🟢 3️⃣ Context Switch

وقتی CPU بین Process/Thread ها جا به جا میشه:

رجیسترها ذخیره میشن

رجیسترهای اجرای جدید اپلود میشن

چرا؟ چون اجرای برنامه ممکنه ناپیوسته دیده بشه




🟢 3️⃣ Context Switch

When the CPU switches between Process/Thread:

Registers are saved

New execution registers are loaded

Why? Because program execution may appear discontinuous

@reverseengine

🟢 4️⃣ Memory Layout چیدمان حافظه Process

هر Process معمولا این بخش‌ ها رو داره:

Copy code

Code (text) → دستورالعمل‌ها

Data → متغیرهای ثابت

Heap → حافظه داینامیک

Stack → متغیرهای تابع

Mapped DLLs → کتابخانه‌ها

RE:
وقتی در debugger حافظه رو میبینید این بخش‌ ها رو تشخیص میدید



🟢 4️⃣ Memory Layout Process Memory Layout

Each Process usually has these sections:

Copy code

Code (text) → Instructions

Data → Constant variables

Heap → Dynamic memory

Stack → Function variables

Mapped DLLs → Libraries

RE:
When you look at memory in the debugger, you will recognize these sections

@reverseengine

40

🟢 5️⃣ Virtual Memory

سیستم‌ عامل به هر Process یک Virtual Address Space میده

یعنی:
برنامه فکر میکنه حافظه پیوسته داره
ولی OS اونو به صفحات واقعی RAM map میکنه

مزایا:
جداسازی Process ها
امنیت
کنترل دسترسی

کاربرد RE:

آدرس‌ هایی که میبینید virtual هستند




🟢 5️⃣ Virtual Memory

The operating system gives each process a Virtual Address Space

That is: The program thinks it has contiguous memory
But the OS maps it to real RAM pages

Advantages:
Process isolation
Security
Access control

RE usage: The addresses you see are virtual

@reverseengine

🟢 6️⃣ Paging

حافظه به Page تقسیم میشه مثلا 4KB

Page Table
مشخص میکنه:

این page به کجای RAM وصله

دسترسیش چیه R/W/X

کاربرد RE: وقتی صفحه execute نیست اجرای کد خطا میده


🟢 6️⃣ Paging

Memory is divided into Pages, for example 4KB

Page Table
Specifies:

Where is this page attached to in RAM

What is its access R/W/X

RE usage: When the page is not executed, executing the code gives an error

@reverseengine

Windows Process

@reverseengine

Windows Exploitation Techniques

https://projectzero.google/2025/12/windows-exploitation-techniques.html

@reverseengine

ARM64 Reversing and Exploitation Blog Series

https://8ksec.io/arm-64-reversing-and-exploitation-series

@reverseengine

Proxy DLL

https://github.com/kleiton0x00/Proxy-DLL-Loads

@reverseengine

easy-kernelmapper: map your driver with a batch

Intro https://www.unknowncheats.me/forum/anti-cheat-bypass/476567-easy-kernelmapper-map-driver-batch.html

Repo https://github.com/0dayatday0/BattleFN-cheat-analysis

Analysis https://github.com/0dayatday0/BattleFN-cheat-analysis/blob/main/cheat-analysis.pdf

@reverseengine

Bypassing KPP on Windows 11 25H2

https://github.com/HexilionLabs/AltSys

@reverseengine

Anti-virus artifacts Listing APIs hooked by: Avira, BitDefender, F-Secure, MalwareBytes, Norton, TrendMicro, and WebRoot

https://github.com/D3VI5H4/Antivirus-Artifacts

@reverseengine

BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution

https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html

@reverseengine

Repo with 100500 pwn tasks with writeups

https://github.com/nobodyisnobody/writeups


@reverseengine

How LLMs Feed Youe RE Habit

https://clearbluejar.github.io/posts/how-llms-feed-your-re-habit-following-the-uaf-trail-in-clfs

@reverseengine

Modding And Distributing Mobile Apps with Frida

https://pit.bearblog.dev/modding-and-distributing-mobile-apps-with-frida

@reverseengine

Linux system call hooking using Ftrace

https://xcellerator.github.io/posts/linux_rootkits_02

@reverseengine

Speculating the entire x86-64 Instruction Set In Seconds with This One Weird Trick

https://blog.can.ac/2021/03/22/speculating-x86-64-isa-with-one-weird-trick