Blog Author

Information

Rbmm

Rbmm

Contact author via email Author's Github profile Author's Stackoverflow profile
Articles: 13 [Show]
Tags: [Search]
windows-internals
x8
reverse-engineer
x6
win10
x6
asm
x4
bug
x4
cpp
x4
undocumented
x4
updates
x4
windows-kernel
x4
apc
x3
msvs
x3
win32
x3
cfg
x2
compiler
x2
debugger
x2
pe
x2
cig
x1
com
x1
general-audience
x1
macro
x1
mitigation-policy
x1
msrc
x1
shellcode
x1
smartcard
x1
synchronization
x1
...

Quick Bio

Windows system programmer and a reverse engineer.

Available for consultation and employment for the following:

  • Windows user-mode and kernel-mode programming.
  • Deep knowledge of Windows internals and undocumented features.
  • Vast experience with asynchronous programming, multithreading, synchronization, managing object lifetime and access, reference counting, rundown protection.
  • Kernel: generic/separate (non Pnp) drivers, WDM (Pnp) drivers, virtual bus driver (FDO) and filter drivers (FiDO), file system and input (keyboard/mouse) stack, legacy filters and minifilters, filtering registry, calls and objects operations, process, threads, image notifications.
  • Kernel: IRP processing, kernel objects, memory dump analysis and remote/live debugging, kernel networking (over TDI interface), DPC, APC, etc.
  • Processes, threading, DLLs, synchronization, IPC, Windows services, boot execution apps, System Registry, file systems (NTFS, streams, EA, internal structures), memory management.
  • Windows cryptography (both legacy and CNG), certificates.
  • Windows authentication and authorization, credential providers, security support providers/authentication packages, MFA credential providers.
  • Windows security: tokens, security descriptors, labels, integrity levels.
  • Networking: high-load client and server code, IOCP (KQUEUE object in kernel.)
  • COM, RPC, Windows Shell, Shell extensions, GUI.
  • Exception handling: SEH/VEH.
  • WinAPI and interface hooking.
  • PE and PDB formats, debugging.
  • Reverse engineering, live debugging, research why WinAPIs fail. Debugging cross-process calls, system processes, protected processes (can do with own debugger.) Viewing kernel memory and objects at run-time.
  • MSVS compiler (CL.EXE), x86/x64 Assembly. Knowledge of compiler/linking process, resolving related compliation issues: undefined/unresolved symbols, name mangling, calling conventions, SDK/WDK issues.
  • Use of IDL for RPC and COM interfaces, communication with JavaScript from C++ code, implementation of IDispatch typelib.
  • Virtual (encrypted) usbstor disk via WDM interface, full PNP.
  • Virtual Smart Card reader and Smart Card implementation: Identity Device (Microsoft Generic Profile) WDM, Pnp.
  • Implementation of Smart Card (certificate logon) on workstations. Windows logon with virtual Smart Cards.
  • DLL injection from a kernel driver into (all) user mode processes.
  • Own class library for asynchronous I/O.
  • Own class library for User Interface (very similar to MFC/ATL classes, but not less functional.)
  • Work on high payload windows servers.
  • Replacement of the windows Start Button image and its system menu.
  • And more.

 

Social Media

Contact

Should you have anything to say, click here.