View Full Version : Blogs Forum
- SymbolFinder
- Apple's variant of ptrace()
- Sun VirtualBox Disassembler Explantation
- CartellaUnicaTasse.exe Italian Malware RCE Analysis
- Why is secure development so important?
- pde/pte softice plugin
- Funny coded malware
- antisptd
- IceProbe - SoftIce Command Tracer
- build rule for x64 asm
- nonintrusive tracer on x64
- Recon2008
- My "Unofficial" ReCon Video
- Strong-Name Signing, AdmiralDebilitate v0.1
- IDA Pro Development Environment
- Control Flow Deobfuscation Part 3
- Vmware snapshot and SSDT
- Testing debuggers
- Phoenix Protector 1.3.0.1
- .NET Internals and Native Compiling
- Fujitsu 3D Shock Sensor Application Reversing
- An Introduction To .NET Reversing
- IDA and vmread/vmwrite x64
- Intel VT and cpuid break
- Downloader.Win32.Small or Win32/PolyCrypt Reversing
- #773: bug in IDA-Pro [fails to debug zero-based PE]
- "Function String Associate" IDA Plug-in
- # other solutions: how to load two or more files into the same IDA-Pro database
- # bug in Process Explorer (a gift for malware)
- # thinking in IDA Pro - how to obtain a copy
- # bug in Olly, Windows behavior and Peter Ferrie
- # turbo-import [stealth anti-api-monitors style]
- # old CD 03 bug in windows
- # how to load two or more files into single IDA Pro database
- # eternal life, ammo, scores in games
- # free IDA-Pro training
- # Syser causes BSOD
- .NET Internals and Code Injection
- D3DLookingGlass v0.1
- DisasMSIL and CFF Explorer
- Retsaot is Toaster, Reversed: Quick 'n Dirty Firmware Reversing
- A brief discussion of Windows Vista’s IE Protected Mode (and user/process level secur
- My next 2 articles
- Rebel.NET
- Integer overflow
- Control Flow Deobfuscation Part 2
- Programming against the x64 exception handling support, part 2: A description of the
- Programming against the x64 exception handling support, part 3: Unwind internals (Rtl
- Programming against the x64 exception handling support, part 1: Definitions for x64 v
- Frame pointer omission (FPO) optimization and consequences when debugging, part 2
- Frame pointer omission (FPO) optimization and consequences when debugging, part 1
- The kernel object namespace and Win32, part 3
- The kernel object namespace and Win32, part 1
- The kernel object namespace and Win32, part 2
- Programming against the x64 exception handling support, part 4: Unwind internals (Rtl
- Programming against the x64 exception handling support, part 5: Collided unwinds
- Programming against the x64 exception handling support, part 7: Putting it all togeth
- Debugger tricks: API call logging, the quick’n'dirty way (part 3)
- Debugger tricks: API call logging, the quick’n'dirty way (part 2)
- Debugger tricks: API call logging, the quick’n'dirty way (part 1)
- Programming against the x64 exception handling support, part 6: Frame consolidation u
- Few words about Kraken
- SDbgExt extensions - part 2.
- Using SDbgExt to aid your debugging and reverse engineering efforts (part 1).
- x64 Debugging Review
- Introduction to x64 debugging, part 5
- Introduction to x64 debugging, part 4
- Introduction to x64 debugging, part 3
- Introduction to x64 debugging, part 2
- Introduction to x64 debugging, part 1
- Useful WinDbg commands: .formats
- Beware of stack usage with the new network stack in Windows Vista
- Removing kernel patching on the fly with the kernel debugger
- Debugger flow control: More on breakpoints (part 2)
- SDbgExt 1.09 released (support for displaying x64 EH data)
- Useful debugger commands: .writemem and .readmem
- Debugger commands review
- Overview of WinDbg remote debugging
- Win32 calling conventions: __thiscall in assembler
- Reverse debugging -server and -remote
- Remote debugging with process servers (dbgsrv)
- Activating process servers and connecting to them
- Win32 calling conventions: __stdcall in assembler
- Win32 calling conventions: Concepts
- Remote debugging with kdsrv.exe
- Remote debugging review
- Win32 calling conventions: __fastcall in assembler
- Ollydbg v1.10 and 6E/6F/A6 opcodes, a little oversight
- Securing -server and -remote remote debugging sessions
- Remote debugging with -server and -remote
- Remote debugging with KD and NTSD
- Remote debugging with remote.exe
- Win32 calling conventions: Usage cases
- Win32 calling conventions: __cdecl in assembler
- Tracing Over System Calls In OllyDbg
- DynLogger
- Some functions are neater than the decompiler thinks
- Self-modifying TLS callbacks
- Symbian debugger
- Trojan-PSW.Win32.OnLineGames.eos Reversing
- Compiler 1, X86 Virtualizer 0
- IDA disasms reserved opcodes, is it a bug?
