. .. @88> x .d88" u. u. %8P u. 5888R .. x@88k u@88c. . . ...ue888b '888R u .@88i ^"8888""8888" .@88u .udR88N 888R Y888r 888R us888u. ""%888> 8888 888R ''888E` <888'888k 888R I888> 888R .@88 "8888" '88% 8888 888R 888E 9888 'Y" 888R I888> 888R 9888 9888 ..dILr~` 8888 888R 888E 9888 888R I888> 888R 9888 9888 '".-%88b 8888 888R 888E 9888 u8888cJ888 888R 9888 9888 @ '888k "*88*" 8888" 888& ?8888u../ "*888*P" .888B . 9888 9888 8F 8888 "" 'Y" R888" "8888P' 'Y" ^*888% "888*""888" '8 8888 "" "P' "% ^Y" ^Y' '8 888F %k <88F "+:*%` .. . x .d88" @88> .u . 5888R %8P u. u. u. . u .d88B :@8c '888R . x@88k u@88c. ...ue888b .udR88N us888u. ="8888f8888r 888R .@88u ^"8888""8888" 888R Y888r <888'888k .@88 "8888" 4888>'88" 888R ''888E` 8888 888R 888R I888> 9888 'Y" 9888 9888 4888> ' 888R 888E 8888 888R 888R I888> 9888 9888 9888 4888> 888R 888E 8888 888R 888R I888> 9888 9888 9888 .d888L .+ 888R 888E 8888 888R u8888cJ888 ?8888u../ 9888 9888 ^"8888*" .888B . 888& "*88*" 8888" "*888*P" "8888P' "888*""888" "Y" ^*888% R888" "" 'Y" 'Y" "P' ^Y" ^Y' "% ""
· · · · · · · · · · · · · · · · · · · · · · · · · · · · · · ·

I break things apart to understand how they work.

Reverse Engineering Windows Internals C++ / x86 ASM NT Native API Red Hat UTN · TUP 🎸 also makes music
github
whoami.txt [ esc to close ]

$I'm Nico — 18, Mar del Plata, Argentina. I study programming at UTN and spend most of my time learning.

$My focus is Windows Internals and Reverse Engineeringprocess mechanics, memory subsystems, undocumented NT APIs, and how the kernel structures things no official doc fully explains.

$Started coding at 13. Everything I know about low-level systems is self-taught — built by reading source, reversing binaries, and breaking things until I understand why they break.

$Outside the terminal I play guitar, bass & drums — I record and produce my own tracks from scratch.

╔═══════════════════════════╗ ║ // SKILLS & STACK ║ ╚═══════════════════════════╝
Languages
C++ C Rust x86 Assembly Java TypeScript HTML / CSS
Reversing & Analysis
IDA Pro x64dbg Process Hacker PE internals
Windows Internals
NT Native API Win32 API Process / Thread Memory Subsystem
Dev Tools
Git Visual Studio IntelliJ IDEA VS Code Angular Spring Boot
╔═══════════════════════════╗ ║ // PROJECTS & WORK ║ ╚═══════════════════════════╝
01 — C++ Active
DirectOverlay

External process inspector with a DX11 overlay rendered in ZBID_IMMERSIVE_NOTIFICATION band — the same layer used by Windows system notifications. Bypass windows composition through avoiding transparenct (replaced by IDXGIOutputDuplication) Read-only memory access via inherited handle traversal. Sub-millisecond visual latency. Invisible to screen capture.

02 — C++
CreateWindowInBand (4) Implementation

Creates windows in ZBID_IMMERSIVE_NOTIFICATION band by injecting into explorer.exe — no certificate or manifest required. Renders above fullscreen applications and Task Manager. Documents an undocumented NtUser interface.

03 — C++
Process Proxy Handle Hijacking

Reads and writes process memory without opening new handles — by locating a process that already holds an inheritable handle to the target via NtQuerySystemInformation, then routing operations through it. Demonstrates a lesser-documented Windows handle inheritance mechanic.

04 — C++
PICII

Code execution via NtSetInformationProcess instrumentation callbacks (Nirvana Hooks). Executes in a remote process immediately after any syscall returns — no CreateRemoteThread required. Relevant to EDR/AV internals and syscall-level tracing research.

// open channel
88 88 ,d 88 88 88 ,adPPYba, MM88MMM ,adPPYba, 88 a8P_____88 88 I8[ "" 88 8PP""""""" 88 `"Y8ba, 88 "8b, ,aa 88, aa ]8I 88 `"Ybbd8"' "Y888 `"YbbdP"' 88 88 ,d 88 88 88 88 88 MM88MMM ,adPPYYba, 88 88 ,d8 88 "" `Y8 88 88 ,a8" 88 ,adPPPPP88 88 8888[ 88, 88, ,88 88 88`"Yba, "Y888 `"8bbdP"Y8 88 88 `Y8a
· · · · · · · · · · · · · · · · · ·

Got a proposal, research idea, or want to collaborate?
Send a signal.