> reverse-engineering --techniques --assembly

The reverse engineering knowledge base.

A community-driven catalog of techniques, assembly references and tooling for reverse engineering, decompilation and binary analysis.

Explore techniques Read the blog

27: Techniques
29: Assembly entries
41: Glossary terms

Techniques

Explore techniques →

Obfuscationbeginner

Stack Strings

Malware builds sensitive strings character-by-character on the stack at runtime so they never appear as static literals in the binary, defeating simple string-search analysis.

windowslinuxmacos

Code Injectionintermediate

DLL Search Order Hijacking

Malware places a trojan DLL in a directory searched before the legitimate library location, causing Windows to load the malicious version when the target application starts.

windows

Code Injectionadvanced

AtomBombing

Malware stores shellcode in the Windows global Atom Table via GlobalAddAtom, then uses NtQueueApcThread to force a target process to copy and execute it, bypassing traditional injection defences.

windows

Code Injectionadvanced

Thread Execution Hijacking

Malware suspends an existing thread in a target process, overwrites its instruction pointer via SetThreadContext, and resumes it to redirect execution to injected shellcode.

windows

Code Injectionintermediate

SetWindowsHookEx Injection

Malware installs a global Windows message hook via SetWindowsHookEx to force its DLL into target processes, executing code whenever a hooked event fires.

windows

Code Injectionintermediate

APC Injection

Malware queues a shellcode pointer to a target thread's APC queue via QueueUserAPC, executing it when the thread enters an alertable wait state.

windows

The reverse engineering knowledge base.

Category

Techniques

Blog