 by evelyette
 Fri Dec 18, 2015 10:24 am
Proxy DLL with Exported Structure
by evelyette  - Mon Dec 14, 2015 8:20 pm
11 Replies 
 23069 Views
 by Brock
 Wed Dec 16, 2015 10:47 pm
Application Verifier Custom Providers
by EP_X0FF  - Fri Aug 08, 2014 5:31 pm
12 Replies 
 43021 Views
 by billbudsocket
 Wed Nov 04, 2015 6:13 pm
AV SP Discussion & Bypass
by R00tKit  - Tue Feb 21, 2012 7:58 am
121 Replies 
 222396 Views
 by EP_X0FF
 Wed Nov 04, 2015 4:47 am
Cannot call any API within hook?
by puzzlex  - Tue Oct 20, 2015 12:33 pm
2 Replies 
 8004 Views
 by puzzlex
 Wed Oct 21, 2015 9:26 am
Module (PEB/LDR) Hiding (4 Methods)
by kerpow1  - Sun Oct 11, 2015 10:50 am
13 Replies 
 26389 Views
 by kerpow1
 Fri Oct 16, 2015 3:34 pm
create rdp session on new desktop
by kobip  - Sun Sep 06, 2015 12:44 pm
7 Replies 
 16133 Views
 by kobip
 Tue Sep 29, 2015 9:38 am