A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about user-mode development.
Forum Statistics Last post
dynamic creation of TLSs
by hanan  - Tue Oct 02, 2012 5:46 pm
0 Replies 
 3122 Views
 by hanan
 Tue Oct 02, 2012 5:46 pm
modern Crypter methods
by hanan  - Sun Sep 16, 2012 1:24 pm
2 Replies 
 3659 Views
 by a_d_13
 Tue Sep 18, 2012 8:30 pm
Process persistence in ring3
by void  - Sat Aug 18, 2012 5:47 pm
3 Replies 
 4541 Views
 by EP_X0FF
 Sat Aug 25, 2012 6:14 am
Wow64 Fs Redirection
by Tigzy  - Fri Aug 03, 2012 6:22 am
3 Replies 
 5193 Views
 by Tigzy
 Fri Aug 03, 2012 4:57 pm
Inject x86 code into x64 process
by dash  - Fri Jul 27, 2012 7:28 pm
1 Replies 
 3454 Views
 by Brock
 Fri Jul 27, 2012 11:20 pm
[src] x64 Process Hiding Example
by MindfreaK  - Mon Jun 25, 2012 5:59 pm
2 Replies 
 4506 Views
 by MindfreaK
 Sun Jul 08, 2012 5:43 pm
TLS Infection example.
by The Swash  - Thu Jun 21, 2012 5:28 am
0 Replies 
 3320 Views
 by The Swash
 Thu Jun 21, 2012 5:28 am
x64 Ring3 Rootkit Sample
by MindfreaK  - Mon May 07, 2012 3:03 pm
5 Replies 
 6341 Views
 by secObs
 Tue May 29, 2012 7:19 am
Offline hive modification => restored at reboot
by Tigzy  - Wed May 23, 2012 5:41 pm
6 Replies 
 6417 Views
 by Vrtule
 Mon May 28, 2012 7:29 pm
x86 disassembly obfuscation
by former33t  - Sat May 19, 2012 10:15 pm
4 Replies 
 5167 Views
 by frank_boldewin
 Tue May 22, 2012 9:26 am
Intercepting syscalls in wow64 processes.
by lorddoskias  - Wed May 16, 2012 9:23 pm
1 Replies 
 2908 Views
 by everdox
 Wed May 16, 2012 10:53 pm
exception handling in wdk
by native99  - Wed May 09, 2012 1:57 pm
5 Replies 
 5790 Views
 by noppy
 Fri May 11, 2012 4:18 am
new and delete in wdk
by native99  - Wed May 02, 2012 1:18 pm
3 Replies 
 4047 Views
 by xdeadcode
 Wed May 02, 2012 9:39 pm
overloading operator new with wdk
by native99  - Wed May 02, 2012 6:36 am
1 Replies 
 2802 Views
 by xdeadcode
 Wed May 02, 2012 9:51 am
Custom LoadLibrary implementation
by gb_master  - Wed Apr 18, 2012 6:56 pm
2 Replies 
 4315 Views
 by gb_master
 Fri Apr 20, 2012 6:25 pm
simple script for .idt/.ids files making
by redp  - Sun Mar 18, 2012 6:57 pm
0 Replies 
 2658 Views
 by redp
 Sun Mar 18, 2012 6:57 pm
detecting thunk layer (wow64)
by _Lynn  - Thu Mar 08, 2012 11:23 pm
3 Replies 
 4864 Views
 by Brock
 Tue Mar 13, 2012 9:28 am
Read file directly from the disk
by dtox  - Wed Aug 10, 2011 5:39 pm
17 Replies 
 20125 Views
 by Tigzy
 Mon Mar 05, 2012 3:27 pm
Question about NtQuerySystemInformation
by yenom  - Fri Feb 24, 2012 3:16 pm
1 Replies 
 3092 Views
 by Alex
 Fri Feb 24, 2012 4:41 pm
Prevent untrusted memory read/dump
by wealllbe20  - Thu Jan 05, 2012 4:30 pm
5 Replies 
 6500 Views
 by redp
 Sat Jan 21, 2012 5:33 pm
How to idenify alertable thread?
by kmd  - Wed Apr 27, 2011 4:55 am
13 Replies 
 14877 Views
 by kmd
 Fri Jan 20, 2012 10:07 am
IAT hooking
by Kiuhnm  - Thu Jan 05, 2012 12:58 pm
5 Replies 
 6157 Views
 by Kiuhnm
 Thu Jan 05, 2012 10:30 pm
Hooking Problem
by __fastcall  - Sun Dec 18, 2011 1:21 pm
3 Replies 
 4813 Views
 by Brock
 Sat Dec 31, 2011 11:27 am
How to port from x86 to x64 .
by __fastcall  - Sat Dec 24, 2011 7:20 pm
4 Replies 
 5432 Views
 by __fastcall
 Wed Dec 28, 2011 2:00 am
4 Replies 
 5399 Views
 by Tigzy
 Fri Dec 09, 2011 1:39 pm