In fact, this new key category appearred for the first time in Windows XP, formely called Whistler, in early 2001. Yes, almost 9 years ago. But its structure CM_BIG_DATA had been removed from Microsoft Windows XP public symbols but not from Windows Vista and later symbols. Basicaly, this “secret” registry key had been briefly introduced [ Read More ]
Based on Windows Vista I/O priorities manager, Windows 7 provides a new class to retrieve information/statistics about about Low I/O priority counts. Function: NtQuerySystemInformation Class: SystemLowPriorityInformation Privilege: None Output size: 0×24 bytes The output structure is the following. typedef struct _LOW_PRIORITY_INFORMATION { ULONG IoLowPriorityReadOperationCount; ULONG IoLowPriorityWriteOperationCount; ULONG IoKernelIssuedIoBoostedCount; ULONG IoPagingReadLowPriorityCount; ULONG IoPagingReadLowPriorityBumpedCount; ULONG IoPagingWriteLowPriorityCount; ULONG [ Read More ]
This post is the first of a serie of articles/blogposts about new System Information Class under Windows 7 (32bits ATM) used by both NtQuerySystemInformation and extended version of this API called NtQuerySystemInformationEx introduced in Windows 7 and Windows 2008 R2. First of all, here is the prototype of these functions. NTSTATUS (WINAPI *NtQuerySystemInformationEx)(SYSTEM_INFORMATION_CLASS SystemInformationClass, PULONG [ Read More ]
As you probably know, Microsoft released last month several thousands pages of documentation about office file format and Windows protocols. It means numerous hundreds(thousands?) of functions/algorithms documentation and pseudo-code. But, are these pseudo-function right? It looks not. While I was reading [MS-DRSR]: Directory Replication Service (DRS) Remote Protocol Specification, I was a bit curious to [ Read More ]
Since Windows 2000, Microsoft provides a feature called Hibernation also know as suspend to disk that aims to save the system state into an undocumented file called hiberfil.sys. This file contains all the physical memory saved by the Operating System and aims to be restored by the user the next time the computer is powered [ Read More ]
