A forum for reverse engineering, OS internals and malware analysis 

Kernel-Mode Development

Forum for discussion about kernel-mode development.
Forum Statistics Last post
Windows 8 -- SSDT Object
by Tigzy  - Mon Mar 05, 2012 7:12 am
5 Replies 
 4755 Views 		 by lorddoskias
 Mon Mar 05, 2012 1:50 pm
alternatives to x64 hooking
by madaboo  - Wed Dec 21, 2011 3:28 pm
14 Replies 
 10582 Views 		 by StriderH2
 Wed Feb 22, 2012 11:37 pm
how procexp kill handle of other process?
by R00tKit  - Mon Feb 20, 2012 11:04 am
3 Replies 
 3414 Views 		 by R00tKit
 Tue Feb 21, 2012 7:54 am
POC: disable Load Image Notify routine
by R00tKit  - Sun Feb 12, 2012 12:07 pm
4 Replies 
 4355 Views 		 by prometheus
 Sun Feb 19, 2012 12:21 pm
Page Fault Logger [Incomplete]
by noppy  - Wed Feb 15, 2012 1:39 pm
0 Replies 
 2323 Views 		 by noppy
 Wed Feb 15, 2012 1:39 pm
Low Level Disk I/O
by Vrtule  - Sun Mar 14, 2010 9:53 pm
63 Replies 
 39071 Views 		 by Tigzy
 Sun Feb 12, 2012 11:16 pm
Rootkit Development Framework ... what do you think?
by AmrThabet  - Sun Feb 05, 2012 8:15 pm
15 Replies 
 10775 Views 		 by AmrThabet
 Sat Feb 11, 2012 5:18 pm
Reading driver's output.
by 0x80  - Fri Feb 10, 2012 8:53 am
3 Replies 
 3434 Views 		 by EP_X0FF
 Fri Feb 10, 2012 10:02 am
VMLaunch hang without debug breakpoint
by Kamala  - Wed Jan 25, 2012 1:51 pm
9 Replies 
 6648 Views 		 by Kamala
 Thu Feb 02, 2012 5:36 pm
To track files contexts at FSD filter
by rkhunter  - Mon Jan 23, 2012 3:54 pm
4 Replies 
 4408 Views 		 by holly
 Thu Feb 02, 2012 7:16 am
\Registry\A\..
by r2nwcnydc  - Tue Jan 24, 2012 9:01 pm
2 Replies 
 3058 Views 		 by Vrtule
 Wed Jan 25, 2012 9:37 am
SSDT hook and thread context
by madaboo  - Thu Dec 29, 2011 10:43 pm
6 Replies 
 6047 Views 		 by Kiuhnm
 Sat Jan 07, 2012 7:50 pm
lidt, idt hooking
by Kiuhnm  - Fri Jan 06, 2012 12:44 pm
2 Replies 
 3197 Views 		 by Kiuhnm
 Fri Jan 06, 2012 8:55 pm
InterlockedCompareExchange()
by Kiuhnm  - Tue Jan 03, 2012 6:19 pm
9 Replies 
 7918 Views 		 by Kiuhnm
 Thu Jan 05, 2012 12:11 pm
__sidt
by madaboo  - Wed Dec 14, 2011 1:21 pm
12 Replies 
 13971 Views 		 by rkhunter
 Sat Dec 17, 2011 7:27 pm
obtain sysenter msr 176 address
by madaboo  - Tue Dec 13, 2011 3:11 pm
3 Replies 
 3558 Views 		 by rkhunter
 Tue Dec 13, 2011 4:28 pm
WindowStation forced redirection for process
by rkhunter  - Wed Dec 07, 2011 6:45 am
4 Replies 
 4187 Views 		 by Vrtule
 Thu Dec 08, 2011 3:05 pm
reading kernel memory - the safe way?
by whitepanda  - Mon Nov 28, 2011 12:34 pm
8 Replies 
 6741 Views 		 by Vrtule
 Tue Dec 06, 2011 9:57 pm
does windows map kernel to 0x00000000 in physics addr ?
by xpoy  - Mon Dec 05, 2011 8:51 pm
4 Replies 
 4320 Views 		 by xpoy
 Tue Dec 06, 2011 1:39 pm
listing all threads in the system
by madaboo  - Sat Dec 03, 2011 3:13 pm
13 Replies 
 9948 Views 		 by madaboo
 Mon Dec 05, 2011 8:55 pm
suspending non driver thread
by madaboo  - Thu Dec 01, 2011 1:34 pm
2 Replies 
 3201 Views 		 by Dmitry Varshavsky
 Thu Dec 01, 2011 7:41 pm
read disasambly from ntoskrnl.exe
by madaboo  - Mon Nov 21, 2011 9:46 pm
6 Replies 
 6111 Views 		 by holly
 Mon Nov 28, 2011 6:36 am
bypassing security.
by madaboo  - Sat Nov 19, 2011 7:55 pm
3 Replies 
 3650 Views 		 by madaboo
 Wed Nov 23, 2011 10:02 pm
Updated windows Syscall Table
by Tigzy  - Fri Nov 18, 2011 12:44 pm
1 Replies 
 3331 Views 		 by Tigzy
 Wed Nov 23, 2011 2:30 pm
Hooking _OBJECT_TYPE_INITIALIZER
by lorddoskias  - Sun Nov 20, 2011 11:38 pm
5 Replies 
 4985 Views 		 by lorddoskias
 Mon Nov 21, 2011 9:33 am
  • 1
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
 Return to Board Index