reversing
-
Writing an x64 Inline Hook by Hand (Without Reaching for MinHook)
How x64 inline hooks actually work, when to use a 5-byte relative jump versus a 14-byte absolute trampoline, why displaced instructions break when you copy them naively, …
-
BattleEye's Handle Protection: Code Caves, IAT Tricks, and the Callback You Can't Just Yank
How BattleEye’s kernel driver uses ObRegisterCallbacks to strip process handles, how it intercepts registration via an IAT hook on MmGetSystemRoutineAddress, and a …
-
Walking a Driver's IOCTL Dispatch by Hand
Finding the IOCTL dispatch table in a stripped kernel driver, decoding CTL_CODEs from first principles, and the triage methodology I use in DriverDigger to prioritise …