I have an application that I've written that crashes intermittently, but I'm unable to capture an exception at the application layer. I always get an entry in the event log but doesn't give me much...

This is the first time I try to hook windows API. My goal is to monitor all files that a process is going to create/open/read/write. In order to be the most verbose possible, I decided to hook the...

I've just found out by accident that doing this GetModuleHandle("ntdll.dll") works without a previous call to LoadLibrary("ntdll.dll"). This means ntdll.dll is already loaded in my process. Is it...

I have designed a Python software to collect data from my microcontroller and make live plots: I have twelve matplotlib animations in my GUI (the GUI is designed with PyQt). Each matplotlib anim...

I've written a simple (test) script to list files in a selected directory. Not using FindFirstFile; only native API. When I execute the script and watch, Win32API monitor tells me STATUS_SUCCESS. M...

I have a program that I've written in Java and have set up with Windows Task Scheduler to run every 5 minutes. It executes "C:\Program Files\Java\jre7\bin\javaw.exe" and passes along the jar file a...

I am having trouble to get a Visual C++ executable to work, the app crashes , here is what I have seen in the event viewer. Faulting application name: submit.exe, version: 0.0.0.0, time stamp: 0x5...

I had olly 2 Beta which was working fine but it misses some old features of Olly 1 like Call stack window and also it doesn't works with any plugins. So i decided to switch to Olly 1.10. The prob...

What is the difference between NtCreateProcess and ZwCreateProcess? In ntdll.dll, both NtCreateProcess and ZwCreateProcess point to exactly the same address

I want to call some Nt function from ntdll.dll, I'm doing that like this above. For calling: NtTestAlert() , you need typical ntcall kernel routine, accessable via int 2Eh. ( from here I got Nt fu...

Using the topic Overview - Handle Enumeration, number 5, the attempt Close mutex of another process and and information from Mutex analysis, the canary in the coal mine and discovering new families...

If you have an executable on Windows, you can view its import section with the DUMPBIN utility (included e.g. in Visual Studio). To get a list of all imported DLLs you can run something like this ...