Склад / Чулан / Сундук ссылок на всё, что только можно, связанное с ревёрсом / книжечки / курсы / много инфы
Maybe most useful links
https://malwareunicorn.org/#/workshops
https://thestarman.pcministry.com/
https://wiki.osdev.org/Main_Page
Red Teaming and Malware Analysis
https://www.coursera.org/learn/build-a-computer
https://www.corelan.be/index.php/articles/
https://fuzzysecurity.com/tutorials.html
https://anti-debug.checkpoint.com/
https://gamehacking.academy/about
https://guyinatuxedo.github.io/
https://connormcgarr.github.io/
http://fumalwareanalysis.blogspot.com/p/malware-analysis-tutorials-reverse.html
Windows (mainly kernel) Exploitation Links
CNIT 127: Exploit Development Lectures + Articles
github.com/r3p3r/nixawk-awesome-windows-exploitation
github.com/connormcgarr/Exploit-Development
github.com/connormcgarr/Kernel-Exploits
github.com/ElliotAlderson51/Exploit-Writeups
github.com/rhamaa/Binary-exploit-writeups#windows_stack_overflows
github.com/wtsxDev/Exploit-Development
github.com/sathwikch/windows-exploitation
github.com/FULLSHADE/WindowsExploitationResources
fullpwnops.com/windows-exploitation-pathway.html
github.com/SecWiki/windows-kernel-exploits
malwareunicorn.org/#/workshops
MIT Operating System Engineering 6.1810(6.S081) Course
Перевод глав из книги курса выше
ctf101.org/binary-exploitation/overview
Windows Stack Protection I: Assembly Code
Windows Stack Protection II: Exploit Without ASLR
Windows Stack Protection III: Limitations of ASLR
SEH-Based Stack Overflow Exploit
Exploiting Easy RM to MP3 Converter on Windows with ASLR
Bypassing Browser Memory Protections
The Basics of Exploit Development 1: Win32 Buffer Overflows
The Basics of Exploit Development 2: SEH Overflows
The Basics of Exploit Development 3: Egg Hunters
The Basics of Exploit Development 4: Unicode Overflows
The Basics of Exploit Development 5: x86-64 Buffer Overflows
Awesome Advanced Windows Exploitation References
Forums
https://reverseengineering.stackexchange.com/
http://forum.ru-board.com/forum.cgi?forum=35
https://forum.reverse4you.org/categories
https://cracklab.team/index.php
悪魔のツール”ルートキット”最前線 Devil’s tool “rootkit”
WikiLeaks leak CIA hacking tools
https://wikileaks.org/ciav7p1/cms/index.html
Максимально понятное объяснение про память, сегменты, трансляции и тд на русском
https://acm.bsu.by/wiki/Unix2019b/Организация памяти на x86-64
https://acm.bsu.by/wiki/C2017/Архитектура_x86-64
https://habr.com/ru/company/intel/blog/238091
Маст рид по эксплуатации
https://fullpwnops.com/windows-exploitation-pathway.html
Базовые треды с васма о кракинге, иде и всём всём всём
https://wasm.in/blogs/category/issledovanie-programm.19
https://wasm.in/blogs/category/sekrety-win32.17
https://wasm.in/blogs/category/virusologija.25
https://wasm.in/forums/wasm-nt-kernel.17
https://wasm.in/threads/import-x64.32146
Величайший Dr. Xiang Fu с туториалами по анализу малвари
https://fumalwareanalysis.blogspot.com/p/malware-analysis-tutorials-reverse.html
Blog with a lot of articles about windows internals
Blog with a lot of articles about forensics and reverse
https://eforensicsmag.com/category/news/
some useful articles from it:
An Introduction To Memory Forensics: Windows Process Internals
Windows Process Internals : A few Concepts to know before jumping on Memory Forensics
Всё про антиотладку
https://anti-debug.checkpoint.com
CS:GO cheats writing 2020
some windows internals articles
курс Введение во внутреннее устройство Windows
Введение во внутреннее устройство Windows
курс Архитектура Windows. Программирование в ядре Windows
