1. Announcement:
    NEED HELP WITH A CHEAT? LOOKING FOR CHEATS? CLICK HERE!
    sp0rky (Katayoku no Tenshi)
    06-02-2005
    Views:
    47,403
Page 1 of 3 123 LastLast
Threads 1 to 30 of 80

Forum: Windows Internals

Windows PE Header (IAT, EAT, TIB, PEB), NTDLL functions, Kernel objects, etc

  1.   Sticky Threads  

  2. Sticky Thread Sticky: PeLib - A PE File Format Wrapper

    Started by Chazwazza, 10-07-2009
    2 Pages
    1 2
    5 Staff Post(s) code, dead, file, format, google, hadesmem, http, link, links, pelib, url, wrapper
    • Replies: 27
    • Views: 5,076
    Aidan
    02-26-2012 Go to last post

  3. Sticky Thread Sticky: KiFastSystemCall Wrapper

    Started by Guy, 08-09-2009
    4 Pages
    1 2 3 4
    21 Staff Post(s) api, c++, call, checking, explain, file, files, fine, include, kifastsystemcall, latest, link, pos, post, project, release, requested, update, upload, vista, windows, windows7, work, works, wrapper
    • Replies: 57
    • Views: 12,447
    meong
    11-30-2011 Go to last post

  4. Exclamation Sticky Thread Sticky: Library ntdll

    Started by mattdog, 11-17-2009
    2 Pages
    1 2
    4 Staff Post(s) 1st, amd, amd64, bro, confused, dll, fixed, good, gpa, great, hack, lazy, lol, mat, modulebase, native, ntapi, ntdll, pos, post, remove, shit, strike, war, warnings 2 Attachment(s)
    • Replies: 25
    • Views: 6,880
    mattdog
    10-03-2011 Go to last post

  5. Sticky Thread Sticky: Generic Dll Injector for x86 and x64 + Export Caller

    Started by Chazwazza, 08-20-2009
    3 Pages
    1 2 3
    7 Staff Post(s) address, advanced, caller, changing, chazwazza, dll, export, file, generic, guess, hail, injector, link, lol, man, thread, update, updated, x64, x86, year
    • Replies: 32
    • Views: 7,732
    Alg0rithm
    04-29-2011 Go to last post

  6. Sticky Thread Sticky: Call Exports of a Module in a Remote Process

    Started by Chazwazza, 07-19-2009
    2 Pages
    1 2
    5 Staff Post(s) exports, module, process, remote
    • Replies: 16
    • Views: 3,490
    omfgwallhax
    08-18-2010 Go to last post

  7. Sticky Thread Sticky: Solution Write Registry From Kernel.

    Started by SyntaxX, 07-11-2010
    • Replies: 2
    • Views: 1,105
    SyntaxX
    07-12-2010 Go to last post

  8. Sticky Thread Sticky: GetModuleHandleCustom

    Started by Chazwazza, 10-01-2009
    2 Pages
    1 2
    getmodulehandlecustom
    • Replies: 18
    • Views: 3,045
    THEREAVER
    07-03-2010 Go to last post

  9. Sticky Thread Sticky: Custom GetProcAddress Implementation (IA-32 and AMD64)

    Started by Chazwazza, 05-10-2009
    3 Pages
    1 2 3
    9 Staff Post(s) amd64, custom, getprocaddress, ia32, implementation
    • Replies: 35
    • Views: 6,574
    Casual_Hacker
    04-20-2010 Go to last post

  10. Sticky Thread Sticky: unlink2

    Started by Hatter, 11-30-2009
    unlink2
    • Replies: 2
    • Views: 1,330
    syntroniks
    11-30-2009 Go to last post

  11. Sticky Thread Sticky: Windows 7 Retail SP0 System Call IDs

    Started by Chazwazza, 08-22-2009
    3 Staff Post(s) ids, retail, sp0, windows
    • Replies: 6
    • Views: 1,998
    Guy
    09-08-2009 Go to last post

