Reverse Engineering Articles

350 topics in this forum

1. 

   Top 25 Most Dangerous Software Errors 2011...

   June 30, 2011 by Teddy Rogers

   • 0 replies
   • 6.3k views

   Top 25 Most Dangerous Software Errors 2011 />http://cwe.mitre.org/top25//>http://cwe.mitre.org/top25/archive/2011/2011_cwe_sans_top25.pdf Ted.

   

   Last reply by Teddy Rogers, June 30, 2011
2. 

   Password cracking, mining, and GPUs...

   June 23, 2011 by Teddy Rogers

   • 4 replies
   • 5.2k views

   Password cracking, mining, and GPUs />http://erratasec.blogspot.com/2011/06/password-cracking-mining-and-gpus.html Ted.

   

   Last reply by Teddy Rogers, June 26, 2011

   • 
3. 

   Locu's Stuff

   June 12, 2011 by CodeExplorer

   • 1 reply
   • 9.8k views

   Locu's Stuff (RE blog) />http://xlocux.wordpress.com/

   

   Last reply by CodeExplorer, June 12, 2011
4. 

   FBI Needs Help Solving Encrypted Murder Mystery...

   June 11, 2011 by Teddy Rogers

   • 1 follower
   • 0 replies
   • 4.5k views

   FBI Needs Help Solving Encrypted Murder Mystery />http://www.fbi.gov/news/stories/2011/march/cryptanalysis_032911 Ted.

   

   Last reply by Teddy Rogers, June 11, 2011
5. 

   ElcomSoft Enables Forensic Access to Encrypted iPhones...

   June 10, 2011 by Teddy Rogers

   • 0 replies
   • 4.5k views

   ElcomSoft Enables Forensic Access to Encrypted iPhones />http://www.elcomsoft.com/PR/eppb_110524_en.pdf Ted.

   

   Last reply by Teddy Rogers, June 10, 2011

   • 
6. 

   Hardware Security Module: Wikis

   May 9, 2011 by CodeExplorer

   • 0 replies
   • 4.9k views

   Hardware Security Module: Wikis />http://www.thefullwiki.org/Hardware_Security_Module

   

   Last reply by CodeExplorer, May 9, 2011
7. 

   Fixing bugs from various softwares

   April 24, 2011 by CodeExplorer

   • 2 replies
   • 4.5k views

   Fixing bugs from various softwares Link: />http://nezumi-lab.org/blog/?cat=5&paged=2

   

   Last reply by Malaya2100, April 25, 2011
8. 

   assembly loading

   April 2, 2011 by CodeExplorer

   • 1 reply
   • 4.5k views

   assembly loading actual role of MajorRuntimeVersion and MinorRuntimeVersion />http://www.tech-archive.net/Archive/DotNet/microsoft.public.dotnet.framework.clr/2008-02/msg00015.html

   

   Last reply by Kurapica, April 2, 2011
9. 

   A PE trick, the Thread Local Storage

   March 22, 2011 by CodeExplorer

   • 1 reply
   • 8k views

   A PE trick, the Thread Local Storage />http://blog.dkbza.org/2007/03/pe-trick-thread-local-storage.html

   

   Last reply by Peter Ferrie, March 30, 2011
10. 

    Best Practices for Creating DLLs

    March 29, 2011 by HellRaider

    • 0 replies
    • 5.7k views

    Updated: May 19, 2006 File name: DLL_bestprac.doc 152 KB Microsoft Word file A dynamic link library (DLL) consists of shared code and data that an application can load at run time, rather than statically link at compile time. Advantages of using DLLs include reduced code footprint, lower memory utilization due to single-copy-sharing, flexible development and testing, modularity and functional isolation, and so on. This paper provides guidelines for developing robust, portable, and extensible DLLs for the Windows family of operating systems. Included in this paper: * The Library Loader, DLLMain, and the Loader Lock * Interactions Between the Loader, the…

    

    Last reply by HellRaider, March 29, 2011
11. 

