This video taught me a lot about the NT Kernel Interface and I am grateful for that. Despite that, certain people will always find ways to be jackasses about it in the comment section. You do you, Mr. Sotirov, and thank you for the knowledge.
I expected some Memory Management and other operating functionalities because of the title of the video, this was more of security related stuff, how windows can be vulnerable through different mediums, Nevermind, Got to learn something new.
This video is very interesting! I tried in command prompt (Win10), the syntax should be: - To save to data stream with customized name: "type C:\Windows otepad.exe > D:\1.txt:test" (single colon) - To save in default data stream: "type C:\Windows otepad.exe > D:\1.txt::$DATA" (double colon) :)
Great talk! One clarification for confusion at 1:11:05 It's file.txt::$DATA (2 colons) and file.txt:$FOO (1 colon) Also, command "type" will not read it, notepad.exe will.
I don't think it was recorded in 2017. It's a pretty old but good stuff. I also wish that lecturers like that besides pointing out the bad ways of doing things immediately followed up with a good example of how its recommended to do things. Otherwise everyone gets scared by a bad example but don't learn the good way.
what should i have prior knowledge of before watching this video, cz i did not fully understand and i am a new student(first year ) but i do look to know what should i learn before jumping into windows architecture
In the 1990s, when Microsoft was designing NTFS, the major use case for alternate data streams was so that Services for Macintosh (SFM), Microsoft's early AppleTalk server implementation, could store Mac file resource forks and data forks together. In this century, it's easy to forget that classic Mac OS had an interop problem where its files, especially executable programs, had multiple data streams that had to be handled when saving Mac files on other systems. That's what MacBinary and BinHex encodings dealt with. BTW, SMB servers including Samba to this day recognize a filename mapping that Microsoft came up with for SFM so that it could encode filename characters that were legal on Macs but illegal on Windows, like "?", "/", etc. using vendor-specific Unicode sequences (NTFS and NT in general use UTF-16 everywhere, including filenames). Apple has similarly extended the SMB protocol in recent years in their client and server to handle macOS-specific filesystem metadata like Finder window position (which otherwise goes into ".DS_Store" files that the client creates) and Spotlight searching / Time Machine backup / etc..
8:54 I couldn't quite catch the name of the case that he mentioned which caused the release of several Native API documentations. Does anyone know that case?
Python program install by dafault user/vendor/appdata/.. which doesn't required any special permission . Interfer with doesn't required any special permission
What inbred thought I would want to load the DLL from the same folder as some random shortcut? Welcome to Windows NT. Population: misguided clusterf***
12:30 its functions are not as easy to use? WTF does that mean? its code, you call the code because it does a thing. OR we don't know what it does and we are not allowed to know, or make it simpler to know.
it's embedded stub asm code which makes transition to ring 0, in nutshell is reference to dispatcher table in the kernel part of the memory. it's something that change quite often, and in wndows 10 is again changed.
More parameters basically. For example, you may need to send some handle or other structs as parameters, which may require you to call other API functions to get.
12:25 this is impressive, but Linux was always designed to not only allow easy cross compilation between architectures so they can "use each others code", but is always inherently designed to run on anything. Windows OS internals is just slow experiments in realizing the Linux people know their shit better.
Potentially not bad presentation but the only way to listen is 1.5x original speed, still painfull "um um um" omg 52:00 defined in PATH by user, nothing said about protection UAC etc, system\drivers directory, services, syswo64 (32 bit dll) and system32 directory (64 bit dlls) lot about slashes backslashes.. sorry but its waste of time
6 years from now, the content concept is still relevant. Great presentation, thanks a lot!
Thanks a lot @Jasmine Rice for sharing this, this is simply amazing. Always love Sotirov's presentations!
This video taught me a lot about the NT Kernel Interface and I am grateful for that. Despite that, certain people will always find ways to be jackasses about it in the comment section. You do you, Mr. Sotirov, and thank you for the knowledge.
1:15:24 the dude falls asleep after listening to Windows Internals for an hour....
I know that feeling.
🤣🤣
Very insightful as per security perspectrive.. well done @jasmine rice !
Great talk, thanks so much!
I expected some Memory Management and other operating functionalities because of the title of the video, this was more of security related stuff, how windows can be vulnerable through different mediums, Nevermind, Got to learn something new.
thanks for your review
This video is very interesting!
