A forum for reverse engineering, OS internals and malware analysis 

Kernel-Mode Development

Forum for discussion about kernel-mode development.
Forum Statistics Last post
WDF vs WDM for rootkit/AV development
by lorddoskias  - Tue Nov 15, 2011 11:53 am
1 Replies 
 3940 Views 		 by EP_X0FF
 Thu Nov 17, 2011 11:30 am
load pe in kernelland
by madaboo  - Wed Nov 09, 2011 8:34 pm
6 Replies 
 5679 Views 		 by rkhunter
 Wed Nov 09, 2011 10:16 pm
how to get kernel base virtual address?
by madaboo  - Tue Nov 08, 2011 9:52 pm
4 Replies 
 6341 Views 		 by _Lynn
 Thu Nov 10, 2011 10:12 pm
read symbol - how to get its real address
by madaboo  - Tue Nov 08, 2011 2:53 pm
1 Replies 
 2403 Views 		 by rkhunter
 Tue Nov 08, 2011 3:09 pm
How to locate original SSDT
by madaboo  - Mon Nov 07, 2011 2:22 pm
1 Replies 
 2470 Views 		 by rkhunter
 Mon Nov 07, 2011 5:08 pm
Error in ddk project building
by irp  - Wed Oct 26, 2011 10:26 am
0 Replies 
 2474 Views 		 by irp
 Wed Oct 26, 2011 10:26 am
anti-VM informations
by Tigzy  - Fri Oct 14, 2011 12:06 pm
18 Replies 
 18047 Views 		 by EP_X0FF
 Fri Oct 21, 2011 2:52 pm
IoGetDeviceProperty returns STATUS_INVALID_DEVICE_REQUEST
by Tigzy  - Fri Sep 23, 2011 4:45 pm
30 Replies 
 22956 Views 		 by Tigzy
 Fri Oct 14, 2011 3:09 pm
VadRotatePhysical type of VAD
by Vrtule  - Sat Oct 01, 2011 12:26 am
6 Replies 
 5307 Views 		 by Vrtule
 Thu Oct 13, 2011 11:22 am
NT Design Workbook
by EreTIk  - Wed Sep 28, 2011 2:09 pm
6 Replies 
 5077 Views 		 by rkhunter
 Wed Oct 12, 2011 1:11 pm
Necurs.A (NtSecureSys) counteraction
by Tigzy  - Fri Sep 30, 2011 12:38 pm
9 Replies 
 10157 Views 		 by Tigzy
 Mon Oct 03, 2011 11:49 am
Notify callback tables
by Tigzy  - Fri Sep 30, 2011 10:58 pm
13 Replies 
 9600 Views 		 by Tigzy
 Mon Oct 03, 2011 7:52 am
Locating SSDT
by _Lynn  - Mon Sep 19, 2011 3:38 pm
12 Replies 
 14047 Views 		 by _Lynn
 Wed Sep 28, 2011 2:52 pm
NtOpenThread - Get parent PID
by Tigzy  - Fri Sep 23, 2011 9:32 am
2 Replies 
 5197 Views 		 by Tigzy
 Fri Sep 23, 2011 9:45 am
NtOpenProcess returns STATUS_ACCESS_VIOLATION
by Tigzy  - Tue Sep 20, 2011 11:20 am
16 Replies 
 13864 Views 		 by Tigzy
 Thu Sep 22, 2011 7:15 am
scanning ntokskrnl to find unexported funcs pointers
by Tigzy  - Mon Sep 19, 2011 11:13 am
6 Replies 
 5782 Views 		 by Tigzy
 Tue Sep 20, 2011 7:44 am
Windows Early-Launch Anti-Malware
by a_d_13  - Sat Sep 17, 2011 3:10 am
0 Replies 
 2544 Views 		 by a_d_13
 Sat Sep 17, 2011 3:10 am
Protection for Crash Loop
by Flopik  - Wed Sep 14, 2011 5:31 pm
2 Replies 
 3277 Views 		 by Flopik
 Thu Sep 15, 2011 12:49 pm
Hooking? in 64 bit
by Naz  - Thu Sep 08, 2011 12:41 pm
1 Replies 
 3133 Views 		 by Vrtule
 Fri Sep 09, 2011 9:22 am
ZwDelete File (Boot)
by StriderH2  - Mon Aug 29, 2011 1:50 pm
4 Replies 
 4109 Views 		 by StriderH2
 Fri Sep 02, 2011 4:41 am
inf file for filter driver
by madaboo  - Sat Aug 27, 2011 9:02 pm
0 Replies 
 2417 Views 		 by madaboo
 Sat Aug 27, 2011 9:02 pm
detect service name in svchost in kernel
by R00tKit  - Sat Aug 27, 2011 9:35 am
5 Replies 
 4825 Views 		 by R00tKit
 Sat Aug 27, 2011 12:42 pm
attaching to device just after load.
by madaboo  - Sun Aug 21, 2011 8:39 am
7 Replies 
 6264 Views 		 by Brock
 Thu Aug 25, 2011 8:36 am
SSDT Shadow Hook
by Tigzy  - Wed Aug 17, 2011 9:54 am
47 Replies 
 56598 Views 		 by Tigzy
 Tue Aug 30, 2011 8:10 am
Sending data from kernel-mode to user-mode
by Alex  - Sun May 29, 2011 11:28 am
22 Replies 
 22425 Views 		 by Tigzy
 Wed Aug 17, 2011 9:47 am
  • 1
  • 10
  • 11
  • 12
  • 13
  • 14
 Return to Board Index