A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about user-mode development.
Forum Statistics Last post
Single_step and sysenter
by _Lynn  - Sat Sep 24, 2011 4:47 am
1 Replies 
 2662 Views
 by kmd
 Fri Oct 07, 2011 3:10 am
Detect hooks set with SetWindowsHookEx
by Tigzy  - Wed Sep 28, 2011 9:52 am
5 Replies 
 7404 Views
 by Vrtule
 Wed Oct 05, 2011 7:55 pm
Check for hooks/DLL injection
by Radovan  - Fri Jul 16, 2010 11:54 am
19 Replies 
 22186 Views
 by Fabian Wosar
 Wed Oct 05, 2011 1:26 pm
Dll injection prevention
by listito  - Wed Sep 28, 2011 10:56 am
19 Replies 
 20200 Views
 by Brock
 Sat Oct 01, 2011 12:14 pm
run an executable from memory
by ArkKup  - Mon Sep 19, 2011 9:20 am
0 Replies 
 2445 Views
 by ArkKup
 Mon Sep 19, 2011 9:20 am
About IsBadWritePtr?
by juan81  - Tue Aug 09, 2011 4:24 am
11 Replies 
 12550 Views
 by juan81
 Fri Sep 16, 2011 1:12 pm
crypto libraries with AVX & hardware AES support
by redp  - Sat Aug 27, 2011 12:31 pm
3 Replies 
 3829 Views
 by redp
 Sun Sep 11, 2011 2:19 pm
NtReadVirtualMemory
by jstar  - Sun Aug 21, 2011 11:53 pm
20 Replies 
 20453 Views
 by jstar
 Thu Aug 25, 2011 8:03 pm
Ring3 Windowed-Process Kill PoC
by Brock  - Fri Aug 12, 2011 10:47 pm
4 Replies 
 7826 Views
 by Brock
 Sat Aug 13, 2011 6:55 pm
problem in using NtSetInformationFile
by noppy  - Fri Jul 01, 2011 4:19 pm
2 Replies 
 3698 Views
 by noppy
 Fri Jul 01, 2011 8:29 pm
Hooking 32bit System Calls under WOW64 [oxff]
by Brookit  - Mon May 16, 2011 5:56 pm
0 Replies 
 2537 Views
 by Brookit
 Mon May 16, 2011 5:56 pm
SIDT privilleged?
by lorddoskias  - Wed May 11, 2011 12:07 am
1 Replies 
 2969 Views
 by EP_X0FF
 Wed May 11, 2011 1:47 am
How to determine dot net file
by kmd  - Tue Dec 21, 2010 2:47 am
4 Replies 
 6749 Views
 by EP_X0FF
 Wed Dec 22, 2010 2:27 pm
Breaking Prevx 3 self-protection
by EP_X0FF  - Tue Aug 03, 2010 9:55 am
59 Replies 
 80004 Views
 by EP_X0FF
 Tue Nov 30, 2010 5:58 pm
how to prevent windows message flood attacking
by sainfoin  - Sun Nov 07, 2010 2:42 am
9 Replies 
 14637 Views
 by xqrzd
 Mon Nov 08, 2010 3:05 am
How can I overwrite an MFT entry
by Mehdi  - Sun Oct 03, 2010 12:30 pm
4 Replies 
 6927 Views
 by Vrtule
 Wed Oct 06, 2010 11:42 pm
0 Replies 
 4212 Views
 by Not_ice
 Mon Aug 16, 2010 6:14 am
3 Replies 
 6999 Views
 by a_d_13
 Fri Aug 13, 2010 9:01 pm
2 Replies 
 4726 Views
 by Evilcry
 Mon Jun 21, 2010 5:52 am
15 Replies 
 22359 Views
 by Alex
 Thu May 13, 2010 7:49 pm
5 Replies 
 8636 Views
 by Evilcry
 Sun May 09, 2010 11:29 am
[solved] Dump Region
by NOP  - Fri Apr 09, 2010 6:59 pm
9 Replies 
 12266 Views
 by Buster_BSA
 Fri Apr 23, 2010 5:54 pm
Load Driver Using FltMgr
by __Genius__  - Tue Apr 20, 2010 6:52 pm
5 Replies 
 7087 Views
 by sww
 Wed Apr 21, 2010 9:54 am
1 Replies 
 3793 Views
 by EP_X0FF
 Wed Apr 21, 2010 3:10 am
CreateProcess Native (x86-32 NT5.x)
by EP_X0FF  - Mon Mar 15, 2010 9:59 am
8 Replies 
 14680 Views
 by Gunther
 Wed Mar 17, 2010 2:42 am