Matthieu Suiche's blog » 2009 » March

Archive for March, 2009

Demystifying new Windows 7 System Information Classes

March - 31 - 2009

Posted by Matthieu Suiche

Comments Off

Debugging Reverse Engineering SandMan Windows

This post is the first of a serie of articles/blogposts about new System Information Class under Windows 7 (32bits ATM) used by both NtQuerySystemInformation and extended version of this API called NtQuerySystemInformationEx introduced in Windows 7 and Windows 2008 R2. First of all, here is the prototype of these functions. NTSTATUS (WINAPI *NtQuerySystemInformationEx)(SYSTEM_INFORMATION_CLASS SystemInformationClass, PULONG [ Read More ]

Debugged! MZ/PE: MagaZine for/from Practicing Engineers #1 is out!

March - 9 - 2009

Posted by Matthieu Suiche

# Authors: Dmitry Vostokov, Matthieu Suiche, Roberto Alexis Farah # ISBN-10: 1906717389 # ISBN-13: 978-1906717384

Twitter Updates

New commands in WinDbg 6.2.8102.0 http://t.co/Q91NXKLF # 2011/10/02

RT @joshuamsmith_: MoonSols DumpIt released free of charge. (dd for windows, great for forensics) very cool, thx to @MoonSols http://t.c ... # 2011/08/13

"Interesting Malware Trick" using MoonSols DumpIt http://t.co/ljlGpQJ # 2011/08/13

Remember 5-days private training are also available if you want to learn more. See http://bit.ly/l4RAxc for more information. #BlackHat # 2011/08/01

Second round of training about Advanced Physical Memory Acquisition and Analysis starting today ! #BlackHat #LasVegas # 2011/08/01

Featured Video

Sponsors