The Vidstrom Labs Blog

Insights and advice from Vidstrom Labs. We cover everything from application security and security testing to operating system internals, reverse engineering, and hardware programming.


The legal boundaries of reverse engineering in the EU

By Arne Vidstrom

May 19, 2019

It's not easy to find detailed and practical advice about the legal boundaries of reverse engineering in the EU. People who work in the field aren't lawyers, and the lawyers don't know much about the technology involved. I've worked in the field professionally for years, and I've also taken a few university-level courses in law, but please take into account that I'm no lawyer. For a US perspective, I recommend Coders' Rights Project Reverse Engineering FAQ from the EFF...

Continue Reading


The use of TCP ports 139 and 445 in Windows

By Arne Vidstrom

May 15, 2019

Microsoft introduced TCP port 445 with Windows 2000, and it's still in use in Windows 10 and Windows Server 2019. I'll explain what this port is for, and how it relates to security in Windows. At the same time, I'll also explain how you can disable the old TCP port 139...

Continue Reading


Visual Studio 2005 or later problems and solutions

By Arne Vidstrom

May 15, 2019

There are a couple of problems that can occur when you compile your programs with Visual Studio 2005 or later. This is still relevant to Visual Studio 2019...

Continue Reading


A few lessons from building an IBM PC emulator

By Arne Vidstrom

May 15, 2019

A few years ago, I built an IBM PC emulator. I got it to the point that it worked with an unmodified original IBM PC BIOS and could run DOS in text mode and a few graphics modes. While building it, I learned a few valuable lessons that I thought would be nice to share...

Continue Reading


DbgSetDebugPrintCallback - Capturing DbgPrint calls in Windows

By Arne Vidstrom

May 15, 2019

Windows Vista introduced a new export in the kernel, called DbgSetDebugPrintCallback. At the time, I realized that Microsoft had implemented a standardized way to capture DbgPrint calls. I tried to find some documentation describing the new routine, but I couldn't find anything anywhere, so I decided to do some reversing. The export is still undocumented and still present in Windows 10...

Continue Reading


Older blog posts

May 15, 2019 - Historical memory dumping techniques: Memory dumping with NtSystemDebugControl

May 15, 2019 - Historical memory dumping techniques: PhysicalMemory, DD, and caching issues

May 15, 2019 - Historical memory dumping techniques: Memory dumping over FireWire - UMA issues