A forum for reverse engineering, OS internals and malware analysis 

Forum for discussion about user-mode development.
Forum Statistics Last post
Assembler Disassembler Engines
by Dreg  - Mon Mar 15, 2010 9:17 am
16 Replies 
 77520 Views
 by tangptr
 Mon Mar 20, 2017 11:53 am
Net Framework 4.8 versions
by EP_X0FF  - Wed Oct 23, 2019 5:13 am
1 Replies 
 2230 Views
 by EP_X0FF
 Mon Nov 18, 2019 1:43 pm
Callback function
by DarkC0de  - Mon Oct 28, 2019 12:31 pm
0 Replies 
 1931 Views
 by DarkC0de
 Mon Oct 28, 2019 12:31 pm
0 Replies 
 2088 Views
 by Iradicator
 Sun Aug 11, 2019 9:08 pm
Check if process is UWP application.
by Iradicator  - Thu May 02, 2019 7:29 am
2 Replies 
 2114 Views
 by Brock
 Thu Jun 13, 2019 8:19 pm
3 Replies 
 1674 Views
 by R136a1
 Sat Apr 27, 2019 9:07 pm
2 Replies 
 1611 Views
 by Brock
 Tue Apr 16, 2019 12:42 pm
0 Replies 
 1625 Views
 by j4ck
 Wed Mar 06, 2019 4:17 am
2 Replies 
 2538 Views
 by pointer
 Fri Feb 08, 2019 1:26 pm
How to emulate LOW IL ?
by zer0cat  - Tue Jan 22, 2019 7:25 pm
6 Replies 
 3472 Views
 by Vrtule
 Fri Jan 25, 2019 10:13 pm
[C] HTTP-Downloader
by KarNak  - Sat Jan 12, 2019 11:32 am
6 Replies 
 4094 Views
 by VinayParde
 Tue Aug 06, 2019 10:26 am
[C] UserMode = AdminMode Linux
by KarNak  - Sat Jan 12, 2019 11:39 am
1 Replies 
 1845 Views
 by nimaarek
 Sat Jan 12, 2019 3:22 pm
Hook and replace Win32 application functions
by KarNak  - Sat Jan 12, 2019 11:29 am
0 Replies 
 1587 Views
 by KarNak
 Sat Jan 12, 2019 11:29 am
Avoid undocumented API calls (RtlImageNtHeader)?
by j4ck  - Wed Dec 19, 2018 3:17 am
2 Replies 
 2787 Views
 by j4ck
 Wed Dec 19, 2018 4:12 am
0 Replies 
 2328 Views
 by pointer
 Wed Nov 28, 2018 12:29 pm
1 Replies 
 3023 Views
 by mrfearless
 Mon Sep 17, 2018 3:08 am
Process Doppelganging
by EP_X0FF  - Wed Dec 13, 2017 2:31 pm
7 Replies 
 19056 Views
 by EP_X0FF
 Thu Jul 05, 2018 6:05 am
ETW discussion
by Orkblutt  - Thu May 18, 2017 10:26 am
0 Replies 
 12916 Views
 by Orkblutt
 Thu May 18, 2017 10:26 am
How I FUDed a meterpreter payload!!
by kd77  - Sun Feb 26, 2017 2:23 pm
1 Replies 
 9960 Views
 by EP_X0FF
 Sun Feb 26, 2017 4:54 pm
WMI persistence in C++
by geoffreyvdb  - Fri Aug 19, 2016 2:12 pm
0 Replies 
 18907 Views
 by geoffreyvdb
 Fri Aug 19, 2016 2:12 pm
19 Replies 
 50774 Views
 by EP_X0FF
 Thu Jul 21, 2016 5:34 am
EnumDisplayMonitors
by EP_X0FF  - Sat Jul 02, 2016 6:27 am
2 Replies 
 10737 Views
 by EP_X0FF
 Sat Jul 02, 2016 9:06 am
EntryPoint in LDR_DATA_TABLE_ENTRY
by evelyette  - Tue Dec 29, 2015 10:40 am
1 Replies 
 10197 Views
 by EP_X0FF
 Wed Dec 30, 2015 4:06 am
Hooking usage of DLL function
by evelyette  - Wed Nov 18, 2015 7:09 pm
17 Replies 
 36078 Views
 by evelyette
 Fri Dec 18, 2015 10:24 am
Proxy DLL with Exported Structure
by evelyette  - Mon Dec 14, 2015 8:20 pm
11 Replies 
 25010 Views
 by Brock
 Wed Dec 16, 2015 10:47 pm