  12. Sticky Thread Sticky: Thread Enumeration with native calls

    Started by Guy, 08-22-2009
    2 Pages
    1 2
    12 Staff Post(s) calls, enumeration, native, thread
    • Replies: 24
    • Views: 4,024
    Guy
    08-27-2009 Go to last post

  13. Sticky Thread Sticky: Changes to Timing APIs in Windows 7

    Started by Chazwazza, 08-08-2009
    1 Staff Post(s) apis, timing, windows
    • Replies: 3
    • Views: 1,372
    v3n0m4
    08-08-2009 Go to last post

  14. Sticky Thread Sticky: New Windows 7 APIs

    Started by Chazwazza, 02-01-2009
    1 Staff Post(s) 3 Attachment(s)
    • Replies: 8
    • Views: 3,426
    Chazwazza
    02-12-2009 Go to last post

  15. Sticky Thread Sticky: Calling Conventions

    Started by v3n0m4, 12-01-2007
    1 Attachment(s)
    • Replies: 3
    • Views: 1,627
    2ci-
    12-03-2007 Go to last post

  16. Sticky Thread Sticky: File Hiding

    Started by NullStub, 08-25-2004
    6 Staff Post(s) file, hiding
    • Replies: 10
    • Views: 4,111
    athree
    03-12-2007 Go to last post

  17. Sticky Thread Sticky: [FASM] Dynamically Linking against NTDLL

    Started by Neounk, 10-25-2006
    • Replies: 0
    • Views: 1,961
    Neounk
    10-25-2006 Go to last post

  18.   Normal Threads  

  1. Question x64 SSDT-Hook, doesn't work for 32bit targets

    Started by kewl, 4 Weeks Ago
    bit, calls, detour, driver, drivers, emulated, fine, func, function, hook, index, kernel, load, mode, small, target, test, text, thread, whe, work, wrong, wrote, x64, x86
    • Replies: 4
    • Views: 313
    Bit_Hacker
    14 Hours Ago Go to last post

  2. Code REMOTE INJECT MODULE FROM BYTE ARRAY

    Started by ntKid, 01-04-2012
    1 Staff Post(s) array, azorbix, based, byte, change, coder, detours, file, func, function, http, ini, inject, injection, issues, map, method, module, ntkid, point, pointing, process, remote, stress, valid 3 Attachment(s)
    • Replies: 5
    • Views: 946
    li0n.coder
    4 Weeks Ago Go to last post

  3. Question How to create a trampoline function for hook.

    Started by stratus, 02-17-2012
    api, articles, basic, c++, code, crash, detours, direction, dll, extremely, function, functions, general, getprocaddress, hook, hooking, make, patch, point, post, trampoline, true, user, work, write
    • Replies: 2
    • Views: 460
    shrooms
    02-21-2012 Go to last post

  4. Question Access other Processes Addressspace

    Started by ACB, 03-15-2011
    access, address, addressspace, basic, code, dll, fow, getprocaddress, handle, hook, hooks, injection, main, make, notepad, process, question, quick, read, readprocessmemory, test, true, virtual addressspace, windows, writeprocessmemory
    • Replies: 7
    • Views: 1,122
    prOdeatH
    01-22-2012 Go to last post

  5. Hooking MessageBoxA with detours 1.5

    Started by Anddos, 01-17-2012
    address, api, code, console, d3d, detach, detours, directx, dll, dllmain, function, getprocaddress, handle, hook, hooking, pointer, process, reason, thread, true, user, valid, win, win32, windows
    • Replies: 1
    • Views: 274
    Aidan
    01-17-2012 Go to last post

  6. Read the f'ing Manual Question SSDT Hooking on x64 dilemma

    Started by Learner4532, 10-29-2011
    address, base, bit, dilemma, driver, func, function, hook, hooking, idea, jump, memory, offset, original, problem, replace, table, till, values, whe, windows, working, write, x64
    • Replies: 3
    • Views: 915
    defragger
    12-14-2011 Go to last post

  7. Question CreateThread from kernel

    Started by Learner4532, 11-13-2011
    create, error, func, functions, goal, ing, kernel, memory, needed, order, processes, thread, usermode, vista
    • Replies: 0
    • Views: 337
    Learner4532
    11-13-2011 Go to last post