Архитектура Windows. Программирование в ядре Windows
WinAPI vs NativeAPI
Anti-disassembly techniques, detection rules, code snippets of obfuscation, malware features and so on
Сборка обязательных к прочтению статей по ревёрсу с Хакера
https://xakep.ru/2017/10/18/reverse-malware-must-read
https://xakep.ru/2006/11/27/35410
Записки Йосифовича по приколам винды
https://scorpiosoftware.net/category/windows-internals
How to be a low-level programmer
https://github.com/gurugio/lowlevelprogramming-university/blob/master/README_ru.md
UEFI
https://github.com/tianocore/tianocore.github.io/wiki/UEFI-EDKII-Learning-Dev
Мануалы по кракам прог
https://manhunter.ru/underground
Блог Joannы Rutkowskой
http://theinvisiblethings.blogspot.com
Новая версия блога
https://blog.invisiblethings.org
Блоги, вирусы, статьи
Lord Of The Ring0
Бинари и всё такое
https://opensecuritytraining.info/LifeOfBinaries.html
Исследования по форензике
Блог Raymond’а Chen’а про приколы винды
https://devblogs.microsoft.com/oldnewthing
Русский блог редплейта по винде
Куча полезного про windows system programming на русском, в том числе
https://kaimi.io/tag/assembler
https://kaimi.io/2012/09/pe-packer-step-by-step-1
Лабы по ревёрсу/PE/анти анализу
https://malwareunicorn.org/#/workshops
What Every Programmer Should Know About Memory - на русском и англе
https://rus-linux.net/lib.php?name=/MyLDP/hard/memory/memory.html
https://people.freebsd.org/~lstewart/articles/cpumemory.pdf
Собрание всех тем из старых времен по варезу
Modern Malware Techniques
https://danusminimus.github.io
Лабы по написанию читов для игр
Бесконечное количество контента по ревёрсу/малвари, искать меняя id в урле
https://samsclass.info/126/proj/PMA1.htm
https://samsclass.info/126/proj/PMA2.htm
Хранилище института информатики Польши, низкоур прог, ревёрс
http://ics.p.lodz.pl/~dpuchala/LowLevelProgr
windows kernel internals
http://matteomalvica.com/minutes/windows_kernel
lena151’s cracking tutorials
найдётся на просторах инета, последовательные мануалы по краку прог, правда по сути без объяснения, сделано в виде флеш интерактивных картинок
Курс ревёрс
https://0xinfection.github.io/reversing
андеграунд база хех
https://krober.biz/?p=3413#more-3413
Старый блог по внутренностям винды
http://uninformed.org/index.cgi?v=all
Задачки форензика + ревёрс
https://www.amanhardikar.com/mindmaps/ForensicChallenges.html
Course materials for Advanced Binary Deobfuscation by NTT Secure Platform Laboratories
Куча всего про малварь
https://github.com/rshipp/awesome-malware-analysis
Гайд, как вкатиться в ревёрс и малвари от Хашерезады
https://hshrzd.wordpress.com/how-to-start
Тренинг по малвари от Хашерезады
https://github.com/hasherezade/malware_training_vol1
Журналы и много блогов
Куча контента от ревёрсера
https://reversing.blog/en/learning/sites
https://reversing.blog/en/learning/free
https://reversing.blog/en/learning/reading
https://reversing.blog/en/learning/sites
Куча разнообразных виндовых структур
http://terminus.rewolf.pl/terminus
Виндовые сисколы
https://j00ru.vexillium.org/syscalls/nt/64
https://j00ru.vexillium.org/syscalls/nt/32
Subverting Vista TM Kernel For Fun And Profit
Pinczakko’s Guide to Award BIOS Reverse Engineering (manual to bios disassembly ninjitsu uncovered)
All kernel “ring levels”
AMD-V Hypervisor Development - A Brief Explanation
Hyper-V Architecture: Intercepts, interrupts and Hypercalls
System Management Mode Speculative Execution Attacks
Attacking SMM Memory via Intel® CPU Cache Poisoning
A virtual journey: From hardware virtualization to Hyper-V’s Virtual Trust Levels
Куча статей с одного сайта
