Assume that we have 4 cores, at some point a core raise to DISPATCH_LEVEL, can the rest 3 cores run threads at PASSIVE_LEVEL or APC_LEVEL now? If not, can the rest 3 cores run threads also in DISPATCH_LEVEL now? On the other hand, at that point if the 4 cores is all running, and one ..
Linux Kernel in its primitive form was first written in 1991; Windows NT kernel (differ from Win9x Kernel which was based on DOS) purportedly began development in 1990. I think OS design can’t entirely be "original" in several senses: good design will always influence later designs. new features are getting added or replacing some older ..
Until today I had understood that Windows only worked with ring 0 and 3 (it remain level ring 1 and 2 for compatibility). However, today I have heard that the drivers work at level 1 and 2, while the kernel at level 0. Could you please explain to me, please? Source: Windows..
I want to know if modern Rootkits on Windows 10 64 bit is still using Hooks? for things like: Hide process and files, protect process and files, etc. I know the PatchGuard make it really hard to implement. I read the book "Windows Kernel Programming" by Pavel Yosifovich and in the book there are projects ..
I recently read the book "Windows Kernel Programming" by Pavel Yosifovich. In Chapter 9 – "Object and Registry Notifications" there is a project called "The Process Protector Driver", after I finish the book I try to create this project from 0 and add my upgrades. Every time I was trying to run my driver I ..
I’m trying to deploy the hello world driver from the microsoft documentation on my laptop. I installed both the windows SDK and the WDK on my laptop and I even installed windows driver testing framework manually after that: msiexec /i "Windows Driver Testing Framework (WDTF) Runtime Libraries-x64_en-us.msi" Even after installing all this stuff after I ..
I have created a KMDF driver, which is running perfectly fine when my testing system is booted via test mode (bcdedit /set testsigning on), but i dont want to keep this enabled, just to use my driver. Research showed, that i dont need to constantly enable testsigning, i just need an test certificate. I followed ..
I want to read stack of a just created thread. In the callback function of PsSetCreateThreadNotifyRoutine() stack is still empty. Is there any other way to read what I want besides using pre/post features in ObCallback? Source: Windows..
I want to understand the significance of the values for each property in Windows event Log ID 41. Windows System event ID 41 from source Kernel-Power has the following properties – EventData BugcheckCode 159 BugcheckParameter1 0x3 BugcheckParameter2 0xffffe30f22f99dc0 BugcheckParameter3 0xffffbc0b39c7f7d0 BugcheckParameter4 0xffffe30f237703e0 SleepInProgress 0 PowerButtonTimestamp 0 BootAppStatus 0 Checkpoint 41 ConnectedStandbyInProgress false SystemSleepTransitionsToOn 9 CsEntryScenarioInstanceId ..
hi guys i build a kernel driver and i use it to get PEB of process with out handle i successfuly get the peb and i know it from the imageBaseAddress when i enumerate on the modules (PEB_LDR_DATA and LIST_ENTRY) i get the modules of my process why?? (ishuld get the remote process modules) here ..