Technical articles on reverse engineering, bypass and security research, Chromium hooks, drivers, and low-level Windows and GPU topics—including why screen capture can show a black window for protected windows. Pick a category on the left, then browse or search articles on the right.
11 posts
How the NVIDIA graphics stack splits between kernel driver and user-mode components, what nvapi64.dll does, how NvAPI functions are dispatched by ID, and why mapping undocumented APIs matters for reverse engineering and defensive research.
Full HTML table of NvAPI-style symbols: function name, 32-bit API key (hex), and internal spec class — on-page for SEO and security research reference.
A defensive, practical guide to SmartScreen’s role in Windows, why warnings happen, and why SmartScreen alone is not a complete security boundary.
Comprehensive, defense-focused overview of a common pattern: using trusted or signed executables as loaders to execute attacker-controlled code, and how to detect and mitigate it.
Screen capture of protected windows, how to understand black window and capture protected window issues on Windows, SetWindowDisplayAffinity (WDA_EXCLUDEFROMCAPTURE), and how the compositor decides what recorders actually see.
SetWindowDisplayAffinity bypass for protected windows: stack layers (app hooks, duplication APIs, NVIDIA scanout, driver buffers, DWM, kernel), plus hook-based approaches for authorized screen capture and remote desktop.
A technical walkthrough of unpacking and analyzing Themida-protected executables.
Hooking Chromium and Chrome for SSL/TLS inspection in a controlled environment.
Creating a hidden desktop for remote access that does not appear on the user's screen.
Technical overview of RTP (Return to Player) management in slot and casino systems.
Safe techniques for testing software against AV in red-team and dev scenarios.