Reverse Engineering Articles

Top 25 Most Dangerous Software Errors 2011 />http://cwe.mitre.org/top25//>http://cwe.mitre.org/top25/archive/2011/2011_cwe_sans_top25.pdf Ted.

Password cracking, mining, and GPUs />http://erratasec.blogspot.com/2011/06/password-cracking-mining-and-gpus.html Ted.

Locu's Stuff (RE blog) />http://xlocux.wordpress.com/

FBI Needs Help Solving Encrypted Murder Mystery />http://www.fbi.gov/news/stories/2011/march/cryptanalysis_032911 Ted.

ElcomSoft Enables Forensic Access to Encrypted iPhones />http://www.elcomsoft.com/PR/eppb_110524_en.pdf Ted.

Hardware Security Module: Wikis />http://www.thefullwiki.org/Hardware_Security_Module

Fixing bugs from various softwares Link: />http://nezumi-lab.org/blog/?cat=5&paged=2

assembly loading actual role of MajorRuntimeVersion and MinorRuntimeVersion />http://www.tech-archive.net/Archive/DotNet/microsoft.public.dotnet.framework.clr/2008-02/msg00015.html

A PE trick, the Thread Local Storage />http://blog.dkbza.org/2007/03/pe-trick-thread-local-storage.html

Updated: May 19, 2006 File name: DLL_bestprac.doc 152 KB Microsoft Word file A dynamic link library (DLL) consists of shared code and data that an application can load at run time, rather than statically link at compile time. Advantages of using DLLs include reduced code footprint, lower memory utilization due to single-copy-sharing, flexible development and testing, modularity and functional isolation, and so on. This paper provides guidelines for developing robust, portable, and extensible DLLs for the Windows family of operating systems. Included in this paper: * The Library Loader, DLLMain, and the Loader Lock * Interactions Between the Loader, the…

8086 Opcode Map />http://www.mlsite.net/8086/ />http://board.flatassembler.net/topic.php?t=7803 />http://blog.llvm.org/2010/01/x86-disassembler.html />http://stackoverflow.com/questions/924303/how-to-write-a-disassembler />http://www.devmaster.net/forums/showthread.php?t=2311 />http://www.devmaster.net/codespotlight/show.php?id=25 Great one: />http://www.c-jump.com/CIS77/CPU/x86/lecture.html#X77_0040_opcode_sizes

Jeffrey Richter - CLR via C# 3rd Edition />http://avaxhome.ws/ebooks/0735627045.html

Playing With The .NET JIT Part 1 />https://scapecode.com/2009/06/playing-with-the-net-jit-part-1/

How PC Programs Work: Understanding x86 (Intel)Machine Code />http://mirror.href.com/thestarman/asm/index.html

http://www.google.ro/url?sa=t&source=web&cd=1&ved=0CBoQFjAA&url=http%3A%2F%2Fcorkami.googlecode.com%2Ffiles%2Fpe.pdf&rct=j&q=corkami.googlecode.com%2Ffiles%2Fpe.pdf&ei=DrRzTa-LB82QswafroWEDg&usg=AFQjCNHosmB9YYDobmxJXi9yM0uCX55jfw&cad=rja

Partition of ICorDebug The ICorDebug API (the API for debugging managed apps) is about 70 total interfaces. Here is how I'd group the interfaces together, along with my random comments about how various interfaces fit into the big picture. A quick comment about interface versioning: 1. ICorDebug is a COM-classic unmanaged interface. Most of the interfaces are derived from IUnknown because we wanted to avoid the diamond-inheritance problem when we needed to add version 2 interfaces. I've left the "Derives From" column blank if an interface derives from IUnknown. 2. Version 2 interfaces have the previous interface's name appended with a version number. (eg, "IFoo2") …

Any application-defined hook procedure on my machine />http://zairon.wordpress.com/2006/12/06/any-application-defined-hook-procedure-on-my-machine/ />http://msdn.microsoft.com/en-us/magazine/cc188966.aspx NtUserSetWindowsHookEx />http://doxygen.reactos.org/d7/dc3/subsystems_2win32_2win32k_2ntuser_2hook_8c_a7a2024e5452fd898ceddbe31d4699f14.html

Correlating between .NET and native thread in Windbg />http://naveensrinivasan.com/

Injecting Code Into Privileged Win32 Processes />http://mnin.blogspot.com/2007/05/injecting-code-into-privileged-win32.html />http://translate.google.com/translate?js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&sl=auto&tl=en&u=http%3A%2F%2Fwww.reversecore.com%2F74

Increasing the Size of your Stack (.NET Memory Management) />http://www.atalasoft.com/cs/blogs/rickm/archive/2008/04/22/increasing-the-size-of-your-stack-net-memory-management-part-3.aspx

Java and .NET heap overhead />http://stackoverflow.com/questions/520922/java-and-net-heap-overhead />http://en.allexperts.com/q/Java-1046/reduce-garbage-collection-overhead.htm />http://abepralle.wordpress.com/2008/06/05/determining-heap-allocation-overhead/ />http://www.webperformance.com/load_testing/blog/2010/05/load-engine-tuning-jvm-memory-optimization/

Pushing the Limits of Windows: Virtual Memory />http://blogs.technet.com/b/markrussinovich/archive/2008/11/17/3155406.aspx

System calls IMM32.ImmGetDefaultIMEWnd and I think that each process has a IME />http://www.piclist.com/techref/os/win/api/win32/func/src/f47_14.htm />http://www.eggheadcafe.com/searchform.aspx?search=ImmGetDefaultIMEWnd

Secrets of the Application Compatilibity Database (SDB) />http://forum.sysinternals.com/topic18127_post91540.html SO calls shim.dll whil loading process: ntdll!LdrpInitializeProcess+0x1064: 7c9216b1 e829330000 call ntdll!LdrpLoadShimEngine (7c9249df) ntdll!_LdrpInitialize+0x17e: 7c921634 e883040000 call ntdll!LdrpInitializeProcess (7c921abc)

Analyzing local privilege escalations in win32k />http://uninformed.org/?v=10&a=2 />http://www.woodmann.com/forum/archive/index.php/t-13827.html />http://www.woodmann.com/forum/archive/index.php/t-10295.html />http://j00ru.vexillium.org/?p=614 Windows 2000 WIN32K.SYS System Service Calls />http://www.fengyuan.com/article/win32ksyscall.html