7.2 Privileges To protect critical OS components, data, and processes, there are two privilege modes the processor can run under. These two modes are user-mode and kernel-mode. User code runs in u...

7.1 Virtual Memory You’re probably aware that a computer has physical memory, also known as RAM. But how is this memory accessed? Well, with addresses of course! Unfortunately, it’s not that simpl...

Currently In Development This chapter will cover some of the basic inner workings of the Windows OS. Most of the topics will only be covered on a basic level and only the necessary information...

I would consider this to be our first real reversing project. There was a significant amount of information covered. If you’re confused by anything please reach out on Twitter. There are no dumb qu...

This part is optional but it gives our efforts purpose. And it’s fun. Now that we’ve reversed the Player class, let’s write our own program that makes a Player class and uses the functions rel...

I decided to introduce you to reversing with some DLL exports because we have the function names. Unfortunately, this isn’t always the case. This function, even though it’s quite small, will be a l...

Before we use InitializePlayer in our own program, let’s see what other information we can find about the class. To find more information, let’s look at PrintPlayerStats. This function is actual...

Typically a DLL will have a general purpose. It might be a DLL used for setting up a linked list, logging information, graphics, etc. The DLL we are reversing does more than just one general task. ...

There are two functions called PrintArray(). Here are the symbols for both functions: ?PrintArray@@YAXQEADH@Z void __cdecl PrintArray(char * __ptr64 const,int) Parameters: ...

The first thing I like to do is get a general idea of what the function is doing. The name of this function makes me think that it’s going to “say” hello. This could be simply returning a string, o...