![Rbmm](https://dennisbabkin.com/php/imgs2/8165243173662.jpg)
Rbmm
Articles: 22
Quick Bio
Windows system programmer and a reverse engineer.
Available for consultation and employment for the following:
- Windows user-mode and kernel-mode programming.
- Deep knowledge of Windows internals and undocumented features.
- Vast experience with asynchronous programming, multithreading, synchronization, managing object lifetime and access, reference counting, rundown protection.
- Kernel: generic/separate (non Pnp) drivers, WDM (Pnp) drivers, virtual bus driver (FDO) and filter drivers (FiDO), file system and input (keyboard/mouse) stack, legacy filters and minifilters, filtering registry, calls and objects operations, process, threads, image notifications.
- Kernel: IRP processing, kernel objects, memory dump analysis and remote/live debugging, kernel networking (over TDI interface), DPC, APC, etc.
- Processes, threading, DLLs, synchronization, IPC, Windows services, boot execution apps, System Registry, file systems (NTFS, streams, EA, internal structures), memory management.
- Windows cryptography (both legacy and CNG), certificates.
- Windows authentication and authorization, credential providers, security support providers/authentication packages, MFA credential providers.
- Windows security: tokens, security descriptors, labels, integrity levels.
- Networking: high-load client and server code, IOCP (KQUEUE object in kernel.)
- COM, RPC, Windows Shell, Shell extensions, GUI.
- Exception handling: SEH/VEH.
- WinAPI and interface hooking.
- PE and PDB formats, debugging.
- Reverse engineering, live debugging, research why WinAPIs fail. Debugging cross-process calls, system processes, protected processes (can do with own debugger.) Viewing kernel memory and objects at run-time.
- MSVS compiler (CL.EXE), x86/x64 Assembly. Knowledge of compiler/linking process, resolving related compliation issues: undefined/unresolved symbols, name mangling, calling conventions, SDK/WDK issues.
- Use of IDL for RPC and COM interfaces, communication with JavaScript from C++ code, implementation of IDispatch typelib.
- Virtual (encrypted) usbstor disk via WDM interface, full PNP.
- Virtual Smart Card reader and Smart Card implementation: Identity Device (Microsoft Generic Profile) WDM, Pnp.
- Implementation of Smart Card (certificate logon) on workstations. Windows logon with virtual Smart Cards.
- DLL injection from a kernel driver into (all) user mode processes.
- Own class library for asynchronous I/O.
- Own class library for User Interface (very similar to MFC/ATL classes, but not less functional.)
- Work on high payload windows servers.
- Replacement of the windows Start Button image and its system menu.
- And more.