An Anti-Reverse Engineering Guide

  1. Breakpoints

  2. Timing Attacks

  3. Windows Internals

  4. Process Exploitation

  5. Anti-Dumping

  6. IA-32 Instruction Exploits

  7. OllyDBG Specific

  8. WinDBG Specific

  9. Other Techniques

What Do Exceptions Cost, In Theory?

Hardware breakpoints (from C++ code) on Intel

This is a debugging helper class which lets you set breakpoints on the fly from within code. This is mainly useful for the case where you have a variable that you know is getting trashed, but you have no idea who is trashing it. You can cause the debugger to break in at the very moment the variable is changed. The really cool thing is that this makes use of the Intel Pentium's built-in debug registers, which means that it really will stop no matter what code is executing, even if it's down in the NT kernel, in a different thread, or whatever.

Standing on the shoulders of the blue monster - Hardening Windows applications

Microsoft has implemented lots of useful functionality in Windows that they use in their own products. Many of these features can be used to enhance the security of third party applications, but not many developers or software architects know about them. This talk will detail some of the technical underpinnings of Windows features like UAC, IE protected mode and Terminal Serivces and show how they can be used to defend your own software from attack.

Multi-Core Support in Windows 7

Threads or Cores: Which Do You Need?

Porting to 64-bit Platforms

Boost: Intrusive and non-intrusive containers

The main difference between intrusive containers and non-intrusive containers is that in C++ non-intrusive containers store copies of values passed by the user. Containers use the Allocator template parameter to allocate the stored values.

On the other hand, an intrusive container does not store copies of passed objects, but it stores the objects themselves. The additional data needed to insert the object in the container must be provided by the object itself. For example, to insert MyClass in an intrusive container that implements a linked list, MyClass must contain the needed next and previous pointers:

Beyond Locks and Messages: The Future of Concurrent Programming

Message passing’s major flaw is the inversion of control–it is a moral equivalent of gotos in un-structured programming (it’s about time somebody said that message passing is considered harmful). MP still has its applications and, used in moderation, can be quite handy; but PGAS offers a much more straightforward programming model–its essence being the separation of implementation from algorithm. The Platonic ideal would be for the language to figure out the best parallel implementation for a particular algorithm. Since this is still a dream, the next best thing is getting rid of the interleaving of the two in the same piece of code.

Decoding the parameters of a thrown C++ exception (0xE06D7363)
Tomasz Kulig