Medijski sadržaj
- Tweetovi
- Tweetovi i odgovori
- Medijski sadržaj, trenutna stranica.
-
Short tracing of securekernel!IumAllocateSystemHeap size parameter. Problem, that Windows 10 Hyper-V XScheduler, which controls guest exception in Host OS, has very ugly (in terms of integration) realization. Many hardcoded offsets must be used in your own driver for work
pic.twitter.com/3wevdQjNix
-
It's interesting to see in Win10, build 1909, Hyper-V XScheduler component many, many if-else statements
pic.twitter.com/rhUEWvpacM
Prikaži ovu nit -
Hyper-V virtual machine worker process (vmwp.exe) logical components from presentation. https://twitter.com/dwizzzleMSFT/status/1225048404298027008 …pic.twitter.com/5JMklMSjIS
-
Information about Red Hat from Gartner HCI 2019 report. Problem, that Gartner retired clear virtualization Magic Quadrant - https://www.gartner.com/en/documents/3642418/gartner-retires-the-magic-quadrant-for-x86-server-virtua …pic.twitter.com/0yu2rlKJgc
-
Windows Server 2019 securekernel live debugging demohttps://youtu.be/tRLQwsJQ-hU
-
Yes, but popularity increase is very slow in last year.pic.twitter.com/kz80VV3iZ4
-
Hyper-V is part of Microsoft Hyper-converged infrastructure https://docs.microsoft.com/en-us/windows-server/hyperconverged/ …. And this infrastructure is not popular now according Gartner say. There was a completely different picture in 2015.
pic.twitter.com/Y6YrPQqFcX
-
WinDBG is not successfully adopted to windows securekernel, because there is no KdVersionBlock inside it, but can still give useful information about modules.pic.twitter.com/dWyLfE82CT
-
!peb command works in WinDBG Preview on Windows 20H1 build. Try use it or copy dbg*.dll files from WinDBG Preview install dir (f.e. C:\Program Files\WindowsApps\Microsoft.WinDbg_1.2001.2001.0_neutral__8wekyb3d8bbwe\amd64) to WinDBG folder.pic.twitter.com/YwB8YgJh71
-
VMware TP 20H1 works with Hyper-V now, therefore guest os memory can be read by LiveCloudKd.pic.twitter.com/bMqZu03hmi
-
Parsing securekernel IDT table using LiveCloudKd EXDi plugin. Securekernel!SkiFatalException eq nt!KiIsrThunkShadow in that case and was missed.pic.twitter.com/wz7p1Pg78F
-
There is known 32 breakpoints kernel debugging limit in WinDBG. But using EXDi extension you can add 671 breakpoints (f.e. command "bp nt!nt*" with many limitation warnings), and they will be work. Breakpoint number 332 was triggered on screenshot.pic.twitter.com/Si4TbuTQqG
-
It was guest VM screenshots. F.e. there are not so much memory blocks for Windows Server 2019 version. Hyper-V dynamic memory driver (dmsvc.sys) has MmAddPhysicalMemory function, which can add physical memory block. But count of blocks looks random and depends on many conditionspic.twitter.com/fRRC539Jyv
-
Hyper-V VM with dynamic memory enabled option has much more physical memory blocks, then VM with static memory size.pic.twitter.com/6XRiDCjbnK
-
System internals is not correlated with vulndev. I'am writing debugger engine (https://www.youtube.com/watch?v=_8rQwB-ESlk …), based on Hyper-V memory internals knowledge (http://hvinternals.blogspot.com/2019/09/hyper-v-memory-internals-guest-os-memory-access.html …) and some Hyper-V APIs, but it is for fun and not useful for vulndev )
-
Debugging Hyper-V docker container. Disk writing principle looks similar to Hyper-V VM, but we still see VSMB-named file handles in kernel
pic.twitter.com/qyILHL21O9
-
My 666th tweet. If you rotate Diablo images you can see some additional pictures ) Inspired by NBA Chicago Bulls team emblem.pic.twitter.com/SCcYBW6AFi
-
Diablo is perfect game! Btw, if you rotate diablo image, you can see eared crowned genie and angry cyclops with fangs )pic.twitter.com/WhvSWbFb3J
-
Debugging Windows Server 2019 Hyper-V shielded guest OS using LiveCloudKd EXDi plugin (breakpoints and single-step operations while).https://youtu.be/_8rQwB-ESlk
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.