Presents a UEFI revocation-list-update-file (dbxupdate.bin) parser written in python and explores the contents of various dbxupdate.bin versions form UEFI Forum and Microsoft; touches on the subject of Windows updates structure and differential compression.
Describes the part WinSxS plays in installation of differential compression-based Windows updates. Introduces a python script that reconstructs an update history for a given file by enumerating WinSxS entries and establishing sequences of delta patches.
Explains why installing KB5012170 may prevent some Ubuntu Live CDs from booting and describes inner workings of secure boot.
A sample of static binary analysis; therein we examine the method by which a first-stage bootloader verifies the second-stage Linux bootloader, GRUB2, as part of UEFI Secure Boot and, in the process, dissect the structure of UEFI images compiled under Linux.
A brief note on the specifics of implementing an exception handler that returns EXCEPTION_CONTINUE_EXECUTION.
Explains how SEH-related data is stored in 64-bit PE+ files and used by Windows to perform stack unwinding and documents the process of implementing an extension to pefile that would read relevant sections of PE+ images.
A registry recovery procedure walk-through. Describes internal organization of Windows registry to the extent necessary to understand the recovery procedure and presents a python script implementing it; touches on the subject of VSS operation.
Introduces a general approach to machine code reverse engineering and gives a sample of a step-by-step reversing process; touches on the subject of automatic decompilation.
Shows how to compute addresses of all code fragments belonging to the same function with the help of a pdb file.
Explains how to extend pdbparse python library with the functionality of retrieving function prototypes, variable declarations, and structure definitions from Microsoft pdb files
A Windows crash dump analysis walkthrough