The history of Windows Internals via symbols.
翻译 - Windows Internals通过符号的历史记录。
CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers
翻译 - CallMon是一个实验性的系统调用监视工具,可使用PsAltSystemCallHandlers在Windows 10版本2004+上运行
WNF Utilities 4 Newbies (WNFUN)
A ProcMon-esque tool for monitoring Windows Kernel Drivers
Modern C++ wrapper for Windows PE signature verification mechanism
KNSoft.NDK provides native C/C++ definitions and import libraries for Windows NT and some specifications.
Practical Reverse Engineering Exercises
Implementation of the Process Hollowing technique for process injection (This is the third of three methods in the series)
Implementation of the Process Hollowing technique for process injection (This is the first of three methods in the series)
Implementation of the Process Hollowing technique for process injection (This is the second of three methods in the series)
This is a dumping zone for random things which I tend to forget or stumble upon doing some stuff. Stuff related to windows internals, debugging, security and computers.
Implementation of the Process Injection technique for DLL file injection
Useful PDFs to learn Reverse engineering, Assembly, C and Windows Internals.