Category: x64

Applied Reverse Engineering: Accelerated Assembly [P2]

Overview After reading feedback from the first part to the Accelerated Assembly guide, I’ve decided to take on a custom target, and call back to high-level languages when we encounter obscure or new pieces in the assembly. I realize that the level of detail in my last article may have been cumbersome to some readers, […]

Read More

Applied Reverse Engineering: Accelerated Assembly [P1]

Overview In this article you’ll be guided through a course on the x86 Instruction Set. This article serves at as a quick fix to the problem of not knowing where to start when learning Assembly. We’ll be covering instruction format briefly, and then jump right in to the instructions. This is like learning another language, […]

Read More

Applied Reverse Engineering: Exceptions and Interrupts

Overview To continue learning important topics within the OS and architecture, and before diving into the deep end of the application, we’re going to cover a topic that is relevant to reverse engineering and development in general: exceptions and interrupts. In this article, you’ll learn about exceptions/interrupts from the ground up. What they are, the […]

Read More

Applied Reverse Engineering: The Stack

Overview This article is written for new reverse engineers who have a hard time understanding the stack, its layout, how it works, and the various requirements for proper function. It can be a confusing concept to wrap your head around at first, but after reading this article you should have a very deep understanding of […]

Read More

Applied Reverse Engineering: Basic Architecture

Overview Thanks for joining me in my newest series Applied Reverse Engineering. I decided to write this new series concurrently with the EPT series except I pushed out the first five for this one and haven’t started the other. Typical. Anyways, I have to give a little preface to the article and series as well […]

Read More

Applied Reverse Engineering Series

Series Overview This series is intended for readers who are interested in reverse engineering but have only opened a debugger a handful of times. If you have trouble with certain concepts of reverse engineering, tooling, disassembly or debugging then you’ve come to the right place. Starting from the ground up we’ll work our way to […]

Read More

Reading MSRs from UserMode

After speaking with some pals online about Windows 10’s policy requiring drivers to be digitally signed in order to load the lot of us began digging into tools that use signed drivers – you know… to see if there was any fun to be had with drivers that don’t validate UserMode addresses that are passed […]

Read More

Recovering Deleted Windows Files [Breakdown and Theory]

When you delete a file on Windows, specifically Windows 10 Professional x64, it is removed from the user’s view and placed in the recycle bin for permanent deletion. Once that permanent deletion is performed, some ask the question “is the file really gone?” The answer is no, not immediately, and even after permanent deletion it’s […]

Read More

Structure of Security Identifiers

Recently a friend of mine asked about an unknown user account associated with all files, new or old, with an unknown SID (security identifier) attached. I noted that this is common when local machines have had accounts that have since been removed. However, he then asked about the structure of that number so I figured […]

Read More

Usermode Debugger Check Prevention

It’s easy enough to use OllyDbg or any other debugger to bypass debugger checks, but any sort of anti-debugging technique that utilizes the time stamp counter such as QueryPerformanceCounter, GetTickCount, and others, can be bypassed by setting the 2nd bit in control register 4 (CR4) which disables the TimeStamp Counter from working for applications operating […]

Read More