A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about user-mode development.
Forum Statistics Last post
Application Verifier Custom Providers
by EP_X0FF  - Fri Aug 08, 2014 5:31 pm
12 Replies 
 44687 Views
 by billbudsocket
 Wed Nov 04, 2015 6:13 pm
AV SP Discussion & Bypass
by R00tKit  - Tue Feb 21, 2012 7:58 am
121 Replies 
 226663 Views
 by EP_X0FF
 Wed Nov 04, 2015 4:47 am
Cannot call any API within hook?
by puzzlex  - Tue Oct 20, 2015 12:33 pm
2 Replies 
 8582 Views
 by puzzlex
 Wed Oct 21, 2015 9:26 am
Module (PEB/LDR) Hiding (4 Methods)
by kerpow1  - Sun Oct 11, 2015 10:50 am
13 Replies 
 26925 Views
 by kerpow1
 Fri Oct 16, 2015 3:34 pm
create rdp session on new desktop
by kobip  - Sun Sep 06, 2015 12:44 pm
7 Replies 
 16535 Views
 by kobip
 Tue Sep 29, 2015 9:38 am
9 Replies 
 21966 Views
 by Brock
 Sun Aug 30, 2015 5:59 am
How to get structure info via PDB file?
by myid  - Mon Aug 10, 2015 12:36 am
2 Replies 
 8699 Views
 by myid
 Mon Aug 10, 2015 7:12 am
SEH Address
by nothern  - Mon Jul 27, 2015 11:32 am
0 Replies 
 6748 Views
 by nothern
 Mon Jul 27, 2015 11:32 am
[Delphi] 640bit Ring3 Rootkit keeps crashing
by SysVolt  - Sun Jun 14, 2015 11:40 pm
7 Replies 
 16120 Views
 by Brock
 Tue Jul 14, 2015 9:16 pm
[Question] Relocated modules
by Stylo  - Thu Feb 05, 2015 9:51 am
1 Replies 
 8620 Views
 by cziter15
 Wed Jun 03, 2015 12:46 pm
Process hollowing issues
by ring0star  - Sun May 17, 2015 5:59 pm
2 Replies 
 9197 Views
 by ring0star
 Tue May 19, 2015 6:22 am
IPC inquiry
by Brock  - Sat Feb 21, 2015 12:58 am
6 Replies 
 14437 Views
 by Brock
 Tue Feb 24, 2015 7:43 am
ATA pass through read
by Tigzy  - Fri Jan 09, 2015 7:45 am
8 Replies 
 18322 Views
 by EP_X0FF
 Mon Jan 19, 2015 12:13 pm
delaying startup programs?
by BrianKress  - Sun Jan 04, 2015 6:53 pm
1 Replies 
 8436 Views
 by EP_X0FF
 Sun Jan 04, 2015 7:09 pm
How to download symbol of specified file?
by myid  - Tue Dec 02, 2014 12:36 am
1 Replies 
 8182 Views
 by reverser
 Wed Dec 03, 2014 11:13 pm
PoC: Code injection via thread hijacking
by BKsky  - Sun Nov 16, 2014 6:46 pm
1 Replies 
 9167 Views
 by m5home
 Sun Nov 23, 2014 11:38 am
How to use socket api to download file
by fsdhook  - Tue Sep 16, 2014 8:52 am
1 Replies 
 7584 Views
 by EP_X0FF
 Tue Sep 16, 2014 9:39 am
Various methods of Process Injection
by blackd0t  - Tue Sep 02, 2014 2:48 pm
4 Replies 
 13219 Views
 by t4L
 Fri Sep 05, 2014 3:02 am
Detecting which heap hold a specific memory block
by Stylo  - Wed Sep 03, 2014 11:59 am
4 Replies 
 7995 Views
 by Stylo
 Thu Sep 04, 2014 7:09 am
How to download symbol file without SYM API?
by myid  - Thu Jul 24, 2014 4:50 am
5 Replies 
 8632 Views
 by myid
 Wed Jul 30, 2014 1:55 pm
Antihook protection
by kmd  - Tue Jul 08, 2014 3:18 pm
3 Replies 
 7779 Views
 by EP_X0FF
 Wed Jul 09, 2014 4:18 am
Small x64 userland rootkit
by Microwave89  - Wed Apr 30, 2014 7:40 pm
2 Replies 
 6650 Views
 by Microwave89
 Wed May 07, 2014 2:16 pm
[Question] Undocumented WinAPI in kernel32 (Win7)
by Stylo  - Wed Mar 19, 2014 9:16 am
1 Replies 
 5695 Views
 by EP_X0FF
 Wed Mar 19, 2014 9:47 am
Program crashes when APC is scheduled
by Stylo  - Thu Dec 12, 2013 4:11 pm
3 Replies 
 6852 Views
 by EP_X0FF
 Sat Dec 14, 2013 7:06 am
KUSER_SHARED_DATA
by Xearinox  - Tue Sep 24, 2013 2:58 pm
6 Replies 
 10061 Views
 by Xearinox
 Wed Sep 25, 2013 5:41 am