Windows Internals Software Architect

Developed the most advanced code creation & injection, and API hooking engine available for Windows, which became the foundation for several products, including Blue Coat's ProxyRA, Quaresso's Protect on Q, and also used for HTTPS pre-encryption filtering in Blue Coat's ProxyClient! Used for anti-malware, information protection controls, post-mortem clean-up (no code on disk), etc.

Developed a 64-bit and a 32-bit windbg extension for code creation, injection, hooking, and detection of IAT & EAT hooks.

Developed an NDIS IM driver for modification of TCP packets.

Extensive modifications to a TDI driver for redirection.

Developed a Filesystem Minifilter for encryption.

Developed a system for intercepting COM and RPC calls across process boundaries. (Used for information controls in Internet Explorer 7, for Blue Coat ProxyRA, and Quaresso's Protect on Q.)

Developed a system for implementing COM hooks to intercept/modify/replace COM calls inside of a process. (Used for information controls in Blue Coat's ProxyRA, and Quaresso's Protect on Q.)

Developed tools for building DLLs and other Windows PE file tools.

Extensive understanding of Windows Internals, Process creation and startup, safe injection methods, safe ejection methods, etc. Full understanding of the Windows loader, and how to create a compatible loader by hand.

Developed tools for building self-cleaning code on-the-fly, injecting and executing it in a process.

For additional information, other skills (e.g. SQL, CORBA, DCE, etc.), and information on my experience with multi-platform injection and hooking capabilities, as well as experience in embedded systems, iPhone application development, Unix programming and internals, and microprocessor programming see http://www.andrewlsandoval.com.