x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,264 Location %systemroot% Feb 5, 2014 #1 Prerequisites: Strong Understanding of Windows Internals Strong Understanding of Assembly Please note the information within this post is unlikely to be suitable for beginners who have just started to learn about the internals of Windows and operating systems. This a repository of .PDFs I have collected, which can be downloaded from SkyDrive account: https://skydrive.live.com/?mkt=en-GB#cid=7101A9E8FE03DB78&id=7101A9E8FE03DB78!105 I have a few others which are loosely related to Security, but they lean more on Windows Internals. I currently have 325MB (397 files, 39 folders) of .PDFs and Word/PowerPoint files :grin1: There's some papers I haven't read yet and had simply forgotten about them, looks like I have reading to do too! Blogs/Links: Most of these blogs can be found on my own blog in the Blogroll section, but I'll post them here for accessibility: XyliBox xorl %eax, %eax VRT Security/malware blog Security Garden Security r0cket's malware blog Malware Must Die! Malware don't need Coffee Malware Digger HEXALE (security & reverse engineering) Malware Analysis and Removal Hex Blog | State-of-the-art code analysis FlUxIuS' Blog | Your life is a fight, curiosity is your weapon Dr. Fu's Security Blog MNIN Security Blog KernelMode.Info is a forum which has some good material and questions related to Reverse Engineering. I would also suggest looking at Corelan Team's website. Tools: I have personally been practicing with OllyDbg (User-Mode only) and IDA (Freeware version). There may be some other tools too, but since this isn't my field of expertise and I'm still learning how to use some of the tools, I may have missed some key tools for Malware Analysis. You can use WinDbg too, and I believe there may be some WinDbg plug-ins for IDA Pro. - OllyDbg - IDA
Prerequisites: Strong Understanding of Windows Internals Strong Understanding of Assembly Please note the information within this post is unlikely to be suitable for beginners who have just started to learn about the internals of Windows and operating systems. This a repository of .PDFs I have collected, which can be downloaded from SkyDrive account: https://skydrive.live.com/?mkt=en-GB#cid=7101A9E8FE03DB78&id=7101A9E8FE03DB78!105 I have a few others which are loosely related to Security, but they lean more on Windows Internals. I currently have 325MB (397 files, 39 folders) of .PDFs and Word/PowerPoint files :grin1: There's some papers I haven't read yet and had simply forgotten about them, looks like I have reading to do too! Blogs/Links: Most of these blogs can be found on my own blog in the Blogroll section, but I'll post them here for accessibility: XyliBox xorl %eax, %eax VRT Security/malware blog Security Garden Security r0cket's malware blog Malware Must Die! Malware don't need Coffee Malware Digger HEXALE (security & reverse engineering) Malware Analysis and Removal Hex Blog | State-of-the-art code analysis FlUxIuS' Blog | Your life is a fight, curiosity is your weapon Dr. Fu's Security Blog MNIN Security Blog KernelMode.Info is a forum which has some good material and questions related to Reverse Engineering. I would also suggest looking at Corelan Team's website. Tools: I have personally been practicing with OllyDbg (User-Mode only) and IDA (Freeware version). There may be some other tools too, but since this isn't my field of expertise and I'm still learning how to use some of the tools, I may have missed some key tools for Malware Analysis. You can use WinDbg too, and I believe there may be some WinDbg plug-ins for IDA Pro. - OllyDbg - IDA
P Patrick Sysnative Staff Joined Jun 7, 2012 Posts 4,618 Feb 5, 2014 #2 My registration to KernelMode still hasn't been manually activated, so I think I am going to re-register.
My registration to KernelMode still hasn't been manually activated, so I think I am going to re-register.
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,264 Location %systemroot% Feb 6, 2014 #3 Patrick said: My registration to KernelMode still hasn't been manually activated, so I think I am going to re-register. Click to expand... That's what happened to me, I had to register a different account and then I was able to access the file attachments.
Patrick said: My registration to KernelMode still hasn't been manually activated, so I think I am going to re-register. Click to expand... That's what happened to me, I had to register a different account and then I was able to access the file attachments.
jcgriff2 Co-Founder / AdminBSOD Instructor/ExpertMicrosoft MVP (Ret.) Staff member Joined Feb 19, 2012 Posts 21,541 Location New Jersey Shore Feb 8, 2014 #4 Don't forget about John Carrona's (usasma) site - http://www.carrona.org And his Driver Reference Table (DRT) - http://www.carrona.org/dvrref.html DRT is mirrored here at Sysnative Forums - http://www.sysnative.com/drivers
Don't forget about John Carrona's (usasma) site - http://www.carrona.org And his Driver Reference Table (DRT) - http://www.carrona.org/dvrref.html DRT is mirrored here at Sysnative Forums - http://www.sysnative.com/drivers
P Patrick Sysnative Staff Joined Jun 7, 2012 Posts 4,618 Feb 9, 2014 #5 Another good RE blog - Alex Ionescu?s Blog
niemiro Senior Administrator, Windows Update Expert Staff member Joined Mar 2, 2012 Posts 8,772 Location District 12 Feb 9, 2014 #6 Patrick said: Another good RE blog - Alex Ionescu?s Blog Click to expand... And another two whilst on the topic of Windows Internals (not so directly reverse engineering): MSDN Blogs The Old New Thing - Site Home - MSDN Blogs Which are quite well circulated around these parts already, but may as well collect them here too.
Patrick said: Another good RE blog - Alex Ionescu?s Blog Click to expand... And another two whilst on the topic of Windows Internals (not so directly reverse engineering): MSDN Blogs The Old New Thing - Site Home - MSDN Blogs Which are quite well circulated around these parts already, but may as well collect them here too.
P Patrick Sysnative Staff Joined Jun 7, 2012 Posts 4,618 Feb 9, 2014 #7 The MSDN ntdebugging blog is one of my personal favorites.
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,264 Location %systemroot% Feb 9, 2014 #8 I read Alex Ionescu's blog and the NtDebugging Blog :dsmile:
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,264 Location %systemroot% Feb 25, 2014 #9 I'm organising all the files I have downloaded, and renaming some of the files with useful names instead of lect01.comp which doesn't really define the topic. I'll post a new link when I've finished.
I'm organising all the files I have downloaded, and renaming some of the files with useful names instead of lect01.comp which doesn't really define the topic. I'll post a new link when I've finished.