Posts published in “Debugging”

Why you should not always trust MSDN: Finding Real Access Rights Needed By Handles

Published June 6, 2019 by Mohammad Sina Karvandi

Why you should not always trust MSDN: Finding Real Access Rights Needed By Handles

Introduction Hi guys, The title of this topic is somehow weird, if you think everything in MSDN is 100% match with what Microsoft implemented in Windows (like what I used…

Using Intel’s Streaming SIMD Extensions 3 (MONITOR\MWAIT) As A Kernel Debugging Trick

Published September 8, 2018 by Mohammad Sina Karvandi

Using Intel’s Streaming SIMD Extensions 3 (MONITOR\MWAIT) As A Kernel Debugging Trick

Introduction MONITOR and MWAIT are using when the CPU needs to be stopped executing the instruction and enter an implementation-dependent optimized state until some special event happens. MONITOR sets up…

Inside Windows Page Frame Number (PFN) – Part 2

Published August 7, 2018 by Mohammad Sina Karvandi

Inside Windows Page Frame Number (PFN) – Part 2

Hey there, In the previous part, I’d explained about Page Frame Number and its importance in the OSs architecture. In this part, I’ll trace PFN more practically. I strongly recommend…

Inside Windows Page Frame Number (PFN) – Part 1

Published July 19, 2018 by Mohammad Sina Karvandi

Inside Windows Page Frame Number (PFN) – Part 1

Introduction (Page Frame Number) Windows and almost all the OSs use Page Frame Number Database in order to have a track of virtually allocated pages to know which page must…

Defeating malware’s Anti-VM techniques (CPUID-Based Instructions)

Published June 13, 2018 by Mohammad Sina Karvandi

Defeating malware’s Anti-VM techniques (CPUID-Based Instructions)

[The picture of this post is taken by one of my best friends, Ahmad Ghazi in Chitgar Lake !] Introduction You should by now be aware of everything, cause the topic’s title…