The Windows Master developer path takes you from a "generic" C programmer to a master Windows programmer in user mode and kernel mode.

The Windows Registry is one of the most recognized aspects of Windows. It’s a hierarchical database, storing information on a machine-wide basis and on a per-user basis… mostly. In this…

As part of the second edition of Windows Kernel Programming, I’m working on chapter 13 to describe the basics of the Windows Filtering Platform (WFP). The chapter will focus mostly on kernel-…

Normally, a process created by another process in Windows establishes a parent-child relationship between them. This relationship can be viewed in tools such as Process Explorer. Here is an example…

Many developers and researcher are faimilar with the SetWindowsHookEx API that provides ways to intercept certain operations related to user interface, such as messages targetting windows. Most of …

null

The relationship between processes and threads is fairly well known – a process contains one or more threads, running within the process, using process wide resources, like handles and addres…

Following "Day One", this course continues with Windows Internals details, discussing Processes, Jobs, and Threads.

Recon 2023 slides and code. Contribute to zodiacon/Recon2023 development by creating an account on GitHub.

null

Day 3 deals with various kernel mechanisms.

The term “Zombie Process” in Windows is not an official one, as far as I know. Regardless, I’ll define zombie process to be a process that has exited (for whatever reason), but at…

The standard Windows Registry contains some keys that are not real keys, but instead are symbolic links (or simply, links) to other keys. For example, the key HKEY_LOCAL_MACHINE\System\CurrentContr…

Delve into programming the Windows operating system through the Windows API in with C++. Use the power of the Windows API to working with processes, threads, jobs, memory, I/O and more. The book...

null

null

WinDbg is a powerful Microsoft debugger, able to debug user mode and kernel mode code. This course shows the major aspects of working with WinDbg, in user and kernel mode, with and without source...

null

Online workshop presented by Pavel Yosifovich, author of "Windows Kernel Programming" famous book series.Knowledge about Windows drivers internals plays a cr...

null

null

It’s been a while since I gave the Windows Internals training, so it’s time for another class of my favorite topics! This time I decided to make it more afordable, to allow more people …

null

There is nothing like the power of the kernel in Windows - but how do you write kernel drivers to take advantage of that power? This book will show you how. The book describes software kernel drivers...

Continuing the "Windows Internals" series, day 4 deals with Memory Management.

null

I’m happy to open registration for the next 5 day Windows Internals training to be conducted in November in the following dates and from 11am to 7pm, Eastern Standard Time (EST) (8am to 4pm P…

null

null

null

Today I’m announcing a new training – COM (Component Object Model) Programming, to be held in November. COM is a well established technology, debuted back in 1993, and is still very muc…

A while back I blogged about the differences between the virtual desktop feature exposed to users on Windows 10/11, and the Desktops tool from Sysinternals. In this post, I’d like to shed som…

While teaching a Windows Internals class recently, I came across a situation which looked like a bug to me, but turned out to be something I didn’t know about – dynamic symbolic links. …

Introduction Win32 APIs provide powerful functionality that let you get the most out of Windows in your applications. While these APIs are readily accessible to C and C++ developers, other languages...

null

Simple x86/x64 Assembler/Disassembler/Emulator. Contribute to zodiacon/QuickAsm development by creating an account on GitHub.

Here is a simple experiment to try: open Visual Studio and create a C++ console application. All that app is doing is display “hello world” to the console: #include int …

null

Contribute to zodiacon/rust-course development by creating an account on GitHub.

I’ve recently posted about the upcoming training classes, the first of which is Advanced Windows Kernel Programming in April. Some people have asked me how can they participate if they have n…

You may have been asked this question many times: “How much memory does this process consume?” The question seems innocent enough. Your first instinct might be to open Task Manager, go …

I am announcing the next 5 day Windows Internals remote training to be held in January 2022, starting on the 24th according to the followng schedule: Jan 24 – 2pm to 10pm (all times are based…

Bundle of the set of 5 Windows Internals courses.

Ever since I realized BASIC wasn’t the only living programming language, I thought about writing my own. Who wouldn’t? If you’re a developer, surely this idea popped into your mind at some point. N…

null

null

Short videos related (mostly) to Windows Internals and software development.

Looking at a typical Windows system shows thousands of threads, with process numbers in the hundreds, even though the total CPU consumption is low, meaning most of these threads are doing nothing m…

Total Registry - enhanced Registry editor/viewer. Contribute to zodiacon/TotalRegistry development by creating an account on GitHub.

Unless you’ve been living under a rock for the past several years (and you are a software developer), the Rust programming language is hard to ignore – in fact, it’s been voted as…

null

null

null

When a thread is created, it has some priority, which sets its importance compared to other threads competing for CPU time. The thread priority range is 0 to 31 (31 being the highest), where priori…

null

Much of the Windows kernel functionality is exposed via kernel objects. Processes, threads, events, desktops, semaphores, and many other object types exist. Some object types can have string-based …

Doing any kind of research into the Windows kernel requires working with a kernel debugger, mostly WinDbg (or WinDbg Preview). There are at least 3 “levels” of debugging the kernel. Lev…

null

null

TrainSec training is the difference between soldier and general in the fight for cybersecurity. 

The foundations of the Component Object Model (COM) are made of two principles: Clients program against interfaces, never concrete classes. Location transparency – clients need not know where…

The Windows system-level API provides a rich infrastructure for building Windows applications, whether client, server, and anything in between. This course guides the learner through the intricacies...

null

I love Graphical User Interfaces, especially the good ones :) Some people feel more comfortable with a terminal and command line arguments – I prefer a graphical representation, especially wh…

null

null

It’s been a while since I gave the Windows Internals training, so it’s time for another class of my favorite topics! This time I decided to make it more afordable, to allow more people …

null

null

Welcome to Windows 11 Internals: Memory Management. This course will teach you how Windows uses and manages virtual and physical memory. You’ll learn how memory is used in Windows and the most common...