PDA

View Full Version : Blogs Forum

Pages : [1] 2
  1. SymbolFinder
  2. Apple's variant of ptrace()
  3. Sun VirtualBox Disassembler Explantation
  4. CartellaUnicaTasse.exe Italian Malware RCE Analysis
  5. Why is secure development so important?
  6. pde/pte softice plugin
  7. Funny coded malware
  8. antisptd
  9. IceProbe - SoftIce Command Tracer
  10. build rule for x64 asm
  11. nonintrusive tracer on x64
  12. Recon2008
  13. My "Unofficial" ReCon Video
  14. Strong-Name Signing, AdmiralDebilitate v0.1
  15. IDA Pro Development Environment
  16. Control Flow Deobfuscation Part 3
  17. Vmware snapshot and SSDT
  18. Testing debuggers
  19. Phoenix Protector 1.3.0.1
  20. .NET Internals and Native Compiling
  21. Fujitsu 3D Shock Sensor Application Reversing
  22. An Introduction To .NET Reversing
  23. IDA and vmread/vmwrite x64
  24. Intel VT and cpuid break
  25. Downloader.Win32.Small or Win32/PolyCrypt Reversing
  26. #773: bug in IDA-Pro [fails to debug zero-based PE]
  27. "Function String Associate" IDA Plug-in
  28. # other solutions: how to load two or more files into the same IDA-Pro database
  29. # bug in Process Explorer (a gift for malware)
  30. # thinking in IDA Pro - how to obtain a copy
  31. # bug in Olly, Windows behavior and Peter Ferrie
  32. # turbo-import [stealth anti-api-monitors style]