PMA 1. Basic Static Techniques
PMA 9: Kernel Debugging with LiveKd WinDbg
PMA 20: Malware Analysis Virtual Machine (15 pts)
PMA 40: FLARE-VM (20 pts extra)
PMA 41: Windows 10 with Analysis Tools (20 pts)
PMA 60: Cloud Server on Azure (15 pts extra)
PMA 101: Basic Static Techniques (20 pts + 30 pts extra)
PMA 102: Unpacking (15 pts + 10 extra)
PMA 105: Process Explorer (10 pts)
PMA 121: Unpacking with OllyDbg and pestudio (20 pts + 30 extra)
PMA 122: PE Headers (50 pts extra)
PMA 123: Importing DLLs (45 pts extra)
PMA 124: DLL Hijacking (15 pts extra)
PMA 125: Installing Visual Studio 2019 (10 pts extra)
PMA 126: DLL Proxying (20 pts extra)
PMA 130: Ubuntu 18 Desktop VM (10 pts)
PMA 131: Custom UPX (15 pts extra)
PMA 132: Reversing a .NET Executable (40 pts extra)
PMA 201: Basic Dynamic Analysis (30 pts)
PMA 202: Keylogger (15 pts + 15 pts extra)
PMA 303: IDA Pro (20 pts + 20 extra)
PMA 304: C Constructs in Assembly (15 pts)
PMA 402. Hacking Minesweeper with Ollydbg (15 pts + 30 extra)
PMA 403. API Monitor (15 pts extra)
PMA 410: Kernel Debugging on Windows 2008 Server (15 pts)
PMA 411: SSDT Hooking (25 pts extra)
PMA 420: Bootkit Analysis with Bochs (15 pts)
PMA 421: Understanding the MBR (15 pts + 55 extra)
PMA 430: WinDbg Preview (15 pts)
PMA 431: WinDbg Preview: Source-Level Debugging (10 pts extra)
PMA 432: WinDbg Preview: Kernel Debugging (35 pts extra)
PMA 433: Kernel Debugging with Two Azure Machines (30 pts extra)
PMA 434: Debugging a Driver (30 pts extra)
PMA 436: Kernel Debugging Using Two Local VMs (15 pts extra)
PMA 510: Starting with Ghidra (20 pts)
PMA 511: Ghidra Data Displays (40 pts)
Куча статей с ещё одного сайта
OSR Dev Blog:WINVER Incorrectly Defined in XP/.NET Beta DDK’s Win2K Build Environment
OSR Dev Blog:Don’t Define NT_UP
OSR Dev Blog:Windows XPxc2xae IFS Kit Errata
Just Checking - Installing a Partially Checked Build
Signed, Sealed, Delivered - Driver Signing in Windows 2000
Who Cares? You Do! - Implementing PnP for WDM/NT V5
X-DMA - Extreme DMA for Performance
The Basics:Getting Started Writing Windows Drivers
Properly Pending IRPs - IRP Handling for the Rest of Us
Tunneling - Name Tunneling in Windows 2000 File Systems
Keeping Secrets - Windows Security (Part III)
OSR Dev Blog:Enabling Debugging on the Local Machine for Windows XPxc2xae
OSR Dev Blog:MmMapLockedPages(SpecifyCache) with AccessMode == UserMode
Property - Adding Property Pages to Device Drivers
Life After Death? - Understanding Blue Screens
Fun with IOCTLs - Defining Custom I/O Control Codes
File Systems & XP - New File Systems Material in Windows XP
Filtering the Riff-Raff - Observations on File System Filter Drivers
You’re Testing Me - Testing WDM/Win2K Drivers
From Andy’s Bookshelf: Loading Video Drivers, a Mystery Solved
A Modest Proposal - A New View on I/O Cancellation
Analyze This - Analyzing a Crash Dump
A Common Topic Explained - Sharing Memory Between Drivers and Applications
Downloads:DDKBUILD – Visual Studio .CMD Procedure For Building Drivers
Downloads:WinDbgStart – Manage Multiple Debugger Configurations
Taming the Beast - The Windows 2000 Build Environment
Life Support for WinDbg - New Windows NT Support Tools
That’s Just the Way It Is - How NT Describes I/O Requests
So You Wanna Be a Bus Driver? - Writing Bus Drivers for Windows 2000
More on Kernel Debugging - KMODE_EXCEPTION_NOT_HANDLED
Keeping Secrets - Windows NT Security (Part II)
Making WinDbg Your Friend - Creating Debugger Extensions
Getting ‘N Sync - A Primer on Kernel-Mode SMP Synchronization
A New Way to DMA - Busmaster DMA in Windows 2000
