Life of a Windows Process

In a previous post, I covered a bit about how Windows Processes are initialized. But how does process creation work in Windows? Let's explore a bit further into Windows processes.

Subshells in Linux (and Windows)

Or rather, subshells in Bash and Powershell. A subshell functions as a sort of isolated environment for executing commands, creating a subprocess or child process within the parent shell.

Portable Executable Format and Structured Exception Handling

The Portable Executable (PE) file format is the native file format for executable and binary files in the Microsoft Windows ecosystem.

Processes and Call Stacks

In Windows, our process information looks something like this.

XNU, a hybrid kernel

XNU was originally based on the Mach microkernel. But nowadays macOS blurs the lines. Though some parts of macOS follow the microkernel spirit, other parts are monolithic. It's more complex than a "pure" microkernel. Perhaps a microkernel has less abstractions. But XNU is a hybrid kernel that nonetheless still employs the priciple of least privilege well - striking a balance between the two realms.

"DotRunpeX - demystifying new virtualized .NET injector used in the wild"

Not sure how I missed this article back in March. This analysis by Check Point Research confirms details and provides greater clarity into some malware samples I saw back in January.

Primitive Roots

Let n be a positive integer. A primitive root mod n is an integer g such that every integer relatively prime to n is congruent to a power of g mod n. And in dealing with modular arithmetic, cyclic groups, and primitive roots, some clear patterns emerge.

Domain-less .. For Now

When I first made accounts on the internet, I bought the domain hexagr.am, thinking I was very clever, and registered a six character handle, "hexagr," across various platforms. But .. some time passed, and someone snagged the domain up a few years ago only a day after it expired, just before I could re-register it.

Windows Process Initialization

Most code on Windows runs in user-space. This means that, when we first run a program, it needs to perform some rituals to successfully callback into the kernel.

Windows

There's a ton of stuff one could say about Windows (and operating systems in general). I'm not sure all if it could all be succinctly described in a single human lifetime. This is just a scratch note about Windows system programming.

API Endpoints

While scrolling twitter recently I saw Intigriti linked to some JavaScript bookmarklet for discovering API endpoints. When doing reconnaissance, sometimes tools like ffuf aren't fine-grained enough for enumerating API endpoints.

Interprocess Communication

In C

Let's review inter-process communication. IPC is, of course, how software sometimes passes information to other components, as well as to divy out access to restricted resources. This can be quite convoluted and complex in some cases. But here we'll review how this works in C.