Uncategorized

Syscall-Monitor for Windows

Syscall Monitor is a system monitor program (like Sysinternal’s Process Monitor) using Intel VT-X/EPT for Windows7+

https://github.com/hzqst/Syscall-Monitor

It requires Intel x86/x64 systems with Intel VT-x and EPT support, running Microsoft Windows.

 

Standard
Uncategorized

UEFI VBS required by Microsoft

 

“VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable.”

I’m glad Alex is reading these Microsoft updates better than I am. 🙂 Glad to know that VBS is not VBScript.

https://firmwaresecurity.com/2017/01/08/microsoft-updates-oem-devicecredential-guard-requirements/

https://firmwaresecurity.com/2017/02/05/microsoft-updates-device-guard-oem-guidance/

https://firmwaresecurity.com/2017/01/28/microsoft-updates-oem-devicecredential-guard-requirements-2/

Standard
Uncategorized

Microsoft updates Secure Boot and ACPI requirements

These Microsoft pages have recently (last month) been updated. No changelog, so unclear what has changed. 😦

 

https://msdn.microsoft.com/en-us/windows/hardware/drivers/bringup/secure-boot-and-device-encryption-overview

https://msdn.microsoft.com/en-us/windows/hardware/commercialize/design/device-experiences/acpi-firmware-implementation-requirements

https://msdn.microsoft.com/en-us/windows/hardware/drivers/bringup/firmware-requirements-for-d3cold

 

Standard
Uncategorized

OSR on debugging bad Windows drivers

OSR has a nice blog post that shows how to debug bad drivers. OSR is a smart group of Windows-centric driver consultants, check out their NT Insider newsletter if you’re into NT. And their NTdev mailing list.

[…]The bugcheck makes much more sense now. Someone’s stack expansion callback was called at DISPATCH_LEVEL (Arg2 == 2) and returned at PASSIVE_LEVEL (Arg1 == 0). That’s against the rules, thus you get a system crash. Personally I would call this a bug in KeExpandKernelStackAndCalloutEx seeing as how it is generating an IRQL_UNEXPECTED_VALUE using invalid (unexpected?) arguments. At a minimum the documentation is currently wrong though and I have filed a bug to try to get that addressed.

https://www.osr.com/blog/2017/02/17/unexpected-case-bugcheck-irql_unexpected_value-c8/

http://www.osronline.com/showthread.cfm?link=281770

https://www.osr.com/developers-blog/

http://www.osronline.com/showlists.cfm?list=ntdev

http://www.osronline.com/index.cfm

Hmm, it looks like OSRonline.com is becoming ‘legacy’. If there’s not a future home for some of the tools listed there, you might want to grab a set of tools while you still can. The tools are somewhat like SysInternals-style of tools.

 

Standard
Uncategorized

SysInternals updated

https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843&ithint=file%2cpptx&app=PowerPoint&authkey=!AMvCRTKB_V1J5ow

https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

Standard
Uncategorized

dual-booting FreeBSD or Windows

Kevin Bowling has an article that shows how to setup a UEFI system to work with FreeBSD — including ZFS on root — and another UEFI OS like Windows.

https://www.freebsdnews.com/2017/01/23/freebsd-uefi-root-zfs-windows-dual-boot-kevin-bowling/

https://bsdmag.org/freebsd_uefi_root/

I’m not sure if this article is an improved version of or just a rebroadcast of:

http://kev009.com/wp/2016/07/freebsd-uefi-root-on-zfs-and-windows-dual-boot/

 

Standard