Keeping Secrets - Windows NT Security (Part I)
Global Relief Effort - C++ Runtime Support for the NT DDK
The Exception to the Rule - Structured Exception Handling
WMI Revisited - Instrumentation and Integration with PerfMon
Windows NT Virtual Memory (Part II)
From Andy’s Bookshelf: So you Wanna Write a Video Driver
WMI - What it is…Why Driver Writers Should Care
Build Tricks: Checked and Free Revisited
Downloads:LogControl – Tailor SetupAPI Logging
From Andy’s Bookshelf: Floating Point Triage
Windows NT Virtual Memory (Part I)
The Truth About Cancel - IRP Cancel Operations (Part II)
Converting Windows NT V4 Drivers to WDM/Win2K
Loading DLLs for Graphics Drivers
The Truth About Cancel - IRP Cancel Operations (Part I)
A Chance to Prove its Worth - The NT HAL
Secrets of the Universe Revealed! - How NT Handles I/O Completion
In My Space - Choosing the Correct HAL Function for Device Access
What’s in a Name? - Cracking Rename Operations
Tools of the Trade - A Catalog of Synchronization Mechanisms
Rolling Your Own - Building IRPs to Perform I/O
Save the Environment! - Integrating Build and Developer Studio
Are You Being SRVed? - The Lan Manager File Server on NT
When Opportunity Locks - Oplocks on Windows NT
Going Native - Using the NT API for File I/O
Synchronicity - A Review of Synchronization Primitives
You’ve Gotta Use Protection – Inside Driver
Advantage: Driver Writer – New Functions in the Windows XP DDK
Tracking State and Context - Reference Counting for File System Filter Drivers
Lock ‘Em Up - Byte Range Locking
If You Build It - Visual Studio and Build Revisited
Still Feeling Insecure? - IoCreateDeviceSecure( ) for Windows 2K/XP/.NET
Upsizing - Managing Address Space Increases for IA-64
Using the NT Registry for Driver Install
Securing Device Interfaces - A Better Approach than Sending an SD
OSR Dev Blog:Microsoft Symbol Server LIVE on the Internet
OSR Dev Blog:Must Succeed Pool…DEAD!
OSR Dev Blog:Special Win2K PnP Tracing and Checks
OSR Dev Blog:Undesired Debugger Behavior
OSR Dev Blog: DefineDosDevice Functionality Changes in Windows XPxc2xae
OSR Dev Blog:Warning: Beware winioctl.h from Visual C/C++ Version 6.0
OSR Dev Blog:Win2K IFS Kit Bug Fix
OSR Dev Blog:Want the XP IFS Kit? You’ll have to ORDER it!
OSR Dev Blog:Lots of New PnP and Installation Information
OSR Dev Blog:XP DDK Resets PATH Environment Variable
OSR Dev Blog:Fast I/O for WDM Drivers NOT Called When Verifier’s Enabled
The DDK Is Dead – Long Live the LDK!
OSR Dev Blog:New DDK Package – The DDK Suite (Update)
OSR Dev Blog:Changes to SOURCES in XP DDK
OSR Dev Blog:Need the XP DDK FAST?
OSR Dev Blog:Change to Allow Page Mapping in XP
OSR Dev Blog:WDM.H or NTDDK.H?
OSR Dev Blog:Building Within Visual Studio (IDE)
OSR Dev Blog:Must Use New DDK Compiler
OSR Dev Blog:Windows XPxc2xae DDK
OSR Dev Blog:Identifying Unusual IOCTL Device Types
OSR Dev Blog:Are You Writing a Port Driver?
OSR Dev Blog:New Build Definitions?
OSR Dev Blog:Check the Knowledge Base!
All About Lint - PC Lint and Windows Drivers
OSR Dev Blog:IoValidateDeviceIoControlAccess() in XP SP1/.NET
Bagging Bugs xe2x80x94 Avoidance and Detection Tips to Consider
OSR Dev Blog:Beware of KeAcquireSpinLockRaiseToSynch(…)!
OSR Dev Blog:Definition of DDKBUILDENV Changed in Windows XPxc2xae
OSR Dev Blog:Definition of xe2x80x9cCPUxe2x80x9d Environment Variable Changed
Downloads:BANG! – Crash on Demand Utility
The WDK Speaks: Interview with Dagmar Shannon, WDK Documentation Manager
?Fixed in the Next Release? ? Product Review Update: VMWare and Connectix
OSR Dev Blog:WdfSend: Are There REALLY Three Useful Variants?
