New in April 2016

Both debugging and reverse engineering are helped by having tables of names and offsets in important data structures. Where these are easily obtained as output from a debugger, I have often kept copies on paper for ready reckoning without having to disturb the output I’m inspecting. Such print-outs are the lowest of low-hanging fruit for the reverse engineer, but I’ve realised over the years that they provide useful background while reading more substantial work. Perhaps only as an experiment, I’ll write up undocumented structures that I refer to in more substantial work.

Kernel-Mode Windows

User-Mode Windows (Win32)