Just enough kernel to get by (part 2) : Syscall & SSDT

Last week we detailed the interrupt dispatch internals, today we will focus on the syscall mechanism. System overview The diagram below shows a very high level and simplified view of the Windows architecture (I have omitted subsystem and GDI stuff to keep it simple) So basically there are 3 families…

Just enough kernel to get by (part 1) : Interrupts handling

This is the first article of a serie about Windows kernel architecture. Goal is to give a basic ovebitrview of the kernel space, just enough to be able to start developing a simple driver and debug it. It does not intend to replace the lecture of Windows Internals and will…

Windows kernel debugging / WDK, the beginning...

If you want to get in the driver development area and/or kernel debugging there is a few must read. First know the OS architecture, you don't want to write drivers without this knowledge, and in this area the reference is "Windows internals" : Windows Internals part 1 & 2 (ISBN-10…

Free Windows VMs to play ("debug") with

As i intend to spend quite some time speaking about Windows kernel debugging here, i figured giving up a cool link would be a good start. Since not anyone has a MSDN subscription at home, getting access to a bunch of free prebuilt Windows VMs is always a good news…