A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about user-mode development.
Forum Statistics Last post
Wow64 Fs Redirection
by Tigzy  - Fri Aug 03, 2012 6:22 am
3 Replies 
 4909 Views
 by Tigzy
 Fri Aug 03, 2012 4:57 pm
Inject x86 code into x64 process
by dash  - Fri Jul 27, 2012 7:28 pm
1 Replies 
 3174 Views
 by Brock
 Fri Jul 27, 2012 11:20 pm
[src] x64 Process Hiding Example
by MindfreaK  - Mon Jun 25, 2012 5:59 pm
2 Replies 
 4208 Views
 by MindfreaK
 Sun Jul 08, 2012 5:43 pm
TLS Infection example.
by The Swash  - Thu Jun 21, 2012 5:28 am
0 Replies 
 3037 Views
 by The Swash
 Thu Jun 21, 2012 5:28 am
x64 Ring3 Rootkit Sample
by MindfreaK  - Mon May 07, 2012 3:03 pm
5 Replies 
 6032 Views
 by secObs
 Tue May 29, 2012 7:19 am
Offline hive modification => restored at reboot
by Tigzy  - Wed May 23, 2012 5:41 pm
6 Replies 
 6128 Views
 by Vrtule
 Mon May 28, 2012 7:29 pm
x86 disassembly obfuscation
by former33t  - Sat May 19, 2012 10:15 pm
4 Replies 
 4858 Views
 by frank_boldewin
 Tue May 22, 2012 9:26 am
Intercepting syscalls in wow64 processes.
by lorddoskias  - Wed May 16, 2012 9:23 pm
1 Replies 
 2620 Views
 by everdox
 Wed May 16, 2012 10:53 pm
exception handling in wdk
by native99  - Wed May 09, 2012 1:57 pm
5 Replies 
 5467 Views
 by noppy
 Fri May 11, 2012 4:18 am
new and delete in wdk
by native99  - Wed May 02, 2012 1:18 pm
3 Replies 
 3729 Views
 by xdeadcode
 Wed May 02, 2012 9:39 pm
overloading operator new with wdk
by native99  - Wed May 02, 2012 6:36 am
1 Replies 
 2541 Views
 by xdeadcode
 Wed May 02, 2012 9:51 am
Custom LoadLibrary implementation
by gb_master  - Wed Apr 18, 2012 6:56 pm
2 Replies 
 4020 Views
 by gb_master
 Fri Apr 20, 2012 6:25 pm
simple script for .idt/.ids files making
by redp  - Sun Mar 18, 2012 6:57 pm
0 Replies 
 2399 Views
 by redp
 Sun Mar 18, 2012 6:57 pm
detecting thunk layer (wow64)
by _Lynn  - Thu Mar 08, 2012 11:23 pm
3 Replies 
 4559 Views
 by Brock
 Tue Mar 13, 2012 9:28 am
Read file directly from the disk
by dtox  - Wed Aug 10, 2011 5:39 pm
17 Replies 
 19677 Views
 by Tigzy
 Mon Mar 05, 2012 3:27 pm
Question about NtQuerySystemInformation
by yenom  - Fri Feb 24, 2012 3:16 pm
1 Replies 
 2811 Views
 by Alex
 Fri Feb 24, 2012 4:41 pm
Prevent untrusted memory read/dump
by wealllbe20  - Thu Jan 05, 2012 4:30 pm
5 Replies 
 6219 Views
 by redp
 Sat Jan 21, 2012 5:33 pm
How to idenify alertable thread?
by kmd  - Wed Apr 27, 2011 4:55 am
13 Replies 
 14376 Views
 by kmd
 Fri Jan 20, 2012 10:07 am
IAT hooking
by Kiuhnm  - Thu Jan 05, 2012 12:58 pm
5 Replies 
 5828 Views
 by Kiuhnm
 Thu Jan 05, 2012 10:30 pm
Hooking Problem
by __fastcall  - Sun Dec 18, 2011 1:21 pm
3 Replies 
 4513 Views
 by Brock
 Sat Dec 31, 2011 11:27 am
How to port from x86 to x64 .
by __fastcall  - Sat Dec 24, 2011 7:20 pm
4 Replies 
 5148 Views
 by __fastcall
 Wed Dec 28, 2011 2:00 am
4 Replies 
 5034 Views
 by Tigzy
 Fri Dec 09, 2011 1:39 pm
Windows 7 x64 SSDT question
by __fastcall  - Fri Nov 11, 2011 5:23 pm
4 Replies 
 5025 Views
 by __fastcall
 Mon Nov 14, 2011 1:54 pm
Cool fadeIn / fadeOut effect [ASM]
by Striker  - Fri Oct 28, 2011 10:30 pm
4 Replies 
 6801 Views
 by Striker
 Sat Oct 29, 2011 4:16 pm
4 Replies 
 5529 Views
 by rndbit
 Fri Oct 28, 2011 12:50 pm