This course will teach you how to reverse engineer software with a focus on modern Windows applications. The technical knowledge obtained in this course applies to 32-bit Windows, and the theory to...

Programming MSDN - https://msdn.microsoft.com/en-us Google - https://google.com The Cherno - https://www.youtube.com/user/TheChernoProject LearnCPP - https://www.learncpp.com Introductio...

A basic understanding of the PE header is assumed. Source code referenced can be found under my “PESENT” project on GitHub. I was recently looking into post-build configuration for binari...

Now let’s look at a function that has to do with looking data up in the table. Remember, it doesn’t matter which functions we reverse first. I’m choosing based on what I think will be a good order ...

Next up let’s take a look at RtlIsGenericTableEmpty. This is yet another potentially easy function to reverse that may give us valuable information. Once again, let’s try to predict how it could w...

We’ve taken a look at the initialization function and have a good idea of the base layout. Let’s continue with what are probably the more simple functions to gather as much easy information as poss...

When reversing, it’s best to try to focus on the bigger picture. It’s safe to guess, based on the function names, that a “Generic Table” is probably some kind of data structure. It’s also important...

Work in Progress {.prompt-danger} This chapter is going to cover reversing parts of a real DLL. The DLL we’re going to look at is NTDLL.dll. It’s quite a big DLL so we won’t reverse the whole ...

When reversing software you’re going to encounter a lot of functionality introduced by the OS. Ultimately just about everything boils down to a call to the Windows API. For this reason it’s invalua...

7.3 Architecture As already discussed, Windows separates kernel-mode and user-mode. However, Windows doesn’t stop there. Various other components are separated and organized in a structure-like wa...