Search found 1099 matches

by rkhunter
Sat Jan 13, 2018 7:14 am
Forum: Kernel-Mode Development
Topic: Undocumented structures for W2k-Win10
Replies: 21
Views: 58012

Re: Undocumented structures for W2k-Win10

Win10 RS3 (1709) + KB4056892 (Spectre/Meltdown update and KPTI) ntoskrnl pdb and structures
by rkhunter
Fri Jan 12, 2018 6:58 pm
Forum: Reverse Engineering and Debugging
Topic: Question about Spectre vulnerability mitigation
Replies: 0
Views: 2764

Question about Spectre vulnerability mitigation

Guys, I have little question about Spectre#1 mitigation in Win10 kernel.

For what Win10 kernel trap handlers were updated with LFENCE instructions? As I understand Spectre#1 can't allow Ring 3 code to read kernel memory or to be executed as Ring 0. Or I'm wrong?
by rkhunter
Mon Oct 30, 2017 11:08 am
Forum: Kernel-Mode Development
Topic: Undocumented structures for W2k-Win10
Replies: 21
Views: 58012

Re: Undocumented structures for W2k-Win10

Windows 10 Redstone 3 (1709) HAL (10.0.16299.15) pdb + extracted structures.
by rkhunter
Fri Oct 20, 2017 7:30 pm
Forum: Kernel-Mode Development
Topic: Undocumented structures for W2k-Win10
Replies: 21
Views: 58012

Re: Undocumented structures for W2k-Win10

Windows 10 Redstone 3 (1709) ntoskrnl (10.0.16299.15) pdb + extracted structures.
by rkhunter
Tue Sep 05, 2017 1:25 pm
Forum: Tools/Software
Topic: Enhanced Mitigation Experience Toolkit (EMET)
Replies: 12
Views: 34714

Re: Enhanced Mitigation Experience Toolkit (EMET)

EMET on Windows 10 Insider aka PayloadRestrictions.dll and how it is loaded into a process

https://github.com/deroko/payloadrestrictions
by rkhunter
Mon Aug 14, 2017 11:28 am
Forum: Reverse Engineering and Debugging
Topic: Articles
Replies: 32
Views: 72887

Re: Articles

Exploring Windows virtual memory management

http://www.triplefault.io/2017/08/explo ... emory.html
by rkhunter
Thu Aug 10, 2017 10:51 am
Forum: Tools/Software
Topic: Enhanced Mitigation Experience Toolkit (EMET)
Replies: 12
Views: 34714

Re: Enhanced Mitigation Experience Toolkit (EMET)

Moving Beyond EMET II – Windows Defender Exploit Guard

https://blogs.technet.microsoft.com/srd ... oit-guard/
by rkhunter
Wed Aug 09, 2017 2:49 pm
Forum: Tools/Software
Topic: Enhanced Mitigation Experience Toolkit (EMET)
Replies: 12
Views: 34714

Re: Enhanced Mitigation Experience Toolkit (EMET)

Windows 10 += EMET (Windows Defender Exploit Guard)

https://blogs.technet.microsoft.com/mmp ... rs-update/