    8086 Opcode Map

    March 7, 2011 by CodeExplorer

    • 4 replies
    • 43.4k views

    8086 Opcode Map />http://www.mlsite.net/8086/ />http://board.flatassembler.net/topic.php?t=7803 />http://blog.llvm.org/2010/01/x86-disassembler.html />http://stackoverflow.com/questions/924303/how-to-write-a-disassembler />http://www.devmaster.net/forums/showthread.php?t=2311 />http://www.devmaster.net/codespotlight/show.php?id=25 Great one: />http://www.c-jump.com/CIS77/CPU/x86/lecture.html#X77_0040_opcode_sizes

    

    Last reply by BoB, March 23, 2011
12. 

    Jeffrey Richter - CLR via C# 3rd Edition

    March 19, 2011 by CodeExplorer

    • 0 replies
    • 4.1k views

    Jeffrey Richter - CLR via C# 3rd Edition />http://avaxhome.ws/ebooks/0735627045.html

    

    Last reply by CodeExplorer, March 19, 2011
13. 

    Playing With The .NET JIT Part 1

    March 7, 2011 by CodeExplorer

    • 0 replies
    • 4.1k views

    Playing With The .NET JIT Part 1 />https://scapecode.com/2009/06/playing-with-the-net-jit-part-1/

    

    Last reply by CodeExplorer, March 7, 2011
14. 

    How PC Programs Work: Understanding x86 (Intel) Machine Code

    March 7, 2011 by CodeExplorer

    • 0 replies
    • 4.7k views

    How PC Programs Work: Understanding x86 (Intel)Machine Code />http://mirror.href.com/thestarman/asm/index.html

    

    Last reply by CodeExplorer, March 7, 2011
15. 

    the PE format

    March 6, 2011 by CodeExplorer

    • 0 replies
    • 5.2k views

    http://www.google.ro/url?sa=t&source=web&cd=1&ved=0CBoQFjAA&url=http%3A%2F%2Fcorkami.googlecode.com%2Ffiles%2Fpe.pdf&rct=j&q=corkami.googlecode.com%2Ffiles%2Fpe.pdf&ei=DrRzTa-LB82QswafroWEDg&usg=AFQjCNHosmB9YYDobmxJXi9yM0uCX55jfw&cad=rja

    

    Last reply by CodeExplorer, March 6, 2011
16. 

    [.NET] Partition of ICorDebug

    March 1, 2011 by sirp

    • 0 replies
    • 5.7k views

    Partition of ICorDebug The ICorDebug API (the API for debugging managed apps) is about 70 total interfaces. Here is how I'd group the interfaces together, along with my random comments about how various interfaces fit into the big picture. A quick comment about interface versioning: 1. ICorDebug is a COM-classic unmanaged interface. Most of the interfaces are derived from IUnknown because we wanted to avoid the diamond-inheritance problem when we needed to add version 2 interfaces. I've left the "Derives From" column blank if an interface derives from IUnknown. 2. Version 2 interfaces have the previous interface's name appended with a version number. (eg, "IFoo2") …

    

    Last reply by sirp, March 1, 2011
17. 

    Any application-defined hook procedure on my machine

    February 24, 2011 by CodeExplorer

    • 0 replies
    • 3.9k views

    Any application-defined hook procedure on my machine />http://zairon.wordpress.com/2006/12/06/any-application-defined-hook-procedure-on-my-machine/ />http://msdn.microsoft.com/en-us/magazine/cc188966.aspx NtUserSetWindowsHookEx />http://doxygen.reactos.org/d7/dc3/subsystems_2win32_2win32k_2ntuser_2hook_8c_a7a2024e5452fd898ceddbe31d4699f14.html

    

    Last reply by CodeExplorer, February 24, 2011
18. 