  33. # old CD 03 bug in windows
  34. # how to load two or more files into single IDA Pro database
  35. # eternal life, ammo, scores in games
  36. # free IDA-Pro training
  37. # Syser causes BSOD
  38. .NET Internals and Code Injection
  39. D3DLookingGlass v0.1
  40. DisasMSIL and CFF Explorer
  41. Retsaot is Toaster, Reversed: Quick 'n Dirty Firmware Reversing
  42. A brief discussion of Windows Vista’s IE Protected Mode (and user/process level secur
  43. My next 2 articles
  44. Rebel.NET
  45. Integer overflow
  46. Control Flow Deobfuscation Part 2
  47. Programming against the x64 exception handling support, part 2: A description of the
  48. Programming against the x64 exception handling support, part 3: Unwind internals (Rtl
  49. Programming against the x64 exception handling support, part 1: Definitions for x64 v
  50. Frame pointer omission (FPO) optimization and consequences when debugging, part 2
  51. Frame pointer omission (FPO) optimization and consequences when debugging, part 1
  52. The kernel object namespace and Win32, part 3
  53. The kernel object namespace and Win32, part 1
  54. The kernel object namespace and Win32, part 2
  55. Programming against the x64 exception handling support, part 4: Unwind internals (Rtl
  56. Programming against the x64 exception handling support, part 5: Collided unwinds
  57. Programming against the x64 exception handling support, part 7: Putting it all togeth
  58. Debugger tricks: API call logging, the quick’n'dirty way (part 3)
  59. Debugger tricks: API call logging, the quick’n'dirty way (part 2)
  60. Debugger tricks: API call logging, the quick’n'dirty way (part 1)
  61. Programming against the x64 exception handling support, part 6: Frame consolidation u
  62. Few words about Kraken
  63. SDbgExt extensions - part 2.
  64. Using SDbgExt to aid your debugging and reverse engineering efforts (part 1).
  65. x64 Debugging Review
  66. Introduction to x64 debugging, part 5
  67. Introduction to x64 debugging, part 4
  68. Introduction to x64 debugging, part 3
  69. Introduction to x64 debugging, part 2
  70. Introduction to x64 debugging, part 1
  71. Useful WinDbg commands: .formats
  72. Beware of stack usage with the new network stack in Windows Vista
  73. Removing kernel patching on the fly with the kernel debugger
  74. Debugger flow control: More on breakpoints (part 2)
  75. SDbgExt 1.09 released (support for displaying x64 EH data)
  76. Useful debugger commands: .writemem and .readmem
  77. Debugger commands review
  78. Overview of WinDbg remote debugging
  79. Win32 calling conventions: __thiscall in assembler
  80. Reverse debugging -server and -remote
  81. Remote debugging with process servers (dbgsrv)
  82. Activating process servers and connecting to them
  83. Win32 calling conventions: __stdcall in assembler
  84. Win32 calling conventions: Concepts
  85. Remote debugging with kdsrv.exe
  86. Remote debugging review
  87. Win32 calling conventions: __fastcall in assembler
  88. Ollydbg v1.10 and 6E/6F/A6 opcodes, a little oversight
  89. Securing -server and -remote remote debugging sessions
  90. Remote debugging with -server and -remote
  91. Remote debugging with KD and NTSD
  92. Remote debugging with remote.exe
  93. Win32 calling conventions: Usage cases
  94. Win32 calling conventions: __cdecl in assembler
  95. Tracing Over System Calls In OllyDbg
  96. DynLogger
  97. Some functions are neater than the decompiler thinks
  98. Self-modifying TLS callbacks
  99. Symbian debugger
  100. Trojan-PSW.Win32.OnLineGames.eos Reversing
  101. Compiler 1, X86 Virtualizer 0
  102. IDA disasms reserved opcodes, is it a bug?
  103. Weird export forwarding thanks to Vista x64 SP1
  104. Symbian AppTRK
  105. Inside Session 0 Isolation and the UI Detection Service - Part 2
  106. Process Memory Dumper for Credentials Disclosure Vulns
  107. Cross Your T's and Dot Your Filenames
  108. Hello Symbian!
  109. (Part 2 of .NET native exe insights)Serial fishing and patching .NET exes with Ollydb
