Windows / OS Internals

Here are the articles in this section:Configuring Kernel Debugging Environment with kdnet and WinDBG PreviewCompiling a Simple Kernel Driver, DbgPrint, DbgViewLoading Windows Kernel Driver for DebuggingSubscribing to Process Creation, Thread Creation and Image Load Notifications from a Kernel DriverListing Open Handles and Finding Kernel Object AddressesSending Commands From Your Userland Program to Your Kernel Driver using IOCTLWindows Driver Model (WDM)Windows Kernel Drivers 101x64 Calling Convention: Stack FrameSystem Service Descriptor Table - SSDTInterrupt Descriptor Table - IDTToken Abuse for Privilege Escalation in KernelManipulating ActiveProcessLinks to Hide Processes in UserlandETW: Event Tracing for Windows 101Exploring Injected ThreadsA short exploration of injected threads with Get-InjectedThreads.ps1 and WinDBGParsing PE File Headers with C++Instrumenting Windows APIs with FridaExploring Process Environment BlockExploring a couple of interesting members of the PEB memory structure fieldsWriting a Custom Bootloader