Enabling Client-Side Crash-Resistance to Overcome Diversification

Why Does Windows Crash?

1 avr. 2005 application crashes are caused by both faulty non-robust dll files as well ... a machine reboot as well as Windows explorer crashes

Sample Chapters from Windows Internals Sixth Edition


Crash Data Collection: A Windows Case Study

machines that run Windows XP SP1 are reporting their crashes to our server. crashes which require restarting the explorer process. ... %crash ntdll.dll.

Detile: Fine-Grained Information Leak Detection in Script Engines

6 juil. 2020 engine in Microsoft's Internet Explorer 10/11 on Windows 8.0/8.1. An ... the address space via LdrLoadDll of the 32-bit ntdll.dll.

Windows Process Injection in 2019

New security features: Windows 10 introduced several new process image address of ntdll.dll + 0x20. ... For example ntdll.dll contains the NUL-.
us Kotler Process Injection Techniques Gotta Catch Them All wp

Enabling Client-Side Crash-Resistance to Overcome Diversification

of our methods for 32-bit Internet Explorer 11 on Windows exported by system libraries like ntdll.dll (Windows) or libc.so (Linux).
enabling client side crash resistance overcome diversification information hiding


25 juil. 2016 security of devices running Windows 10 IoT Core such as static/dynamic reverse ... ModLoad: 77400000 77565000 C:windowsSYSTEM32ntdll.dll ...
us Sabanal Into The Core In Depth Exploration Of Windows IoT Core wp

Autopsie d'une intrusion (( tout en mémoire )) sous Windows

allons explorer dans la suite de l'article se déroule en deux étapes : la le processus cible (toutes ces fonctions étant exportées par NTDLL.DLL) : ...
SSTIC Article Autopsie d une intrusion tout en memoire sous Windows ruff

Bypassing Memory Protections: The Future of Exploitation

to turn a crash into an exploit is not unusual. Windows multi-threaded application ntdll.dll ... Windows XP SP2 (Aug 2004).

Siofra DLL Hijacking Vulnerability Scanner Cybereason

There is a set of Windows system DLLs (among them are Kernelbase.dll and Ntdll.dll) that are not vulnerable despite lacking an entry in KnownDLLs. The exact 
Siofra Research Tool Cybereason