Learn

Deep technical guides on reverse engineering, memory operations, hooking, and platform internals.

Memory Operations

Reading/writing process memory, pointer chains, AOB scanning, memory regions, VirtualQuery/VirtualAlloc, heap and stack analysis.

Reading Process Memory with ReadProcessMemory

Multi-Level Pointer Chains Explained

Building an AOB Scanner from Scratch

Memory Region Enumeration with VirtualQuery

Heap vs Stack: Practical Analysis

x86/x64 disassembly, finding functions and signatures, vtable analysis, PE/COFF internals, static and dynamic analysis workflows.

x86/x64 Instruction Set Primer

Finding Functions via Signature Scanning

Virtual Table (vtable) Reconstruction

PE Format Deep Dive: Sections, Imports, Exports

Static vs Dynamic Analysis: When to Use Which

Detour hooks, IAT/EAT patching, VMT hooking, inline hooks with relocation, syscall interception, VEH-based hooks.

Detour Hooks: Manual and MinHook

IAT and EAT Patching Explained

VMT Hooking for Game Interfaces

Inline Hooks on x64: Handling Relocations

Exception-Based Hooks with VEH

DLL injection techniques, shellcode injection, process hollowing, thread hijacking, APC injection, TLS callbacks.

DLL Injection: LoadLibrary vs Manual Map

Reflective DLL Injection Internals

Shellcode Injection Techniques

Process Hollowing Step by Step

APC Injection and Early Bird

Windows kernel internals, x86/x64 ABI, calling conventions, WinAPI/NTAPI, PEB/TEB/EPROCESS structures, bypass techniques.

PEB and TEB: Undocumented Structures

x64 Calling Convention Deep Dive

WinAPI vs NTAPI vs Syscalls

Handle Hijacking and Object Enumeration

ASLR, DEP, CFG: How They Work

x64dbg, IDA Pro, Ghidra, Cheat Engine scripting, WinDbg kernel debugging, ReClass.NET, PE analysis tools.

x64dbg: Essential Workflows

IDA Pro vs Ghidra: Feature Comparison

Cheat Engine Lua Scripting Guide

WinDbg Kernel Debugging Basics

ReClass.NET: Structure Reconstruction

Content is continuously updated. More articles and interactive examples coming soon.