I have an technical question I know that TCP port 445 is listening on for incoming SMB connections and it is probably registered by something like Winsock but for kernel because the PID is 4 which as far as I understand is "process" of the Windows Kernel, but how can I find out which Kernel Driver is responsible for that.
PID 4 is indeed the System process, where the kernel and kernel drivers execute. There is no direct way to tell which driver is listening on which port as far as I know without doing reverse engineering or kernel debugging. In the SMB case, I would guess mup.sys
Absolutely love it! Please keep making more of this amazing content!
thx
love your work Pavel! I see green tick up top right for copilot? maybe signing out of copilot might stop the completions?
Good idea :) Actually, I found a setting there that disables C++ completions! Finally!
I have an technical question I know that TCP port 445 is listening on for incoming SMB connections and it is probably registered by something like Winsock but for kernel because the PID is 4 which as far as I understand is "process" of the Windows Kernel, but how can I find out which Kernel Driver is responsible for that.
PID 4 is indeed the System process, where the kernel and kernel drivers execute. There is no direct way to tell which driver is listening on which port as far as I know without doing reverse engineering or kernel debugging. In the SMB case, I would guess mup.sys
@@zodiaconOk but is there an way to at least close that port without using a firewall.
@@filips_world no dont worry about that i need that open for me to share with ipc or admin leave it alone :)
hey are there options to patch kernel to load bigger than 4GB exe
Why on earth would you want to do that? The PE format does not support larger than 4GB binaries anyway.