    Correlating between .NET and native thread in Windbg

    February 24, 2011 by CodeExplorer

    • 0 replies
    • 3.9k views

    Correlating between .NET and native thread in Windbg />http://naveensrinivasan.com/

    

    Last reply by CodeExplorer, February 24, 2011
19. 

    Injecting Code Into Privileged Win32 Processes

    February 23, 2011 by CodeExplorer

    • 0 replies
    • 5.6k views

    Injecting Code Into Privileged Win32 Processes />http://mnin.blogspot.com/2007/05/injecting-code-into-privileged-win32.html />http://translate.google.com/translate?js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&sl=auto&tl=en&u=http%3A%2F%2Fwww.reversecore.com%2F74

    

    Last reply by CodeExplorer, February 23, 2011
20. 

    Increasing the Size of your Stack (.NET Memory Management)

    February 22, 2011 by CodeExplorer

    • 0 replies
    • 3.9k views

    Increasing the Size of your Stack (.NET Memory Management) />http://www.atalasoft.com/cs/blogs/rickm/archive/2008/04/22/increasing-the-size-of-your-stack-net-memory-management-part-3.aspx

    

    Last reply by CodeExplorer, February 22, 2011
21. 

    Java and .NET heap overhead

    February 22, 2011 by CodeExplorer

    • 0 replies
    • 3.6k views

    Java and .NET heap overhead />http://stackoverflow.com/questions/520922/java-and-net-heap-overhead />http://en.allexperts.com/q/Java-1046/reduce-garbage-collection-overhead.htm />http://abepralle.wordpress.com/2008/06/05/determining-heap-allocation-overhead/ />http://www.webperformance.com/load_testing/blog/2010/05/load-engine-tuning-jvm-memory-optimization/

    

    Last reply by CodeExplorer, February 22, 2011
22. 

    Pushing the Limits of Windows: Virtual Memory

    February 22, 2011 by CodeExplorer

    • 0 replies
    • 5k views

    Pushing the Limits of Windows: Virtual Memory />http://blogs.technet.com/b/markrussinovich/archive/2008/11/17/3155406.aspx

    

    Last reply by CodeExplorer, February 22, 2011
23. 

    Input Method Editor (IME) windows in Win32 UI

    February 21, 2011 by CodeExplorer

    • 0 replies
    • 5.1k views

    System calls IMM32.ImmGetDefaultIMEWnd and I think that each process has a IME />http://www.piclist.com/techref/os/win/api/win32/func/src/f47_14.htm />http://www.eggheadcafe.com/searchform.aspx?search=ImmGetDefaultIMEWnd

    

    Last reply by CodeExplorer, February 21, 2011
24. 

    Secrets of the Application Compatilibity Database (SDB)

    February 21, 2011 by CodeExplorer

    • 0 replies
    • 4.1k views

    Secrets of the Application Compatilibity Database (SDB) />http://forum.sysinternals.com/topic18127_post91540.html SO calls shim.dll whil loading process: ntdll!LdrpInitializeProcess+0x1064: 7c9216b1 e829330000 call ntdll!LdrpLoadShimEngine (7c9249df) ntdll!_LdrpInitialize+0x17e: 7c921634 e883040000 call ntdll!LdrpInitializeProcess (7c921abc)

    

    Last reply by CodeExplorer, February 21, 2011
25. 

    Analyzing local privilege escalations in win32k / Kernel exploitation

    February 21, 2011 by CodeExplorer

    • 0 replies
    • 3.7k views

    Analyzing local privilege escalations in win32k />http://uninformed.org/?v=10&a=2 />http://www.woodmann.com/forum/archive/index.php/t-13827.html />http://www.woodmann.com/forum/archive/index.php/t-10295.html />http://j00ru.vexillium.org/?p=614 Windows 2000 WIN32K.SYS System Service Calls />http://www.fengyuan.com/article/win32ksyscall.html

    

    Last reply by CodeExplorer, February 21, 2011