A forum for reverse engineering, OS internals and malware analysis 

Discussion on reverse-engineering and debugging.
 #8385  by rkhunter
 Fri Sep 02, 2011 7:53 am
Some rare books from my collection (more of a rarity).
(With the permission of administrators)

1. Schreiber "Undocumented Windows 2000 Secrets" (rus)

2. Helen Custer "Inside Windows NT and NTFS" (rus)
http://narod.ru/disk/23706206001/2_Hele ... 0.zip.html

3. Richter, Clark "Programming Server-Side Applications for Windows 2000" (rus)
http://narod.ru/disk/23706360001/3_Riht ... 0.zip.html

4. Airapetyan "Otladchik SoftICE. Podrobny spravochnik"
http://narod.ru/disk/23706402001/4_Aira ... u.zip.html

5. K. Kaspersky "Tehnika setevyh atak"
http://narod.ru/disk/23706450001/5_Kasp ... h.zip.html

6. Brian Carrier "File System Forensic Analysis" (rus)
http://narod.ru/disk/23706545001/6_Krim ... S.zip.html

7. Hoglund, Butler "Rootkits: Subverting the Windows Kernel" (eng)
http://narod.ru/disk/23706584001/7_Hogl ... g.zip.html

8. K. Kaspersky "IDA" (rus)
http://narod.ru/disk/23706634001/8_Kasp ... A.zip.html

9. "SoftICE manual" by Compuware (rus)
http://narod.ru/disk/23706670001/9_Soft ... l.zip.html
 #9074  by Vrtule
 Mon Oct 10, 2011 4:42 pm
Some stuff related to registry internals:

The Internal Structure of the Windows Registry (Peter Norris):
http://amnesia.gtisc.gatech.edu/~moyix/ ... td.uk/MSc/

Windows NT Registry File Format (Timothy D. Morgan)
http://sentinelchicken.com/research/registry_format/ (or google for "Windows NT Registry file format")

Forensic analysis of the Windows registry in memory (Brendan Dolan-Gavitt)
http://www.dfrws.org/2008/proceedings/p ... gavitt.pdf
 #9094  by rkhunter
 Tue Oct 11, 2011 8:42 pm
New issue of "The NT Insider" journal:

- Epic Update: Win8 WDK Provides Visual Studio Integration
- Peter Pontificates: Do Christmas Dreams Come True?
- WDK Preview: Installation Through Debugging
- Five Things to LIKE About Visual Studio Integration
- Five Things NOT to Like About Visual Studio Integration
- File System Changes in Win8
- Converting SOURCES-Based Projects to “.VCXPROJ” Format

 #11029  by Zer0Flag
 Sat Jan 14, 2012 11:03 am
Some good malware reversing tutorials for beginners

Malware Analysis Tutorial 1 - VM Based Analysis Platform
http://fumalwareanalysis.blogspot.com/2 ... verse.html

Malware Analysis Tutorial 2 - Ring3 Debugging
http://fumalwareanalysis.blogspot.com/2 ... se_31.html

Malware Analysis 3: int2d anti-debugging (Part I)
http://fumalwareanalysis.blogspot.com/2 ... gging.html

Malware Analysis Tutorial 4: Int2dh Anti-Debugging (Part II)
http://fumalwareanalysis.blogspot.com/2 ... -anti.html

Malware Analysis Tutorial 5: Int2d Anti-Debugging Trick (Part III)
http://fumalwareanalysis.blogspot.com/2 ... -anti.html

Malware Analysis Tutorial 6: Analyzing Self-Extraction and Decoding Functions
http://fumalwareanalysis.blogspot.com/2 ... yzing.html

Malware Analysis Tutorial 7: Exploring Kernel Data Structure
http://fumalwareanalysis.blogspot.com/2 ... oring.html

Malware Analysis Tutorial 8: PE Header and Export Table
http://fumalwareanalysis.blogspot.com/2 ... eader.html

Malware Analysis Tutorial 9: Encoded Export Table
http://fumalwareanalysis.blogspot.com/2 ... coded.html

Malware Analysis Tutorial 10: Tricks for Confusing Static Analysis Tools
http://fumalwareanalysis.blogspot.com/2 ... s-for.html

Malware Analysis Tutorial 11: Starling Technique and Hijacking Kernel System Calls using Hardware Breakpoints
http://fumalwareanalysis.blogspot.com/2 ... rling.html

Greetz Zer0