  8. ZwGetContextThread Hook

    Started by Learner4532, 11-02-2011
    address, bit, called, func, function, hey, hook, hooked, index, jump, method, perfect, problem, test, text, thread, usermode, whe, windows
    • Replies: 0
    • Views: 425
    Learner4532
    11-02-2011 Go to last post

  9. Post Help Appreciated!!

    Started by d3nd3, 10-26-2011
    calling, case, code, dll, file, fine, functions, hal, line, loaded, main, message, modified, official, original, pointer, post, range, screen, strange, string, thread, time, working, wrapper
    • Replies: 0
    • Views: 169
    d3nd3
    10-26-2011 Go to last post

  10. System interactive process consuming 100% cpu

    Started by listito, 09-27-2011
    100, 100%, causing, config, cpu, happen, http, issue, leak, memory, problem, process, program, programming, question, read, reverse, slow, sof, software, user, video, watch, wth, youtube 1 Attachment(s)
    • Replies: 9
    • Views: 463
    Chod
    09-28-2011 Go to last post

  11. Question How to get SSDT function address in windows x64

    Started by ohno, 07-13-2011
    2 Staff Post(s) address, calculation, code, dll, false, formula, func, function, functions, hey, index, kernel, okidoki, pat, pattern, section, sig, src, win, windows, wrong, x64
    • Replies: 6
    • Views: 1,550
    ohno
    07-14-2011 Go to last post

  12. Question Checksum a module in memory

    Started by mlg, 06-24-2011
    attempt, base, bytes, copy, creating, dll, fixed, image, issue, loaded, loader, loading, loadlibrary, memory, module, offsets, original, problem, read, relocations, save, section, space, windows, work
    • Replies: 1
    • Views: 408
    peraZdera
    06-24-2011 Go to last post

  13. Question Removing Base Relocs

    Started by Surp, 06-22-2011
    article, base, code, file, fixed, good, great, header, http, image, library, loaded, manualmap, memory, microsoft, msdn, option, overview, relocations, removing, saving, trouble, update, url
    • Replies: 2
    • Views: 384
    Surp
    06-22-2011 Go to last post

  14. stunned Question Reading function memory

    Started by 0xdeadc0de, 02-02-2011
    1 Staff Post(s) address, arguments, calls, case, code, dll, func, function, functions, guess, hard, hide, hook, hooking, idea, injected, list, memory, methods, programming, reading, return, stupid, values, windows
    • Replies: 3
    • Views: 854
    okidoki
    06-19-2011 Go to last post

  15. Question Bypassing Patchguard

    Started by GiveMeFastFont, 06-05-2011
    000, 103, 110, article, asm, bypass, bypassing, checks, ching, code, disable, fine, http, inside, method, patching, problem, src, text, uni, uninformed, url, working, works, wrong
    • Replies: 3
    • Views: 1,129
    Fyyre
    06-17-2011 Go to last post

  16. Question Write user memory from driver

    Started by kerrigan29a, 05-11-2011
    2 Pages
    1 2
    address, cache, changing, checks, code, detour, driver, export, function, guess, hook, memory, modification, modify, module, msdn, operation, page, process, program, read, remove, user, virtual, write
    • Replies: 17
    • Views: 2,461
    Fyyre
    05-13-2011 Go to last post

  17. Question SendInput() issue

    Started by sasha, 05-09-2011
    call, code, ect, flag, hook, hooking, hooks, injected, issue, keyboard, messages, msdn, pass, pro, process, protect, reading, remove, removed, result, window, windows, work
    • Replies: 5
    • Views: 910
    learn_more
    05-11-2011 Go to last post

  18. Question Disable ASLR on Windows 7 x64

    Started by la2elpy, 05-04-2011
    1 Staff Post(s) 064, address, base, based, completely, confused, debug, disable, dll, dynamic, executable, ics, ida, key, long, run, set, time, turn, wav, whe, windows, x64
    • Replies: 3
    • Views: 1,444
    syntroniks
    05-07-2011 Go to last post

