[SUGGESTION] Reverse Engineering Papers/Tutorials

x BlueRobot · Feb 5, 2014

Prerequisites:

Strong Understanding of Windows Internals
Strong Understanding of Assembly

Please note the information within this post is unlikely to be suitable for beginners who have just started to learn about the internals of Windows and operating systems.

This a repository of .PDFs I have collected, which can be downloaded from SkyDrive account:

https://skydrive.live.com/?mkt=en-GB#cid=7101A9E8FE03DB78&id=7101A9E8FE03DB78!105

I have a few others which are loosely related to Security, but they lean more on Windows Internals. I currently have 325MB (397 files, 39 folders) of .PDFs and Word/PowerPoint files :grin1:

There's some papers I haven't read yet and had simply forgotten about them, looks like I have reading to do too!

Blogs/Links:

Most of these blogs can be found on my own blog in the Blogroll section, but I'll post them here for accessibility:

KernelMode.Info is a forum which has some good material and questions related to Reverse Engineering. I would also suggest looking at Corelan Team's website.

Tools:

I have personally been practicing with OllyDbg (User-Mode only) and IDA (Freeware version). There may be some other tools too, but since this isn't my field of expertise and I'm still learning how to use some of the tools, I may have missed some key tools for Malware Analysis. You can use WinDbg too, and I believe there may be some WinDbg plug-ins for IDA Pro.

- OllyDbg
- IDA

Patrick · Feb 5, 2014

My registration to KernelMode still hasn't been manually activated, so I think I am going to re-register.

x BlueRobot · Feb 6, 2014

Patrick said:
My registration to KernelMode still hasn't been manually activated, so I think I am going to re-register.

That's what happened to me, I had to register a different account and then I was able to access the file attachments.

jcgriff2 · Feb 8, 2014

Don't forget about John Carrona's (usasma) site - http://www.carrona.org

And his Driver Reference Table (DRT) - http://www.carrona.org/dvrref.html

DRT is mirrored here at Sysnative Forums - http://www.sysnative.com/drivers

Patrick · Feb 9, 2014

Another good RE blog - Alex Ionescu?s Blog

niemiro · Feb 9, 2014

Patrick said:
Another good RE blog - Alex Ionescu?s Blog

And another two whilst on the topic of Windows Internals (not so directly reverse engineering):

MSDN Blogs
The Old New Thing - Site Home - MSDN Blogs

Which are quite well circulated around these parts already, but may as well collect them here too.

Patrick · Feb 9, 2014

The MSDN ntdebugging blog is one of my personal favorites.

x BlueRobot · Feb 9, 2014

I read Alex Ionescu's blog and the NtDebugging Blog :dsmile:

x BlueRobot · Feb 25, 2014

I'm organising all the files I have downloaded, and renaming some of the files with useful names instead of lect01.comp which doesn't really define the topic. I'll post a new link when I've finished.

Search

Search

[SUGGESTION] Reverse Engineering Papers/Tutorials

x BlueRobot

Administrator

Patrick

Sysnative Staff

x BlueRobot

Administrator

jcgriff2

Co-Founder / Admin
BSOD Instructor/Expert
Microsoft MVP (Ret.)

Patrick

Sysnative Staff

niemiro

Senior Administrator, Windows Update Expert

Patrick

Sysnative Staff

x BlueRobot

Administrator

x BlueRobot

Administrator

[SUGGESTION] Reverse Engineering Papers/Tutorials

Administrator

Sysnative Staff

Administrator

Co-Founder / AdminBSOD Instructor/ExpertMicrosoft MVP (Ret.)

Sysnative Staff

Senior Administrator, Windows Update Expert

Sysnative Staff

Administrator

Administrator

Co-Founder / Admin
BSOD Instructor/Expert
Microsoft MVP (Ret.)