One HBGary developper wrote a blogpost about windd entitled “Windd – Almost there, but not quite…“. HBGary says *they* but I would like to say to readers that windd is a project that I developped and maintain alone, on my spare time. More and more people are using windd so it looks I have to [ Read More ]
This post is the first of a serie of articles/blogposts about new System Information Class under Windows 7 (32bits ATM) used by both NtQuerySystemInformation and extended version of this API called NtQuerySystemInformationEx introduced in Windows 7 and Windows 2008 R2. First of all, here is the prototype of these functions. NTSTATUS (WINAPI *NtQuerySystemInformationEx)(SYSTEM_INFORMATION_CLASS SystemInformationClass, PULONG [ Read More ]
Tomorrow, I’ll publish a bugfix for win32dd about the following problem: on multi-processors computers a BSOD occurs when user try to generate a Microsoft Crash dump file through the -d option. The problem is located inside KdGetDebuggerDataBlock function, when the function try to read KdVersionBlock field an invalid pointer is returned because this field is [ Read More ]
I’m going to discuss about Microsoft Crash Dump Analysis weaknesses, but in fact this blogpost is somehow an introduction to the next version of Win32DD 1.2. Indeed, the next version of win32dd will have crash dump generation implemented and some others things you’ll enjoy too. Any reader who is interested in this topic is encouraged [ Read More ]
As you probably know, Microsoft released last month several thousands pages of documentation about office file format and Windows protocols. It means numerous hundreds(thousands?) of functions/algorithms documentation and pseudo-code. But, are these pseudo-function right? It looks not. While I was reading [MS-DRSR]: Directory Replication Service (DRS) Remote Protocol Specification, I was a bit curious to [ Read More ]