  19. Question Getting the BaseAddress of Module from ring0

    Started by kerrigan29a, 04-28-2011
    appears, baseaddr, call, code, dll, dlls, driver, func, function, handle, hook, idea, import, link, list, loaded, memory, module, problem, process, ring0, syscalls, tools, win, winapi
    • Replies: 9
    • Views: 1,213
    DeepblueSea
    04-28-2011 Go to last post

  20. Question Offsets & finding them

    Started by Void(Int Main), 01-22-2011
    2 Pages
    1 2
    3 Staff Post(s) 000, 400, address, base, based, change, data, dll, entry, executable, file, finding, hook, image, location, lol, memory, offsets, program, small, space, time, variable, write, wrote
    • Replies: 29
    • Views: 2,512
    DeepblueSea
    01-30-2011 Go to last post

  21. Question Question Windows 7 x64 Checked Build

    Started by Chazwazza, 01-15-2011
    2009, 2010, account, admin, architecture, database, development, downloading, https, info, information, link, loading, microsoft, pack, pay, pro, retail, software, team, test, universal, updated, windows, x64
    • Replies: 9
    • Views: 1,412
    crazyfreekz
    01-18-2011 Go to last post

  22. Manual Mapping and EH Support

    Started by Chazwazza, 10-04-2010
    basic, bump, c++, class, code, compile, dll, fine, ice, manual, mapping, module, nice, pos, project, read, request, server, source, string, support, test, topic, uploading, write 1 Attachment(s)
    • Replies: 13
    • Views: 2,484
    Chazwazza
    12-31-2010 Go to last post

  23. Wink Correcting PE Image after Alterations?

    Started by CB4, 10-04-2010
    • Replies: 1
    • Views: 716
    Fyyre
    10-07-2010 Go to last post

  24. Question Intercepting user mode direct virtual memory access from kernel mode

    Started by Megamorph, 09-02-2010
    • Replies: 10
    • Views: 2,321
    DeepblueSea
    09-08-2010 Go to last post

  25. Code Smallest rootkit

    Started by GiveMeFastFont, 08-11-2010
    • Replies: 2
    • Views: 1,624
    Fyyre
    08-20-2010 Go to last post

  26. Question X64 Syscall-Index

    Started by SyntaxX, 07-20-2010
    asm, correctly, font, forum, helpful, hey, hook, index, information, ing, kit, method, read, rootkit, service, success, whe, work, works, x64, x86
    • Replies: 10
    • Views: 3,676
    Fyyre
    08-20-2010 Go to last post

  27. Question load/inject a hack dll using a driver (hard way?)

    Started by absai, 06-23-2010
    • Replies: 1
    • Views: 1,271
    notme
    08-05-2010 Go to last post

  28. Cool Code WOW64 ntdll hooking nonsense

    Started by ThatLameDude, 05-22-2010
    • Replies: 2
    • Views: 1,377
    v3n0m4
    05-24-2010 Go to last post

  29. Loaders, DLL Injection, and WoW64

    Started by Chazwazza, 08-23-2009
    2 Staff Post(s) dll, injection, loaders, wow64
    • Replies: 13
    • Views: 3,473
    Hax4ever
    05-09-2010 Go to last post

  30. IoCreateDevice

    Started by 12354, 05-04-2010
    2 Pages
    1 2
    1 Staff Post(s)
    • Replies: 17
    • Views: 2,194
    12354
    05-04-2010 Go to last post
Page 1 of 3 123 LastLast

Forum Information and Options

Users Browsing this Forum

There are currently 1 users browsing this forum. (0 members & 1 guests)

Thread Display Options

Use this control to limit the display of threads to those newer than the specified time frame.

Allows you to choose the data by which the thread list will be sorted.

Order threads in...

Note: when sorting by date, 'descending order' will show the newest results first.

Icon Legend

Contains unread posts
Contains unread posts
Contains no unread posts
Contains no unread posts
More than 15 replies or 500 views
Hot thread with unread posts
More than 15 replies or 500 views
Hot thread with no unread posts
Closed Thread
Thread is closed
Thread Contains a Message Written By You
You have posted in this thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Page generated in 1.3091 seconds with 17 queries.