books search
books
Donate
Log In
Log In
to access more features
personal recommendations
Telegram Bot
download history
send to Email or Kindle
manage booklists
save to favorites
Personal
Book Requests
Explore
Z-Recommend
Booklists
Most Popular
Categories
Contribution
Donate
Uploads
Litera Library
Donate paper books
Add paper books
Search paper books
My LITERA Point
Terms search
Main
Terms search
search
1
Advanced Windows Memory Dump Analysis with Data Structures
OpenTask
Dmitry Vostokov
0y0
fffff980
fffff801
ffffe000
0x304
0x300
0x370
fffffa80
device
usertime
void
0xffffe000
_list_entry
symbols
ffffd000
fffff800
evaluate
blocked
0y1
_large_integer
0x6b4
deferred
driver
module
0x36c
0x00000000
stack
context
0xfffffa80
user32
0x0
win32kfull
0x000
_ex_push_lock
command
0x2dc
0x001
0xffffc000
event
dumps
unqualified
path
flags
windbg
0x002
0x003
system32
current
kiswapcontext
win32k
Year:
2017
Language:
english
File:
PDF, 9.54 MB
Your tags:
4.5
/
0
english, 2017
2
Advanced Windows Memory Dump Analysis with Data Structures, Fourth Edition, Revised
Dmitry Vostokov
ffffbe0c
fffff807
0y0
svchost.exe
00007ffe
0x460
0xffffbe0c
0x87c
0x464
win32kfull
imagefilename
0x5a8
blocked
ffffa28c
driver
stack
void
deferred
ntusergetmessage
fffff804
_list_entry
user32
ntkrnlmp
device
0x000
x64
usertime
0y1
kiswapcontext
dumps
ntdll
0x14
_ex_push_lock
0x76
0xffff800e
advwmda
kisystemservicecopyend
context
ptr64
kicommitthreadwait
ffffa784
kernel
kiswapthread
0x25
win32u
command
windbg
0x159
0x3a7
irp
Year:
2022
Language:
english
File:
PDF, 7.26 MB
Your tags:
0
/
5.0
english, 2022
3
[5-2]DKOM隐藏进程+保护进程.pdf
[5-2]DKOM隐藏进程+保护进程.pdf
0x440
ptr64
void
0x43c
listentry
uint8b
uint4b
_large_integer
隐
blink
flink
_list_entry
核
dkom
win64
班
胡
bits
eprocess
process_flag_offset
ulong64
枚
链
0x1f8
activeprocesslinks
oldirql
pulong
ulong
函
摘
码
0x188
0x2d0
_ethread
_ex_fast_ref
_ex_push_lock
_mm_avl_table
bisprotect
define
flag
int4b
peprocess
plist_entry
process_active_process_links_offset
removelistentry
uchar
zwquerysysteminformation
屏
蓝
败
File:
PDF, 416 KB
Your tags:
0
/
0
4
Finding Digital Evidence in Physical Memory
Mariusz Burdach
memory
analysis
kernel
structures
processes
sys_read
linked
linux
forensic
frames
virtual
address_space
addresses
eprocess
evidence
anti
descriptor
directory
forensics
internal
methods
pfn
swap
volatile
0x1000
dump
enumerates
finding
gdb
mapped
struct
acquisition
detecting
operating
ptrace
systems
tools
array
cleared
core
count
database
descriptors
device
doubly
entries
enumerate
enumerating
esp
examples
Year:
2005
Language:
english
File:
PDF, 2.49 MB
Your tags:
0
/
5.0
english, 2005
1
Follow
this link
or find "@BotFather" bot on Telegram
2
Send /newbot command
3
Specify a name for your chatbot
4
Choose a username for the bot
5
Copy an entire last message from BotFather and paste it here
×
×