Reversing Windows Internals (Part 1) - Digging Into Handles, Callbacks & ObjectTypes
If you want to follow other parts of this tutorial or other tutorials, please visit here.
#reverse
#windows
By the lovely Sina Karvandi
If you want to follow other parts of this tutorial or other tutorials, please visit here.
Methodology
#reverse
#windows
👾1
Reverse Engineering on Windows Without Symbols or Source, Part Fun (One)
Other blogs
#reverse
#windows
Other blogs
Methodology
#reverse
#windows
Klogixsecurity
Reverse Engineering on Windows Without Symbols or Source, (Part One)
Blog post describing reverse engineering techniques including a review of calling conventions, and what to do if your binary doesn't have symbols.
👾2
The .NET Export Portal
Via XPN
While working on some tooling recently I revisited this topic and wanted to know just why this works in the way that it does. After all, by now we’ve all seen the COM calls required to spin up the CLR, so what makes unmanaged exports so special?
#reverse
#dotnet
Via XPN
A while back I published a post looking at how to craft a .NET assembly which exposes managed code via DLL exports, RunDLL32 your .NET.
While working on some tooling recently I revisited this topic and wanted to know just why this works in the way that it does. After all, by now we’ve all seen the COM calls required to spin up the CLR, so what makes unmanaged exports so special?
#reverse
#dotnet
Feeling overwhelmed trying to learn security research? (Analyzing the PayloadRestrictions.dll Export Address Filtering)
#research #reverse #internals
Check out the "Process of Step-by-Step" by Yarden Shafir — a great resource that breaks it down clearly.
#research #reverse #internals
what is Windows software trace preprocessor (WPP)?
MSDN
Data Source Analysis and Dynamic Windows RE using WPP and TraceLogging
#reverse
MSDN
Data Source Analysis and Dynamic Windows RE using WPP and TraceLogging
Whether analyzing a Windows binary or assessing new data sources for detection engineering purposes, using lesser known tracing mechanisms, Windows software trace preprocessor (WPP) and TraceLogging offer a potential goldmine of valuable information that has been right under your nose. Both WPP and TraceLogging were designed primarily for debugging purposes but potentially offer reverse engineers, vulnerability researchers, and detection engineers an opportunity to peer inside Windows binaries all without requiring a debugger.
#reverse
👾7