- Weird export forwarding thanks to Vista x64 SP1
- Symbian AppTRK
- Inside Session 0 Isolation and the UI Detection Service - Part 2
- Process Memory Dumper for Credentials Disclosure Vulns
- Cross Your T's and Dot Your Filenames
- Hello Symbian!
- (Part 2 of .NET native exe insights)Serial fishing and patching .NET exes with Ollydb
- Rebuilding native .NET exes into managed .NET exes by Exploiting lefotver IL...
- Some Quick Insights Into Native .NET exe's (part 1 of?)
- Reverse Engineering Position- TS/SCI Required
- Symbol Type Viewer 32Bit/64Bit v1.0.0.3
- Non-continuable exception trick
- Inside Session 0 Isolation and the UI Detection Service - Part 1
- Something different part 2
- New Hex-Rays Demo
- Different versions of Windows kernel structures
- gee mail patented algorithm
- Pythonic way
- hm
- Re: RtlRemoteCall
- Alignment check
- Working? with protected processes in NT 6
- Running Win32 program ASAP after Nt boot
- Microsoft's Rich Signature (undocumented)
- Tricky jump tables
- Reverse Engineering the flash virtual machine
- Collaborative RCE Tool Library (CRCETL) site update
- Two Extensions added into Collaborative RCE
- Why does every heap trace in UMDH get stuck at "malloc"?
- SoftICE Installation.
- Easy structure types
- Eeye BinDiffing Trick
- Industrial-Grade Binary-Only Profiling and Coverage
- Refreshing the Taskbar Notification Area
- Idc script and stack frame variables length
- Shellcode Analysis
- SpyShredder Malware Spammed on OpenRCE
- Array Indexing Quirk
- MRXDAV.SYS and Hex-Rays Decompiler
- Shellcoding on Windows: Part II - Stack Overflow Problems
- Updated ExtraPass plug-in 2.1, and APIScan
- dr7.gd on mp systems running sice
- PE Validator Script
- Thread Optimization Checks : Code Prominence
- Run-time determination of VC++ virtual member function addresses: Take II
- Immunity Debugger v1.4
- Debugger and process memory
- KeGetCurrentIrql can't return HIGH_LEVEL
- aMSN Input Validation Error
- Direct3D 9 Hook v1.1
- Jump tables
- Something different
- Shellcoding on Windows: Part I
- ActiveX - Active Exploitation
- An Objective Analysis of the Lockdown Protection System for Battle.net
- Context-keyed Payload Encoding
- Improving Software Security Analysis using Exploitation Properties
- FPU Tracer v0.0.1 released
- .NET unpackme
- softice nmi hook
- ScTagQuery: Mapping Service Hosting Threads With Their Owner Service
- Old new Virtual Machine detection method.
- Virtual Machine detection method cd.
- Compiler Optimizations Regarding Structures
- HP printer and cpu at 100%
- Again on Visual Basic
- Binary Search in Large-Scale Structure Recovery
- GUID-Finder IDA Plug-in
- Explorer Suite III (CFF Explorer VII)
- Reversity Speech and Logs Available
- Control Flow Deobfuscation Part 1
- Dvd movie and easter egg
- Thread Local Storage, part 6: Design problems with the Windows Server 2003 (and earli
- Thread Local Storage, part 5: Loader support for __declspec(thread) variables (proces
- Thread Local Storage, part 4: Accessing __declspec(thread) data
- Thread Local Storage, part 3: Compiler and linker support for implicit TLS
- Thread Local Storage, part 2: Explicit TLS
- A catalog of NTDLL kernel mode to user mode callbacks, part 4: KiRaiseUserExceptionDi
- Thread Local Storage, part 1: Overview
- Thread Local Storage, part 7: Windows Vista support for __declspec(thread) in demand
- Thread Local Storage, part 8: Wrap-up
- How does one retrieve the 32-bit context of a Wow64 program from a 64-bit process on
- Viridian guest hypercall interface published
- Why are certain DLLs required to be at the same base address system-wide?
