A repo containing examples relating to various aspects of Windows internals and processor features.
- WDM
- FASMDriver Here
- Native Subsystem Applications
- Keyboard read and display write Here
- WHP (Windows Hypervisor Platform)
- Event Injection Here
KVMAPI
Single Range Output and IP Filtering
Using the Windows Hypervisor Platform, this exmaple shows how you can inject a CPU event into the guest software via the WHvRegisterPendingEvent register. This register essentially correlates to the VM-entry interruption-information field. The guest software is a pseudo OS, only designed to handle one interrupt. event_os.asm is built with FASM.
A simple example of a WDM hello world driver using FASM and many of its useful macros.
A simple example of a native subsystem app which uses NtDisplayString and NtReadFile to write output to the console, and collect input from the keyboard device during the system boot process. Native applications can be launched during the boot process by smss.exe. This can be seen with autochk.exe in the BootExecute key at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager. To test this example, simply add the built executable to this list. Note that this example suspends the smss process in order to wait for the user to process the 'C' key to continue the startup process.