Inline Hooking NtCreateFile in User Mode
Setting up an x64 inline hook on NtCreateFile with a proper trampoline: overwriting bytes, building the jump-back, and thread safety considerations.
Process Hollowing on Windows 11 24H2
Revisiting the classic RunPE technique against updated Defender telemetry and ETW providers in the Windows 11 24H2 build.
Parsing the PEB Without windows.h
Walking the Process Environment Block by hand to resolve exports — the foundational technique behind shellcode and reflective loaders.