One the most wonderful instruments I ever used is IDA – interactive disassembler. If your job is connected with reversing, then IDA is a “must have” instrument. It really helps saving a lot of time when there is a need to understand the logics implemented in 3rd party code. Since you don’t have the source [...]
Archive of entries posted on November 2006
Seems like “malware” may have a chance to exist under Windows Vista
Microsoft to give Vista kernel access to security firms – an interesting article that explains why Microsoft is going to publish new API to allow 3rd party security software to access the Vista kernel. This is a really amazing news, because once these gates will be opened to 3rd party security software they can be [...]
Why does Windows do not provide more flexible API for Shell Context Menu Handlers?
Recently, I came across an interesting situation. My PC (XP SP2) was making some calculations. CPU activity was high. I was surfing through my folders and clicked on one of them using right button of the mouse. The context menu appeared after 10-20 seconds … “Why does it takes so long” - I asked myself? [...]
www.sysinternals.com is gone
There is no www.sysinternals.com already. If you try to navigate to Mark’s web site you will find that it redirects to http://www.microsoft.com/technet/sysinternals/default.mspx. Since Microsoft acquired Sysinternals in July, 2006 it already changed the project a bit …
Russian guy in Windows Kernel Team …
Here is an interesting blog I read from time to time: http://blog.not-a-kernel-guy.com/. Unfortunately the blog is written in russian, so those of you who does not know it need to use translation tools. The blogger name is Alexey Pakhunov and he works as a developer in Windows Kernel Team.
TDI Filter drivers in Vista: new article is coming
WNDP team is going to publish on its blog the document which describes in details how to create TDI clients and TDI filter drivers in Vista. An interesting thing is that Vista does not allow to hook the dispatch table of TDI provider. The TDI filter should use IoAttachDeviceToDeviceStack or IoAttachDevice to layer itself between [...]
Choosing the undocumented ways when dealing with security. General thoughts.
There is some kind of a struggle in the newsgroups between those who accepts the ‘undocumented’ programming and those who does not. I will try to express my thoughts concerning this issue here. Nowadays, all popular AntiVirus (AV) software products can be divided into two main groups: - those who has protection (and use undocumented [...]
Developers Days in Kiev, Ukraine. Novermber 10, 2006
If you live in Ukriane you have a chance to visit Microsoft Developers Days that will take place in Kiev on 10-th of November 2006. For more details visit the following link: http://www.microsoft.com/Ukraine/Events/DevelopersDaysAutumn2006/Kiev.mspx I am not going to visit it because I live in a bit different world now. There is no Ajax, WF, WPF [...]
