After my post about a CancelIoEx bug, I decided to cover another defect in Windows system components—this time in IP Helper (the part of the Windows API responsible for network statistics and connection tables). Among other things, this API lets you map packets intercepted at the network level to local processes. You’d think it’s a battle-tested mechanism running… Read More »
I don’t consider myself a Go expert and have only occasionally used this language, but I’d like to share a story about a bug at the intersection of Go and the Windows kernel that I was “lucky” enough to encounter. This bug is still present (GitHub issue #64482), although there’s reason to hope it will be fixed in… Read More »
Recently, I have had a small but curious research project with the requirement to decrypt ProtectedHomepages binary value stored under [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected – It is a violation of Windows Policy to modify. See aka.ms/browserpolicy]. While googling around the problem, I have seen a related question on Stack Overflow, so I decided that it may have sense to share… Read More »
This is a short reverse engineering review of one useful remote administration utility, originally authored by Mark Russinovich (you can download it from Microsoft web-site here). The original version of this review was published on this site in 2004, but since the utility is still very popular and users are interested about its internal design, I decided to… Read More »
The original version of this article was published on this site over 14 years ago and was named “Firewall for Windows” (firewalls were popular at that time, however the same kind of drivers can be used for the wide variety of networking applications). Lots of time has passed so far, and described old Windows operating systems are mostly… Read More »