Skip to content

{ Category Archives } blog

Issues concerning the current blog state and any changes being applied to it.

Windows system call tables updated, refreshed and reworked

Those of you interested in the Windows kernel-mode internals are probably familiar with the syscall tables I maintain on my blog: the 32-bit and 64-bit listings of Windows system calls with their respective IDs in all major versions of the OS, available here (and are also linked to in the left menu): Windows Core (NT) […]

Windows System Call and CSR API tables updated

Having the first spare weekend in a really long time, I have decided it was high time to update some (all) of the tables related to Windows system calls and CSR API I once created and now try to maintain. This includes NT API syscalls for the 32-bit and 64-bit Intel platforms, win32k.sys syscalls for […]

Approaching BlackHat US 2013 and new Dragon Sector blog

This is a quick reminder that Gynvael and I are going to attend BlackHat US 2013 in Las Vegas next week with the “Bochspwn: Identifying 0-days via System-Wide Memory Access Pattern Analysis” presentation on the second day of the event. The talk is going to largely extend our previous performance at SyScan this year (see […]

The HITB Magazine #6 now available!

As usual, I would like to inform you that the sixth issue of the Hack in the Box Magazine has just been published. Unlike previous editions, the paper is released several weeks after the HITB Amsterdam 2011 security conference – we spent the additional time working on providing you with even more interesting sections and […]

HITB E-Zine Issue 005 finally made public

Hello, Today, I would like to present the fifth issue of the well-known Hack In The Box e-magazine, originally brought back to life by Zarul Shahrin, in January last year (see the complete release history here). As usual, every Windows Internals maniac can find something for himself: this time, I described some of the most […]

Windows kernel2user transitions one more time

Hello, Before I start talking (writing?) over the real subject of this short post, I would like to make some interesting announcements. My friend mawekl has recently fired up a project called Security Traps. The website consists of numerous IT-related challenges, ranging from typical JavaScript-hackmes, through Windows software Reverse Code Engineering tasks, up to C/C++ […]

Blog customization, old PHP advisories

Hey there! Today, I would like to post a less-technical text, discussing two issues I have recently came across, or been busy with; don’t worry though, as CSRSS Write-Up: IPC (part 2/3) is on the way. The first matter is about recent changes applied to the blog appearance and functionality, while the latter regards the […]

Windows CSRSS cross-version API Table

Hello! It seems like half a year has passed since I published the Win32k.SYS system call table list on the net. During this time (well, it didn’t take so long ;)) I managed to gather enough information to release yet another API list – this time, concerning an user-mode application – CSRSS (Client/Server Runtime SubSystem). […]

Win32k.SYS system call table

Everyone who has ever had some serious contact with how the Windows kernel mechanisms work, was probably in need to access a complete system call number list (together with the handlers’ definitions). As one of the most important part of the communication process between user’s applications and kernel, SSDT is commonly used for both clearly […]

TraceHook v0.0.1 release

Having some free time, I managed to apply some minor fixed to the TraceHook – I also decided to publish it, by the way. If there will be any bug reports / improvement suggestions, I will be more motivated to return to its development ;)