OSR Dev Blog:Don’t Forget to Use FILE_DEVICE_SECURE_OPEN
Cache Me if You Can: Using the NT Cache Manager
In Context: Understanding Execution Context for NT Drivers
Choose Your Weapon: Kernel Mode Debuggers - a Choice at Last
From Andy’s Bookshelf: WinDbg Extension for GDI
From Andy’s Bookshelf: Video Drivers and the Registry
Throw the Book at ‘Em: Books on Writing NT and WDM Device Drivers
Beyond IRPs: Driver to Driver Communications
Without A Trace? Event Tracing in Windows
On One Condition – Conditionally Compiling For Your Target OS
Play It Again, Sam – Reparse Points in Windows
Don’t Call Us – Calling Conventions for the x86
Guest Article: Simplifying Development with DDK Macros
OSR Dev Blog:Disabling Hard Error Pop-ups
Finding File Contents in Memory
I Wanna Be A Bus Driver Baby – Writing Windows Bus Drivers Part II
Wild Speculation – Debugging Another Crash Dump
Stop Interrupting Me – Of PICs and APICs
A New Interface for Driver Writing – The Windows Driver Framework
Tracing Update – New Tracing Features for Windows
The Basics:Rules for Irp Dispatching and Completion Routines
Pardon the Interruption – Interrupt Handling Changes in Windows
Emerging Issues in IoCancelFileOpen
The Basics:Resolving Symbol Problems in WinDBG
The Basics:So What Is A Page Fault?
File Systems:A Brief Explanation of FsRtlCheckOplock
File Systems:Caching in Network File Systems
OSR Dev Blog:Querying the name of a file
Downloads:OSR Online IOCTL Decoder
The Basics:Exactly What Is A Driver?
Trust Yet Verify – All About Driver Verifier
OSR Dev Blog:Oh that Hurts, How to use IoForwardIrpSynchronously
The Basics:How Do I Replace A System File? Try .KDFILES
OSR Dev Blog:New Spinlock Functions
OSR Dev Blog:No More Embedded Assembler or x87 FP
File Systems:How Are Files Deleted In Windows
Kernel Mode Basics: An Introduction to Bitmaps
OSR Dev Blog:Files Opened as a result of a Remote Request
The Basics:Kernel Driver Frequestly Asked Questions (FAQ)
Nt vs. Zw - Clearing Confusion On The Native API
OSR Dev Blog:Where’s The Checked Build?
OSR Dev Blog:Simplifying Time Interval Specification
The Basics:DDI’s That Raise An Exception
Guest Article: Driver Installation During Windows Setup
Rock On With 64-bit Windows – Porting Windows Drivers to AMD64
Sidebar Discussion – Nt vs. Zw Continued
OSR Dev Blog:Who Owns Which Pool Tag
OSR Dev Blog:NTFS Does Not Support Query Operations on Stream File Objects
Caching in the Pentium 4 Processor
OSR Dev Blog:No Pool Tagging for Special Pool
OSR Dev Blog:Permanent Pool Overrun Checking Starting With XP SP2
The Future Is Now – The WDF Kernel Mode Framework
Service Pack or Dot Release? – Test With XP SP2 Now
File Systems:Notes on Installing Mini Filters
OSR Dev Blog:Disabling Shutdown Query for Server 2003
OSR Dev Blog:Getting DbgPrint Output To Appear In Vista and Later
OSR Dev Blog:New Verifier Pool Checks In LH
OSR Dev Blog:Duplicate Disk Writes
OSR Dev Blog:How to Determine if System Running in Safe Mode
OSR Dev Blog:Inlining into SEH Filters Can Result in Invalid Code on AMD64
File Systems:Mapping Win32 to Internal File Creation Options
File Systems:Beware the old SFilter!
