Reverse Engineering Articles
Share an interesting blog, news page or other RE related site...
350 topics in this forum
-
Password cracking, mining, and GPUs...
by Teddy Rogers- 4 replies
- 4.6k views
Password cracking, mining, and GPUs />http://erratasec.blogspot.com/2011/06/password-cracking-mining-and-gpus.html Ted.
-
Locu's Stuff
by CodeExplorer- 1 reply
- 9.4k views
Locu's Stuff (RE blog) />http://xlocux.wordpress.com/
-
FBI Needs Help Solving Encrypted Murder Mystery...
by Teddy Rogers- 1 follower
- 0 replies
- 3.9k views
FBI Needs Help Solving Encrypted Murder Mystery />http://www.fbi.gov/news/stories/2011/march/cryptanalysis_032911 Ted.
-
ElcomSoft Enables Forensic Access to Encrypted iPhones...
by Teddy Rogers- 0 replies
- 4k views
ElcomSoft Enables Forensic Access to Encrypted iPhones />http://www.elcomsoft.com/PR/eppb_110524_en.pdf Ted.
-
Hardware Security Module: Wikis
by CodeExplorer- 0 replies
- 4.4k views
Hardware Security Module: Wikis />http://www.thefullwiki.org/Hardware_Security_Module
-
Fixing bugs from various softwares
by CodeExplorer- 2 replies
- 4k views
Fixing bugs from various softwares Link: />http://nezumi-lab.org/blog/?cat=5&paged=2
-
assembly loading
by CodeExplorer- 1 reply
- 4k views
assembly loading actual role of MajorRuntimeVersion and MinorRuntimeVersion />http://www.tech-archive.net/Archive/DotNet/microsoft.public.dotnet.framework.clr/2008-02/msg00015.html
-
A PE trick, the Thread Local Storage
by CodeExplorer- 1 reply
- 7.4k views
A PE trick, the Thread Local Storage />http://blog.dkbza.org/2007/03/pe-trick-thread-local-storage.html
-
Best Practices for Creating DLLs
by HellRaider- 0 replies
- 5.2k views
Updated: May 19, 2006 File name: DLL_bestprac.doc 152 KB Microsoft Word file A dynamic link library (DLL) consists of shared code and data that an application can load at run time, rather than statically link at compile time. Advantages of using DLLs include reduced code footprint, lower memory utilization due to single-copy-sharing, flexible development and testing, modularity and functional isolation, and so on. This paper provides guidelines for developing robust, portable, and extensible DLLs for the Windows family of operating systems. Included in this paper: * The Library Loader, DLLMain, and the Loader Lock * Interactions Between the Loader, the…
-
8086 Opcode Map
by CodeExplorer- 4 replies
- 42.8k views
8086 Opcode Map />http://www.mlsite.net/8086/ />http://board.flatassembler.net/topic.php?t=7803 />http://blog.llvm.org/2010/01/x86-disassembler.html />http://stackoverflow.com/questions/924303/how-to-write-a-disassembler />http://www.devmaster.net/forums/showthread.php?t=2311 />http://www.devmaster.net/codespotlight/show.php?id=25 Great one: />http://www.c-jump.com/CIS77/CPU/x86/lecture.html#X77_0040_opcode_sizes
-
Jeffrey Richter - CLR via C# 3rd Edition
by CodeExplorer- 0 replies
- 3.7k views
Jeffrey Richter - CLR via C# 3rd Edition />http://avaxhome.ws/ebooks/0735627045.html
-
Playing With The .NET JIT Part 1
by CodeExplorer- 0 replies
- 3.5k views
Playing With The .NET JIT Part 1 />https://scapecode.com/2009/06/playing-with-the-net-jit-part-1/
-
How PC Programs Work: Understanding x86 (Intel) Machine Code
by CodeExplorer- 0 replies
- 4.3k views
How PC Programs Work: Understanding x86 (Intel)Machine Code />http://mirror.href.com/thestarman/asm/index.html
-
the PE format
by CodeExplorer- 0 replies
- 4.8k views
http://www.google.ro/url?sa=t&source=web&cd=1&ved=0CBoQFjAA&url=http%3A%2F%2Fcorkami.googlecode.com%2Ffiles%2Fpe.pdf&rct=j&q=corkami.googlecode.com%2Ffiles%2Fpe.pdf&ei=DrRzTa-LB82QswafroWEDg&usg=AFQjCNHosmB9YYDobmxJXi9yM0uCX55jfw&cad=rja
-
[.NET] Partition of ICorDebug
by sirp- 0 replies
- 5.1k views
Partition of ICorDebug The ICorDebug API (the API for debugging managed apps) is about 70 total interfaces. Here is how I'd group the interfaces together, along with my random comments about how various interfaces fit into the big picture. A quick comment about interface versioning: 1. ICorDebug is a COM-classic unmanaged interface. Most of the interfaces are derived from IUnknown because we wanted to avoid the diamond-inheritance problem when we needed to add version 2 interfaces. I've left the "Derives From" column blank if an interface derives from IUnknown. 2. Version 2 interfaces have the previous interface's name appended with a version number. (eg, "IFoo2") …
