This week Im going to give a talk at Shakacon entitled Challenge of Windows physical memory acquisition and exploitation — then I think it’s time to release a new version of win32dd. Two major bugs fixed in this release are: System cache size was growing because the output file was mapped, then it filled the [ Read More ]
In fact, this new key category appearred for the first time in Windows XP, formely called Whistler, in early 2001. Yes, almost 9 years ago. But its structure CM_BIG_DATA had been removed from Microsoft Windows XP public symbols but not from Windows Vista and later symbols. Basicaly, this “secret” registry key had been briefly introduced [ Read More ]
It’s official – I’m a Microsoft Entreprise Security MVP For people who don’t know what MVP means here is the definition from wikipedia: Microsoft MVPs are exceptional technical community leaders from around the world who have been awarded for voluntarily providing technical expertise towards technical communities supporting Microsoft products or technologies. (Wikipedia) Past well-know MVPs [ Read More ]
Based on Windows Vista I/O priorities manager, Windows 7 provides a new class to retrieve information/statistics about about Low I/O priority counts. Function: NtQuerySystemInformation Class: SystemLowPriorityInformation Privilege: None Output size: 0×24 bytes The output structure is the following. typedef struct _LOW_PRIORITY_INFORMATION { ULONG IoLowPriorityReadOperationCount; ULONG IoLowPriorityWriteOperationCount; ULONG IoKernelIssuedIoBoostedCount; ULONG IoPagingReadLowPriorityCount; ULONG IoPagingReadLowPriorityBumpedCount; ULONG IoPagingWriteLowPriorityCount; ULONG [ Read More ]
This post is the first of a serie of articles/blogposts about new System Information Class under Windows 7 (32bits ATM) used by both NtQuerySystemInformation and extended version of this API called NtQuerySystemInformationEx introduced in Windows 7 and Windows 2008 R2. First of all, here is the prototype of these functions. NTSTATUS (WINAPI *NtQuerySystemInformationEx)(SYSTEM_INFORMATION_CLASS SystemInformationClass, PULONG [ Read More ]
