📚 Basics

🤓 About the CPU

In this article I will dissect what CPU Cache and TLB are. It can help understand how Meltdown and Specter work.

Memory Addressing

I’ve had a lot of time to dive into certain pecularities of how programs are outlined both in RAM and on disk when working as a malware analyst.

Proccess Memory Layout

Intro At the very beginning of my career I found it hard to grasp the notion of memory layout and stack.

Assembly 💯

During forensics investigation it’s sometimes needed to reverse engineer some suspicious piece of code. This section is a reverse engineering dive-in section.

Compilation and Linking 🔗

In this article I am trying to reasearch compilation and linking process. Terms .cpp - is a human-readable file written in any programming language.

Data Types

VarInt Is used to safe memory. For example, number 5 only occupies 1 byte, but 1032 will need two bytes to live.

Exceptions

⚠️ Note that x64 does not use this mechanism for exception handling. Consider the following code:

Interrupts

Character Special Files One of the examples of a special files are: /dev/stdin /dev/stdout /dev/random (PRNG which may delay returning a value to acquire additional entropy.

Packers and Unpacking

References [1] Manual unpacking (rus 🇷🇺) [2] Unpacking FSG 2.0 (rus 🇷🇺) [3] Introduction to unpacking (rus 🇷🇺)

Positive and Negative Numbers

Intro One’s complement Two complement