30 Sep 2009

Mark Russinovich's posts

8 Jun 2009

Altering execution of the program

19 Mar 2009

Interposing System Calls

17 Nov 2008

Native API in Windows

Sven B. Schreiber, Interfacing the the Native API in Windows 2000 - with sample application using the undocumented NtQuerySystemInformation() function
16 Nov 2008

Bypassing SFC/WFP (System File Checker/Windows File Protection)

Jeremy Collake - Hacking Windows File Protection - exposed methods: ntdll.NtDuplicateHandle() on corresponding winlogon handles, SfcTerminateWatcherThread(), SfcFileException() and sfc.dll/sfc_os.dll patching
31 Oct 2008

Exploiting Windows

7 Oct 2008

Regular expressions

Nikolai Weibull, Theoretical Foundation of Regular Expressions and Text Editors (PDF, thesis) - symbols, languages,
grammars, regular expressions, finite automata, character sets (Unicode),
pattern matching, and the inner and outer workings of a text editor

Brian W. Kernighan, Rob Pike, Regular Expressions: Languages, Algorithms, and Software - backtracking implementation

Russ Cox, Regular Expression Matching Can Be Simple And Fast (but is slow in Java, Perl, PHP, Python, Ruby, ...) - NFA, DFA, backtracking and performance...

4 Oct 2008

Analysing Malicious Code

Lars Haukli, Analysing Malicious Code: Dynamic Techniques (PDF, long) - API hooking, Networking and Virtualization, Memory Scanning and API Monitoring, Packers, Structural Analysis, Automating analysis
4 Oct 2008

Gynvael Coldwind's papers

Michał Składnikiewicz, Fibers in a thread

Michał Składnikiewicz, Google Chrome's Sandbox + Is function hooking in Chrome really a security mechanism?

Michał Składnikiewicz, DLL spoofing (PL)

Michał Składnikiewicz, Virtual malware debugger-decompiler (PL, PDF, thesis)

Przemysław Pawełczyk's Space

Realist and pragmatist. Strong-willed and strong-minded. Sometimes taciturn, sometimes loquacious. FLOSS enthusiast but still using Windows. Stuck in the endless process of becoming a Linux wizard.