My notes while studying Windows internals
-
Updated
May 30, 2024 - C
My notes while studying Windows internals
An easy-to-use library for emulating memory dumps. Useful for malware analysis (config extraction, unpacking) and dynamic analysis in general (sandboxing).
Contains all the material from the DEF CON 31 workshop "(In)direct Syscalls: A Journey from High to Low".
An example of how to use Microsoft Windows Warbird technology
The history of Windows Internals via symbols.
Interactive CTF Exploration Tool
Solutions to Windows Kernel Programming exercises by Pavel Yosifovich
Dump syscall numbers from ntdll.dll
An example of a client and server using Windows' ALPC functions to send and receive data.
Windows 10 PE image loader (LDR) NTDLL component toolbox
Add a description, image, and links to the windows-internals topic page so that developers can more easily learn about it.
To associate your repository with the windows-internals topic, visit your repo's landing page and select "manage topics."