WDF PnP/Power Interview with Microsoft’s Jake Oshins
OSR Dev Blog:ExAllocatePoolWithQuota Raises Exceptions
OSR Dev Blog:Device Manager Error Codes
OSR Dev Blog:PCI Express, PCI-X and other mysteries
A Soft Life – Implementing Software-Only Drivers Using KMDF
File Systems:Security During Create Operations
Brand New ‘Bag – The Latest on WinDBG
Easy Once You’ve Done It – Setting Up the Debugger
Go Diskless – Using the Microsoft Symbol Servers
It’s a Setup – What You Need to Start Developing Drivers
It’s Easy to be Hard – Testing with HCTs
Just Checking Revisited – Installing a Partially Checked Build
On the Right Path – Testing with Device Path Exerciser
One Special Case – Testing File Systems
Sometimes You Have to Write Your Own – Case Study: ActGen IO Utility
Test Lab Basics – Choosing Machines for Your Lab
Test Lab Basics – Helpful Hardware Accessories
Testing from the Ground Up – Getting a Good Start
Try This – Interactive Driver Testing
What’s Your Test Score – Best Practices for Driver Testing
You’ve Typed !analyze -v, Now What? – Next Steps in Debugging
The Basics:Bugchecks Explained: PFN_LIST_CORRUPT
The Basics:Bugchecks Explained: PAGE_FAULT_IN_NONPAGED_AREA
The Basics:Bugchecks Explained: KERNEL_DATA_INPAGE_ERROR
The Basics:Bugchecks Explained: NO_MORE_IRP_STACK_LOCATIONS
Don’t Blow Your Stack – Clever Ways to Save Stack Space
OSR Dev Blog:Pool and Memory Events
OSR Dev Blog:Ever have to update a system but don’t have a Floppy Drive
Downloads:Increment Version (IV) Utility
File Systems, File System Filter Drivers and Removable Storage Devices
File System Filter Context - Observations and Comments
Locking Down Drivers - A Survey of Techniques
Almost Like Being There - Virtual Server 2005
Keep Version Resources Up-To-Date
OSR Dev Blog:WHICH DDK Do I Use??
OSR Dev Blog:I Hooked Up The Debugger Using 1394, and NOW…
OSR Dev Blog:Relative opens and IoCreateFileSpecifyDeviceObjectHint
OSR Dev Blog:Why Is The IRQL Always 0xFF When I Do !PCR?
OSR Dev Blog:No Deadlock Verification on x64 UP Systems
OSR Dev Blog:Don’t __try to Catch The DbgBreakPoint(…) Exception
OSR Dev Blog:Need help with WPP tracing?
WPP Tracing Part I – Supporting Windows 2000 and Beyond
WPP Tracing Part II – Coexisting Peacefully with WMILIB
Living in Harmony – File System Filter-to-Filter Interaction
Guest Article – An Exceptionally Trying Bug
Meandering Through the Object Manager – How to Get From Create to a Target Device Object
OSR Online - The Home Page for Windows Driver Developers
OSR Dev Blog:Watch that return from IoSetCompletionRoutineEx
Don’t be Afraid to Commit – The Transactional File System (TxFS) in Windows
Proper Completion – Resubmitting IRPs from within a Completion Routine
How to Get There from Here – Redirecting Create Requests
OSR Dev Blog:Go to DevCon? Don’t Throw Out That CD!
OSR Dev Blog:Living With 64-Bit Windows
Downloads:Sample WDF Driver for Sealevel Digital I/O Kit
Back to Basics - An Introduction to Transactions
Guest Article: C++ in an NT Driver
The Basics:Beware the (boot)strap
Pass the Data Please – Getting Information from ISR to DPC
Master of the Obvious – MDLs are Lists that Describe Memory
Guest Article: Writing a File System Minifilter - Pitfalls, Hints and Tips
Look Out for Vista – Remember PoCallDriver and PoStartNextPowerlrp
OSR Dev Blog:No Win2K Support for KMDF?
Guest Article: Designing a Device API: Part 1 - What It Means, and Why You Should Do It
OSR Dev Blog:Only Signed Drivers To Run on Vista X64
OSR Dev Blog:The WDK Build Environment – Not Getting Better
OSR Dev Blog:LH Server Beta 3 WDK Available
Making A Hash Of It - Hashing Techniques
After All, It’s Version One - Kernel-Mode Driver Framework V1.0 Ships
KMDF Filter Driver: 30-Minutes – Installation: Ah…Somewhat Longer
It’s NOT Your Computer - Microsoft to Block Unsigned x64 Drivers on Vista
UMDF 101 - Understanding User Mode Driver Frameworks
The Tale of Two Evaluators: Understanding MASM and C++ Expression Evaluators in WinDbg
UMDF 102 - Overview of a UMDF Driver
KMDF Basics: Using Counted Queues
Getting Crash Dumps to Appear in Win7
OSR Dev Blog:USB 2.0 Debugging
File Systems:Windows Streams - An Introduction to File System Streams
The Basics:More on MDLs - MDLs Are Opaque
In Denial - Debugging STATUS_ACCESS_DENIED
OSR Dev Blog:Disabling User Account Control on Vista
OSR Dev Blog:No More x86 Only Submissions to WHQL
Power Play - Power Management Changes in Vista
Just Sign Everything - What to Sign and How to Sign It for Vista
What is Coming with Vista - Limited User Access
Write No Code…Get a GUI - Vista Power Plan Integration
Exceptional Behavior - x64 Structured Exception Handling
What’s in a (Process) Name? Obtaining A Useful Name for the Executable Image in a Process
The Late Show, with OSR - Ten Things You Need to Know About Vista
ASSERT Yourself - The New NT_ASSERT Macro in the WDK
Tooling Around with Vista - Modifying Windows Boot & Debug Options in Vista
OSR Dev Blog:x64 Driver Signing as of Vista RC1 (and later)