I tried in command prompt (Win10), the syntax should be:
- To save to data stream with customized name: "type C:\Windows
otepad.exe > D:\1.txt:test" (single colon)
- To save in default data stream: "type C:\Windows
otepad.exe > D:\1.txt::$DATA" (double colon)
:)
Great talk!
One clarification for confusion at 1:11:05
It's file.txt::$DATA (2 colons) and file.txt:$FOO (1 colon)
Also, command "type" will not read it, notepad.exe will.
I don't think it was recorded in 2017. It's a pretty old but good stuff. I also wish that lecturers like that besides pointing out the bad ways of doing things immediately followed up with a good example of how its recommended to do things. Otherwise everyone gets scared by a bad example but don't learn the good way.
I was hoping this would be about the Windows 9x kernel
what should i have prior knowledge of before watching this video, cz i did not fully understand and i am a new student(first year ) but i do look to know what should i learn before jumping into windows architecture
A bit mundane but with good explanation.
Thanks!
Thanks for sharing!
love this!
Is the content of this talk still relevant today, particularly in regards to security?
thank for this content :D
Alternate Data Streams are fascinating! I wonder what some legitimate use cases are for them
In the 1990s, when Microsoft was designing NTFS, the major use case for alternate data streams was so that Services for Macintosh (SFM), Microsoft's early AppleTalk server implementation, could store Mac file resource forks and data forks together. In this century, it's easy to forget that classic Mac OS had an interop problem where its files, especially executable programs, had multiple data streams that had to be handled when saving Mac files on other systems. That's what MacBinary and BinHex encodings dealt with.
BTW, SMB servers including Samba to this day recognize a filename mapping that Microsoft came up with for SFM so that it could encode filename characters that were legal on Macs but illegal on Windows, like "?", "/", etc. using vendor-specific Unicode sequences (NTFS and NT in general use UTF-16 everywhere, including filenames). Apple has similarly extended the SMB protocol in recent years in their client and server to handle macOS-specific filesystem metadata like Finder window position (which otherwise goes into ".DS_Store" files that the client creates) and Spotlight searching / Time Machine backup / etc..
8:54 I couldn't quite catch the name of the case that he mentioned which caused the release of several Native API documentations. Does anyone know that case?
Thnx :)
Python program install by dafault user/vendor/appdata/..
which doesn't required any special permission . Interfer with doesn't required any special permission
It's like he's not breathing while talking.
What inbred thought I would want to load the DLL from the same folder as some random shortcut?
Welcome to Windows NT. Population: misguided clusterf***
MyProgressTime 8:00
He's using an overhead projector! Was this recorded in the 90's?
Looking at the laptops and video quality, I'd guess 2013-2017.
The linux kernel’s userspace interface is not stable. He’s confusing glibc and the kernel. Which btw is also not stable between versions.
Uapi is fairly stable. Linus especially said very often: Don't break the userspace.
Windows Rocks
Anything wrong with the throat? Just wondering
Саня, можно было и на русском)
Зачем выпендриваться
You need to breathe man.
Windows is not bad, it's just too different from UNIX and costly to experience.
12:30 its functions are not as easy to use? WTF does that mean? its code, you call the code because it does a thing. OR we don't know what it does and we are not allowed to know, or make it simpler to know.
it's embedded stub asm code which makes transition to ring 0, in nutshell is reference to dispatcher table in the kernel part of the memory. it's something that change quite often, and in wndows 10 is again changed.
More parameters basically. For example, you may need to send some handle or other structs as parameters, which may require you to call other API functions to get.
12:25 this is impressive, but Linux was always designed to not only allow easy cross compilation between architectures so they can "use each others code", but is always inherently designed to run on anything. Windows OS internals is just slow experiments in realizing the Linux people know their shit better.
Keith Makan lol
windows OS internals are bloated asf. Even their compiler MSVC is bloated.
The fluctuations in voice making uncomfortable 😣
Potentially not bad presentation but the only way to listen is 1.5x original speed, still painfull "um um um" omg 52:00 defined in PATH by user, nothing said about protection UAC etc, system\drivers directory, services, syswo64 (32 bit dll) and system32 directory (64 bit dlls) lot about slashes backslashes.. sorry but its waste of time
"Focus"
Pronounced: Fow-kus
Not: Fockus