-
Any application-defined hook procedure on my machine
by CodeExplorer- 0 replies
- 3.4k views
Any application-defined hook procedure on my machine />http://zairon.wordpress.com/2006/12/06/any-application-defined-hook-procedure-on-my-machine/ />http://msdn.microsoft.com/en-us/magazine/cc188966.aspx NtUserSetWindowsHookEx />http://doxygen.reactos.org/d7/dc3/subsystems_2win32_2win32k_2ntuser_2hook_8c_a7a2024e5452fd898ceddbe31d4699f14.html
-
Correlating between .NET and native thread in Windbg
by CodeExplorer- 0 replies
- 3.4k views
Correlating between .NET and native thread in Windbg />http://naveensrinivasan.com/
-
Injecting Code Into Privileged Win32 Processes
by CodeExplorer- 0 replies
- 5.1k views
Injecting Code Into Privileged Win32 Processes />http://mnin.blogspot.com/2007/05/injecting-code-into-privileged-win32.html />http://translate.google.com/translate?js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&sl=auto&tl=en&u=http%3A%2F%2Fwww.reversecore.com%2F74
-
Increasing the Size of your Stack (.NET Memory Management)
by CodeExplorer- 0 replies
- 3.4k views
Increasing the Size of your Stack (.NET Memory Management) />http://www.atalasoft.com/cs/blogs/rickm/archive/2008/04/22/increasing-the-size-of-your-stack-net-memory-management-part-3.aspx
-
Java and .NET heap overhead
by CodeExplorer- 0 replies
- 3.2k views
Java and .NET heap overhead />http://stackoverflow.com/questions/520922/java-and-net-heap-overhead />http://en.allexperts.com/q/Java-1046/reduce-garbage-collection-overhead.htm />http://abepralle.wordpress.com/2008/06/05/determining-heap-allocation-overhead/ />http://www.webperformance.com/load_testing/blog/2010/05/load-engine-tuning-jvm-memory-optimization/
-
Pushing the Limits of Windows: Virtual Memory
by CodeExplorer- 0 replies
- 4.6k views
Pushing the Limits of Windows: Virtual Memory />http://blogs.technet.com/b/markrussinovich/archive/2008/11/17/3155406.aspx
-
Input Method Editor (IME) windows in Win32 UI
by CodeExplorer- 0 replies
- 4.6k views
System calls IMM32.ImmGetDefaultIMEWnd and I think that each process has a IME />http://www.piclist.com/techref/os/win/api/win32/func/src/f47_14.htm />http://www.eggheadcafe.com/searchform.aspx?search=ImmGetDefaultIMEWnd
-
Secrets of the Application Compatilibity Database (SDB)
by CodeExplorer- 0 replies
- 3.7k views
Secrets of the Application Compatilibity Database (SDB) />http://forum.sysinternals.com/topic18127_post91540.html SO calls shim.dll whil loading process: ntdll!LdrpInitializeProcess+0x1064: 7c9216b1 e829330000 call ntdll!LdrpLoadShimEngine (7c9249df) ntdll!_LdrpInitialize+0x17e: 7c921634 e883040000 call ntdll!LdrpInitializeProcess (7c921abc)
-
- 0 replies
- 3.3k views
Analyzing local privilege escalations in win32k />http://uninformed.org/?v=10&a=2 />http://www.woodmann.com/forum/archive/index.php/t-13827.html />http://www.woodmann.com/forum/archive/index.php/t-10295.html />http://j00ru.vexillium.org/?p=614 Windows 2000 WIN32K.SYS System Service Calls />http://www.fengyuan.com/article/win32ksyscall.html
-
KiUserCallbackDispatcher
by CodeExplorer- 0 replies
- 7.5k views
A catalog of NTDLL kernel mode to user mode callbacks: />http://www.nynaeve.net/?p=200 Microsoft Windows CreateWindow function callback vulnerability: />http://corelabs.coresecurity.com/index.php?module=Wiki&action=view&type=advisory&name=Microsoft_Windows_CreateWindow_function_callback_vulnerability />http://advdbg.org/forums/3033/ShowPost.aspx />http://hi.baidu.com/adifk/blog/item/6b685495333ba60c7bf480d7.html />http://www.insidewindows.kr/?tag=kiusercallbackdispatcher />http://bbs.pediy.com/showthread.php?t=102940 DllMain: />http://www.koders.com/c/fid6C4D5971CD570CDF5465BE34105B2FA1776085CF.aspx callback table index: />http://www.…