Still on my way to learning of Windows kernel, I spend considerable amount of time on WinDbg Preview. I’ve been scripting my way to understand its components, the last in date was nt!ObpRootDirectoryO…
This post summarizes some of the work I’ve been doing for the past few months during my (few) off times. Nothing new, mostly just a structured reminder for my later self. Introduction What-The-Fuzz is…
I’ve recently decided to read cover to cover some Windows Internals books, and currently reading the amazing book “What Makes It Page”, it gave me some ideas to play with Section Objects as they cover…
One of Windows kernel subsystem I recently dug into is the Configuration Manager (CM), mostly because I found very scarce public resources about it despite its criticality: this subsystem is responsib…
Background This is a short blog post that I decided to finish recently after looking for a way to sandbox Win32 apps, but lazy as I am, I wanted something that was free/open-source & robustly tes…
Sometimes you read about an awesome exploitation technique (#1), so you want to go deeper. So this is my notes about how trying to totally understand the exploitation of CVE-2020-0796 (#2), I ended up…
The short version The short version is that there’s a small logic bug in user32!EndTask() which doesn’t really check the HWND handle passed when forcefully killing the process, allowing unprivileged …
Or, on how to use the (Windows 10) new field _ETHREAD.ThreadName to stabilize kernel RW primitives SetThreadDescription() as a way to allocate controlled kernel pools Keeping on with experimenting wit…
A few scrap notes about my migration from VirtualBox to Hyper-V (in case I attempt to do the same again in the future 😁) Moving a VirtualBox VM to Hyper-V Hyper-V doesn’t support OVF/OVA format, but i…
If WinDbg was already setting the standard of what modern debuggers should be like, no doubt WinDbg Preview brings it to a next level. The JavaScript API is not perfect yet but already very efficient,…