  110. Rebuilding native .NET exes into managed .NET exes by Exploiting lefotver IL...
  111. Some Quick Insights Into Native .NET exe's (part 1 of?)
  112. Reverse Engineering Position- TS/SCI Required
  113. Symbol Type Viewer 32Bit/64Bit v1.0.0.3
  114. Non-continuable exception trick
  115. Inside Session 0 Isolation and the UI Detection Service - Part 1
  116. Something different part 2
  117. New Hex-Rays Demo
  118. Different versions of Windows kernel structures
  119. gee mail patented algorithm
  120. Pythonic way
  121. hm
  122. Re: RtlRemoteCall
  123. Alignment check
  124. Working? with protected processes in NT 6
  125. Running Win32 program ASAP after Nt boot
  126. Microsoft's Rich Signature (undocumented)
  127. Tricky jump tables
  128. Reverse Engineering the flash virtual machine
  129. Collaborative RCE Tool Library (CRCETL) site update
  130. Two Extensions added into Collaborative RCE
  131. Why does every heap trace in UMDH get stuck at "malloc"?
  132. SoftICE Installation.
  133. Easy structure types
  134. Eeye BinDiffing Trick
  135. Industrial-Grade Binary-Only Profiling and Coverage
  136. Refreshing the Taskbar Notification Area
  137. Idc script and stack frame variables length
  138. Shellcode Analysis
  139. SpyShredder Malware Spammed on OpenRCE
  140. Array Indexing Quirk
  141. MRXDAV.SYS and Hex-Rays Decompiler
  142. Shellcoding on Windows: Part II - Stack Overflow Problems
  143. Updated ExtraPass plug-in 2.1, and APIScan
  144. dr7.gd on mp systems running sice
  145. PE Validator Script
  146. Thread Optimization Checks : Code Prominence
  147. Run-time determination of VC++ virtual member function addresses: Take II
  148. Immunity Debugger v1.4
  149. Debugger and process memory
  150. KeGetCurrentIrql can't return HIGH_LEVEL
  151. aMSN Input Validation Error
  152. Direct3D 9 Hook v1.1
  153. Jump tables
  154. Something different
  155. Shellcoding on Windows: Part I
  156. ActiveX - Active Exploitation
  157. An Objective Analysis of the Lockdown Protection System for Battle.net
  158. Context-keyed Payload Encoding
  159. Improving Software Security Analysis using Exploitation Properties
  160. FPU Tracer v0.0.1 released
  161. .NET unpackme
  162. softice nmi hook
  163. ScTagQuery: Mapping Service Hosting Threads With Their Owner Service
  164. Old new Virtual Machine detection method.
  165. Virtual Machine detection method cd.
  166. Compiler Optimizations Regarding Structures
  167. HP printer and cpu at 100%
  168. Again on Visual Basic
  169. Binary Search in Large-Scale Structure Recovery
  170. GUID-Finder IDA Plug-in
  171. Explorer Suite III (CFF Explorer VII)
  172. Reversity Speech and Logs Available
  173. Control Flow Deobfuscation Part 1
  174. Dvd movie and easter egg
  175. Thread Local Storage, part 6: Design problems with the Windows Server 2003 (and earli
  176. Thread Local Storage, part 5: Loader support for __declspec(thread) variables (proces
  177. Thread Local Storage, part 4: Accessing __declspec(thread) data
  178. Thread Local Storage, part 3: Compiler and linker support for implicit TLS
  179. Thread Local Storage, part 2: Explicit TLS
  180. A catalog of NTDLL kernel mode to user mode callbacks, part 4: KiRaiseUserExceptionDi
  181. Thread Local Storage, part 1: Overview
  182. Thread Local Storage, part 7: Windows Vista support for __declspec(thread) in demand
  183. Thread Local Storage, part 8: Wrap-up
  184. How does one retrieve the 32-bit context of a Wow64 program from a 64-bit process on
  185. Viridian guest hypercall interface published
  186. Why are certain DLLs required to be at the same base address system-wide?
  187. A catalog of NTDLL kernel mode to user mode callbacks, part 1: Overview
  188. A catalog of NTDLL kernel mode to user mode callbacks, part 2: KiUserExceptionDispatc
  189. A catalog of NTDLL kernel mode to user mode callbacks, part 3: KiUserApcDispatcher
  190. A catalog of NTDLL kernel mode to user mode callbacks, part 5: KiUserCallbackDispatch
  191. The optimizer has different traits between the x86 and x64 compilers
  192. Compiler tricks in x86 assembly: Ternary operator optimization
  193. A catalog of NTDLL kernel mode to user mode callbacks, part 6: LdrInitializeThunk
  194. Reversing the V740, part 4: Implementing a solution
  195. Common WinDbg problems and solutions
  196. Fast kernel debugging for VMware, part 1: Overview
  197. Fast kernel debugging for VMware, part 2: KD Transport Module Interface
  198. Fast kernel debugging for VMware, part 3: Guest to Host Communication Overview
  199. Fast kernel debugging for VMware, part 5: Bridging the Gap to DbgEng.dll
  200. Fast kernel debugging for VMware, part 6: Roadmap to Future Improvements
  201. VMKD 1.1.1.7 released
  202. I tend to prefer debugging with release builds instead of debug builds.
  203. The default invalid parameter behavior for the VC8 CRT doesnâ??t break into the debug
  204. Why doesn't the publicly available kernrate work on Windows x64? (and how to fix it
  205. Reversing the V740, part 1: Rationale
  206. Reversing the V740, part 2: Digging deeper: The connection manager software
  207. Reversing the V740, part 3: The V740 abstraction layer module
  208. Fast kernel debugging for VMware, part 4: Communicating with the VMware VMM
  209. More packer analysis
  210. Packer analysis
  211. Debugging a custom unhandled exception filter
  212. Collaborative RCE Tool Library contents so far
  213. ImageRemCert - Removes certificate from PE image.
  214. CommWarrior.B Thorough IDB (ARM/C++)
  215. MemInfo: Peer Inside Memory Manager Behavior on Windows Vista and Server 2008
  216. dr7.gd - dr6 saving
  217. Better user interface for decompiler
  218. The Windows Vista Issue
  219. Weird Code: CCs On The Stack
  220. Windbg “dt” output converter
  221. MmGetSystemRoutineAddress : forwards on vista
  222. Traversing Offset Semantics : Walking Along the Curb
  223. The Collaborative RCE Tool Library
  224. syscall fuzzer
  225. The secret project finally revealed...
  226. Site Relaunch
  227. A framework to take the tedium out of code-injection in C++
  228. Beware of int 2c instruction
  229. IDC scripting a Win32.Virut variant - Part 1
  230. IDC scripting a Win32.Virut variant - Part 2
  231. Nanomites by Deroko
  232. Hang problem due to Hooking Curb in Codes.
  233. Vaughn Of The Dead Pt III: Some small-fry
  234. Armadillo, Nanomites and vectored exception-handling
  235. Behind Windows x64's 44-bit Virtual Memory Addressing Limit
  236. Purple Pill: What Happened
  237. Secrets of the Application Compatilibity Database (SDB) - Part 4
  238. New Object Manager Filtering APIs
  239. Vista DRM Issue Aftermath
  240. Rebooting from Kernel Mode
  241. Recent Events
  242. Update on Driver Signing Bypass
  243. Windows Vista 64-bit Driver Signing/PatchGuard Workaround
  244. Why Protected Processes Are A Bad Idea
  245. How I cracked the iTunes 7 DRM, Pt V
  246. Run-time determination of VC++ 2005 virtual member function addresses
  247. RCE essentials: PEiD
  248. Case study: Fraps
  249. How I cracked the iTunes 7 DRM, Pt III
  250. DLL injection via CreateRemoteThread