OSR Dev Blog:Debugging WDK Build Environments
18 Months Later: Release The KMDF Source Code!
Managing Dynamic Function Loading
OSR Dev Blog:DTM and WDK split
Starting Out: Should You Learn WDM or WDF?
OSR Dev Blog:MmGetSystemRoutineAddress IS BROKEN!?
OSR Dev Blog:Now Available for Download: Latest WDK Docs
Ten Things You Need To Know About KMDF
When is a Queue not just a Queue? WDFQUEUEs
Kernel-Mode Basics: Windows Linked Lists
Guest Article: Designing a Device API - Part II: Function Declarations
Debugging 103: Where To Go With A System Crash
Filtering File Systems - Then Things You Should Know
Downloads:VBCDEDIT Vista Boot Configuration Utility
Downloads:SetDbgPrintFiltering
Go Ahead: Name Your Device Objects But Always Use Protection
Of SDs, ACLs & INFs: The INs and OUTs of Device Object Protection
(Un)Expected Behavior: Windows Vista and File Systems
OSR Dev Blog:Server 2008 WDK Arrives
Why Your User Mode Pointer Captures are Probably Broken
Kernel Mode Basics: Splay Trees
Guest Article - Introduction to Registry Filtering in Vista (Part I)
The NT Insider Digital Edition – Sept-Oct 2011 Now Available!
Designing a Device API Part III: Exporting Functions
Debugging Techniques: Take One…Give One
Don’t Waste Your Time: You Can Afford a USB Analyzer
Common Topics - Deferred Procedure Call Details
Safety First - Using the Windows String Safe Functions
Using WinUSB for User-Mode to USB Device Communication
Multi-Interface Devices in KMDF
Downloads:OSRSYSTOOL Osr Test System Configuration Utility
Writing a Virtual Storport Miniport Driver
Take a Break - Missed Breakpoints? Here’s Why…
Analyst’s Perspective: x64 Trap Frames
Writing a Virtual Storport Miniport Driver (Part II)
The Community Steps Up: VisualDDK
Downloads:WinDBG Command History Extension
Writing a Virtual Storport Miniport Driver (Part III)
Get Low - Collecting Detailed Performance Data with Xperf
File Systems:File Systems and Filters: A Specialty
Writing Filters is Hard Work: Undocumented DFS & RDR Interactions
Getting Better: Virtual Storport Tweaks
The Basics of Debugger Extensions: Short Term Effort, Long Term Gain
Getting Away From It All: The Isolation Driver (Part I)
ERESOURCEs Close Cousin: Implementing Reader/Writer Locks in User-Mode
Analyst’s Perspective: Debug Smarter
The Basics:It’s All About The Basics
From 1996: Peter Pontificates – Discover The Internet
Five Things to Like: Visual Studio Integration
The Wonderful World of Software Drivers
Getting Away From It All: The Isolation Driver (Part II)
The NT Insider Digital Edition – Jan/Feb 2011
Peter Pontificates: Asking Questions
Analyst’s Perspective: Analyzing User Mode State from a Kernel Connection
Five Things to Not Like: Visual Studio Integration
Being Resourceful! Creating a Proper Version Information Resource
Analyst’s Perspective: 10 WinDBG Commands You Might Not Know (But Should)
The NT Insider Digital Edition – May/June 2011
Epic Update: Win8 WDK Provides Visual Studio Integration
WDK Preview: Installation Through Debugging
But Wait…There’s More! Win8 and WDK Changes You’ll Care About
Windows 8 Preview: File System Changes
Windows 8 WDK - Converting Sources Based Projects to vcxproj
OSR Dev Blog:Investigating a NULL Pointer Dereference
OSR Dev Blog:Understanding EvtIoStop
OSR Dev Blog:Can You NEVER Break the Rules?
OSR Dev Blog:Test Signing Made Simple
The NT Insider Digital Edition – Mar-Apr 2013 Now Available!
