Monthly Archives: January 2014

February: Blog Post List

This is hopefully going to be the upcoming blog posts for February: VTables and Virtual Functions Thread Storage Slots I/O Completion Ports IRP Queues PE Header Sections Registry Internals URBs and USB Internals I’m also going to explore the I/O … Continue reading

Posted in Miscellaneous | Leave a comment

Types of Page Faults

This blog post will expand upon the idea of Page Faults, which resolve problems with Virtual to Physical Address Translation, and take a look at the different kinds of Page Faults which can happen. Collided Page Faults Collided Page Faults … Continue reading

Posted in Windows Internals | Leave a comment

Rootkits: Direct Kernel Object Manipulation and Processes

DKOM is one of the methods commonly used and implemented by Rootkits, in order to remain undetected, since this the main purpose of a roottkit. To be able to access Kernel-Mode code and data structures without detection from security programs … Continue reading

Posted in Windows Internals | 2 Comments

List of WHEA Data Structures

I’ve listed other WHEA data structures in my other blog posts, and therefore will not be listing the same ones here. The purpose of this blog post is to list the WHEA data structures available with WinDbg, and Microsoft’s Public … Continue reading

Posted in Stop 0x124 | Leave a comment

Understanding PCI Configuration Space

I noticed in a dump file I was debugging for a user on Sysnative Forums, within the call stack there was a few references to PCI Configuration Space. The PCI Configuration Space can be accessed by device drivers and other … Continue reading

Posted in Windows Internals | Leave a comment

Algorithms and Data Structures – Calculating Insertion and Deletion Time Complexity of Singly Linked Lists

Prerequisites: – Knowledge of C/C++– Knowledge of Calculus/Algebra Time Complexity and O(n) You could consider this topic as a Computer Science/Programming topic. However, I always consider Computer Science and Programming to be two different topics rather than the same thing, even … Continue reading

Posted in Computer Science | Leave a comment

Internals of Direct Memory Access Part 2

This Part 2 of my tutorial about looking at how Direct Memory Access works on Windows, this part look at Bus Mastering which is the current and modern implementation of DMA. With Bus Mastering, there is no concept of a … Continue reading

Posted in Windows Internals | 1 Comment