Search found 1104 matches

by rkhunter
Fri Oct 26, 2018 11:55 am
Forum: General Discussion
Topic: Google Chrome runs much processes
Replies: 0
Views: 138

Google Chrome runs much processes

Just FYI, I have published a blog post named "Why Google Chrome runs so much processes". It is an attempt to find answer why the browser is using much number of processes for own purposes, even if a user has opened only one or two active tabs. https://artemonsecurity.blogspot.com/2018/10/why-google-...
by rkhunter
Sun Sep 30, 2018 8:45 pm
Forum: Reverse Engineering and Debugging
Topic: Articles
Replies: 33
Views: 96570

Re: Articles

My docs (actually a set of web-links) that I'm using every day for security reasons. - Security related pages/docs for MS, Apple, Google, Adobe, Intel. - Wide set of information about speculative execution side channel flaws that I carefully have collected from the beginning of the year. - Actual in...
by rkhunter
Wed Aug 22, 2018 11:17 am
Forum: Kernel-Mode Development
Topic: Entry point for calling DriverEntry at ntoskrnl (Win10)
Replies: 3
Views: 1579

Re: Entry point for calling DriverEntry at ntoskrnl (Win10)

Thx. I've analyzed it without applying structures and Hex-Rays. Looked for call [register+offset] and forgot about _guard_dispatch_icall.
by rkhunter
Tue Aug 21, 2018 6:09 pm
Forum: Kernel-Mode Development
Topic: Entry point for calling DriverEntry at ntoskrnl (Win10)
Replies: 3
Views: 1579

Entry point for calling DriverEntry at ntoskrnl (Win10)

Hi all.

Does anyone remember what function at NT kernel in Win10 responds for calling DriverEntry for loading drivers? I can't find any footprints in IopLoadDriver.
by rkhunter
Sat Jan 13, 2018 7:14 am
Forum: Kernel-Mode Development
Topic: Undocumented structures for W2k-Win10
Replies: 21
Views: 69891

Re: Undocumented structures for W2k-Win10

Win10 RS3 (1709) + KB4056892 (Spectre/Meltdown update and KPTI) ntoskrnl pdb and structures
by rkhunter
Fri Jan 12, 2018 6:58 pm
Forum: Reverse Engineering and Debugging
Topic: Question about Spectre vulnerability mitigation
Replies: 0
Views: 4369

Question about Spectre vulnerability mitigation

Guys, I have little question about Spectre#1 mitigation in Win10 kernel.

For what Win10 kernel trap handlers were updated with LFENCE instructions? As I understand Spectre#1 can't allow Ring 3 code to read kernel memory or to be executed as Ring 0. Or I'm wrong?
by rkhunter
Mon Oct 30, 2017 11:08 am
Forum: Kernel-Mode Development
Topic: Undocumented structures for W2k-Win10
Replies: 21
Views: 69891

Re: Undocumented structures for W2k-Win10

Windows 10 Redstone 3 (1709) HAL (10.0.16299.15) pdb + extracted structures.
by rkhunter
Fri Oct 20, 2017 7:30 pm
Forum: Kernel-Mode Development
Topic: Undocumented structures for W2k-Win10
Replies: 21
Views: 69891

Re: Undocumented structures for W2k-Win10

Windows 10 Redstone 3 (1709) ntoskrnl (10.0.16299.15) pdb + extracted structures.