I've recently started reversing some of the Tigress obfuscator challenges, and I decided to use this to test out some of the functionality in Binary...
One call to NtSetInformationThread and one call to NtSetContextThread and we're all done · I've recently been looking into NtSetContextThread as an...
How the kernel returns from a syscall · I recently came across a neat technique for process injection called NINA that uses NtSetContextThread to modify...
After my recent work on extracting the SSDT from kernels without a debugger I synced this up with the symbols from the freely-available PDBs and ran a...
Guide and sample code for extracting SSDT/KiServiceTable from the Windows kernel binary without a debugger · For any developers wanting to make their...
One common anti-debugging technique is to make use of the Windows API to simply mark your threads as invisible to the debugger. This isn't officially...