- A catalog of NTDLL kernel mode to user mode callbacks, part 1: Overview
- A catalog of NTDLL kernel mode to user mode callbacks, part 2: KiUserExceptionDispatc
- A catalog of NTDLL kernel mode to user mode callbacks, part 3: KiUserApcDispatcher
- A catalog of NTDLL kernel mode to user mode callbacks, part 5: KiUserCallbackDispatch
- The optimizer has different traits between the x86 and x64 compilers
- Compiler tricks in x86 assembly: Ternary operator optimization
- A catalog of NTDLL kernel mode to user mode callbacks, part 6: LdrInitializeThunk
- Reversing the V740, part 4: Implementing a solution
- Common WinDbg problems and solutions
- Fast kernel debugging for VMware, part 1: Overview
- Fast kernel debugging for VMware, part 2: KD Transport Module Interface
- Fast kernel debugging for VMware, part 3: Guest to Host Communication Overview
- Fast kernel debugging for VMware, part 5: Bridging the Gap to DbgEng.dll
- Fast kernel debugging for VMware, part 6: Roadmap to Future Improvements
- VMKD 1.1.1.7 released
- I tend to prefer debugging with release builds instead of debug builds.
- The default invalid parameter behavior for the VC8 CRT doesnâ??t break into the debug
- Why doesn't the publicly available kernrate work on Windows x64? (and how to fix it
- Reversing the V740, part 1: Rationale
- Reversing the V740, part 2: Digging deeper: The connection manager software
- Reversing the V740, part 3: The V740 abstraction layer module
- Fast kernel debugging for VMware, part 4: Communicating with the VMware VMM
- More packer analysis
- Packer analysis
- Debugging a custom unhandled exception filter
- Collaborative RCE Tool Library contents so far
- ImageRemCert - Removes certificate from PE image.
- CommWarrior.B Thorough IDB (ARM/C++)
- MemInfo: Peer Inside Memory Manager Behavior on Windows Vista and Server 2008
- dr7.gd - dr6 saving
- Better user interface for decompiler
- The Windows Vista Issue
- Weird Code: CCs On The Stack
- Windbg “dt” output converter
- MmGetSystemRoutineAddress : forwards on vista
- Traversing Offset Semantics : Walking Along the Curb
- The Collaborative RCE Tool Library
- syscall fuzzer
- The secret project finally revealed...
- Site Relaunch
- A framework to take the tedium out of code-injection in C++
- Beware of int 2c instruction
- IDC scripting a Win32.Virut variant - Part 1
- IDC scripting a Win32.Virut variant - Part 2
- Nanomites by Deroko
- Hang problem due to Hooking Curb in Codes.
- Vaughn Of The Dead Pt III: Some small-fry
- Armadillo, Nanomites and vectored exception-handling
- Behind Windows x64's 44-bit Virtual Memory Addressing Limit
- Purple Pill: What Happened
- Secrets of the Application Compatilibity Database (SDB) - Part 4
- New Object Manager Filtering APIs
- Vista DRM Issue Aftermath
- Rebooting from Kernel Mode
- Recent Events
- Update on Driver Signing Bypass
- Windows Vista 64-bit Driver Signing/PatchGuard Workaround
- Why Protected Processes Are A Bad Idea
- How I cracked the iTunes 7 DRM, Pt V
- Run-time determination of VC++ 2005 virtual member function addresses
- RCE essentials: PEiD
- Case study: Fraps
- How I cracked the iTunes 7 DRM, Pt III
- DLL injection via CreateRemoteThread
vBulletin® v3.7.2, Copyright ©2000-2008, Jelsoft Enterprises Ltd.