Windows Kernel Debugging: Processes

How to debug the structures that store information about the process in the Windows operating system? This article will answer that question. You will also be introduced to the methods of manipulating the process. Finally, a method of making an existing process similar to a running instance of another program will be presented, using the notepad process and OneDrive.exe as an example. Prepare tea or coffee and feel free to read!

Aug 7 2020
Tags: windows, kernel debugging, process, forensics, malware, rootkit
Windows Kernel Debugging: Crash dump

What to do when you see the Blue Screen of Death again? Microsoft's statistics indicate that at least 70% of blue screen instances are caused by incorrect driver implementation. Unfortunately, the flawless implementation of the operating system kernel module is a difficult and responsible task. If you have ever wanted to look under the hood of the Windows operating system, identify a problematic driver or are looking for a rootkit hiding in kernel space, I invite you to read the article.

Jul 14 2020
Tags: windows, kernel debugging, crash dump, forensics, malware, rootkit