OSR Dev Blog:Spice up your debugger output with DML!
OSR Dev Blog:Using WinDbg to hunt for strings
OSR Dev Blog:Understanding WDFMEMORY Objects
OSR Dev Blog:Turning a Breakpoint into a Busypoint
OSR Dev Blog:UMDF V2 – It’s KMDF Compatible!
OSR Dev Blog:When CAN You Call WdfIoQueuePurgeSynchronously
The NT Insider Digital Edition - Jan-Feb 2014 Now Available!
OSR Dev Blog:There’s a WDFSTRING?
OSR Dev Blog:HCK Client install on Windows N versions
OSR Dev Blog:Windows 8.1 Update: VS Express Now Supported
The NT Insider Digital Edition - May-June 2014 Now Available!
The NT Insider Digital Edition - May-June 2016 Now Available!
The NT Insider Digital Edition - Sept-Oct 2014 Now Available!
The NT Insider Digital Edition - Nov-Dec 2014 Now Available!
The NT Insider Digital Edition - Mar-Apr 2015 Now Available!
The NT Insider Digital Edition - July-August 2015 Now Available!
Youtube
Windows Internals course by sourcelens.com.au
Книги
-
What Makes It Page?: The Windows 7 (x64) Virtual Memory Manager - Enrico Martignetti link
-
Memory Dump Analysis Anthology(all parts) - Dmitry Vostokov
-
Reverse Engineering для начинающих - Денис Юричев
-
Windows Kernel Programming (Работа с ядром Windows) - Pavel Yosifovich
-
Windows Internals Book 7th edition (Внутреннее устройство Windows) - Mark Russinovich
-
Фундаментальные основы хакерства. Анализ программ в среде Win64 - Касперски Крис
-
Windows 10 System Programming, Part 1 - Pavel Yosifovich
-
Windows 10 System Programming, Part 2 - Pavel Yosifovich
-
The Elements of Computing Systems: Building a Modern Computer from First Principles - Noam Nisan, Shimon Schocken
-
Troubleshooting with the Windows Sysinternals Tools - Mark Russinovich
-
Восстановление данных практическое руководство [2021] - Крис Касперски
-
Advanced Windows Debugging - Mario Hewardt
-
BIOS Disassembly Ninjutsu Uncovered
-
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software (Вскрытие покажет! Практический анализ вредоносного ПО) - Andrew Honig and Michael Sikorski
- Технология программирования на С++. Win32 API приложения - Николай Литвиненко
-
Системное программирование в WINAPI - Ю.В. Марапулец
-
Программирование для Windows 95 - Чарльз Петзольд
-
Win32 API. Эффективная разработка приложений - Юрий Щупак
-
Windows для профессионалов. Создание эффективных WIN32-приложений с учетом специфики 64-разрядной версии Windows - Джефри Рихтер
-
Windows via C/C++. Программирование на языке Visual C++ - Джеффри Рихтер, Кристоф Назар
-
Modern Windows Exploit Development - Massimiliano Tomassoli link
-
Системное программирование в среде Windows - Харт Джонсон
-
Системное программирование в Window - Александр Побегайло
-
Операционная система Microsoft Windows 3.1 для программиста - Александр Фролов, Григорий Фролов https://www.frolov-lib.ru/
-
Программирование графики для Windows - Фень Юань
-
Использование Microsoft Windows Driver Model - Они Уолтер
-
Организация ввода-вывода. Драйверы WDM 2011 - Рощин А.В.
-
FireWire System Architecture (2nd Edition) - Don Anderson
-
ISA System Architecture (3rd Edition) - Tom Shanley, Don Anderson
-
PCI System Architecture (4th Edition) - Tom Shanley, Don Anderson
-
PCI Express System Architecture - Ravi Budruk, Don Anderson, Tom Shanley
-
PCI-X System Architecture - Tom Shanley
-
SATA Storage Technology - Don Anderson
-
Внутреннее устройство Microsoft Windows: Windows Server 2003, Windows XP, Windows 2000. - М. Руссинович, Д. Соломон
-
Недокументированные возможности Windows 2000 - Свен Шрайбер
-
Программирование драйверов Windows - В.П.Солдатов
-
Windows NT File System Internals, 1997 - Rajeev Nagar
- Руткиты и буткиты. Обратная разработка вредоносных программ и угрозы следующего поколения [2022] - Матросов, Родионов, Братусь