A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about user-mode development.
Forum Statistics Last post
Module (PEB/LDR) Hiding (4 Methods)
by kerpow1  - Sun Oct 11, 2015 10:50 am
13 Replies 
 26439 Views
 by kerpow1
 Fri Oct 16, 2015 3:34 pm
create rdp session on new desktop
by kobip  - Sun Sep 06, 2015 12:44 pm
7 Replies 
 16159 Views
 by kobip
 Tue Sep 29, 2015 9:38 am
9 Replies 
 21583 Views
 by Brock
 Sun Aug 30, 2015 5:59 am
How to get structure info via PDB file?
by myid  - Mon Aug 10, 2015 12:36 am
2 Replies 
 8427 Views
 by myid
 Mon Aug 10, 2015 7:12 am
SEH Address
by nothern  - Mon Jul 27, 2015 11:32 am
0 Replies 
 6475 Views
 by nothern
 Mon Jul 27, 2015 11:32 am
[Delphi] 640bit Ring3 Rootkit keeps crashing
by SysVolt  - Sun Jun 14, 2015 11:40 pm
7 Replies 
 15751 Views
 by Brock
 Tue Jul 14, 2015 9:16 pm
[Question] Relocated modules
by Stylo  - Thu Feb 05, 2015 9:51 am
1 Replies 
 8357 Views
 by cziter15
 Wed Jun 03, 2015 12:46 pm
Process hollowing issues
by ring0star  - Sun May 17, 2015 5:59 pm
2 Replies 
 8912 Views
 by ring0star
 Tue May 19, 2015 6:22 am
IPC inquiry
by Brock  - Sat Feb 21, 2015 12:58 am
6 Replies 
 14129 Views
 by Brock
 Tue Feb 24, 2015 7:43 am
ATA pass through read
by Tigzy  - Fri Jan 09, 2015 7:45 am
8 Replies 
 17958 Views
 by EP_X0FF
 Mon Jan 19, 2015 12:13 pm
delaying startup programs?
by BrianKress  - Sun Jan 04, 2015 6:53 pm
1 Replies 
 8153 Views
 by EP_X0FF
 Sun Jan 04, 2015 7:09 pm
How to download symbol of specified file?
by myid  - Tue Dec 02, 2014 12:36 am
1 Replies 
 7926 Views
 by reverser
 Wed Dec 03, 2014 11:13 pm
PoC: Code injection via thread hijacking
by BKsky  - Sun Nov 16, 2014 6:46 pm
1 Replies 
 8703 Views
 by m5home
 Sun Nov 23, 2014 11:38 am
How to use socket api to download file
by fsdhook  - Tue Sep 16, 2014 8:52 am
1 Replies 
 7320 Views
 by EP_X0FF
 Tue Sep 16, 2014 9:39 am
Various methods of Process Injection
by blackd0t  - Tue Sep 02, 2014 2:48 pm
4 Replies 
 12902 Views
 by t4L
 Fri Sep 05, 2014 3:02 am
Detecting which heap hold a specific memory block
by Stylo  - Wed Sep 03, 2014 11:59 am
4 Replies 
 7710 Views
 by Stylo
 Thu Sep 04, 2014 7:09 am
How to download symbol file without SYM API?
by myid  - Thu Jul 24, 2014 4:50 am
5 Replies 
 8357 Views
 by myid
 Wed Jul 30, 2014 1:55 pm
Antihook protection
by kmd  - Tue Jul 08, 2014 3:18 pm
3 Replies 
 7495 Views
 by EP_X0FF
 Wed Jul 09, 2014 4:18 am
Small x64 userland rootkit
by Microwave89  - Wed Apr 30, 2014 7:40 pm
2 Replies 
 6382 Views
 by Microwave89
 Wed May 07, 2014 2:16 pm
[Question] Undocumented WinAPI in kernel32 (Win7)
by Stylo  - Wed Mar 19, 2014 9:16 am
1 Replies 
 5439 Views
 by EP_X0FF
 Wed Mar 19, 2014 9:47 am
Program crashes when APC is scheduled
by Stylo  - Thu Dec 12, 2013 4:11 pm
3 Replies 
 6589 Views
 by EP_X0FF
 Sat Dec 14, 2013 7:06 am
KUSER_SHARED_DATA
by Xearinox  - Tue Sep 24, 2013 2:58 pm
6 Replies 
 9697 Views
 by Xearinox
 Wed Sep 25, 2013 5:41 am
Mobile Cross Platform SDK
by p4r4n0id  - Sat Aug 03, 2013 5:28 pm
1 Replies 
 5075 Views
 by r3shl4k1sh
 Sat Aug 03, 2013 9:14 pm
Desktop Question
by Vrtule  - Mon Jul 29, 2013 5:06 pm
6 Replies 
 9286 Views
 by Vrtule
 Wed Jul 31, 2013 2:45 pm
SEH exceptions in remote process thread
by dash  - Fri Jul 12, 2013 6:23 pm
2 Replies 
 5719 Views
 by dash
 Sat Jul 13, 2013 8:33 pm