This video taught me a lot about the NT Kernel Interface and I am grateful for that. Despite that, certain people will always find ways to be jackasses about it in the comment section. You do you, Mr. Sotirov, and thank you for the knowledge.
I expected some Memory Management and other operating functionalities because of the title of the video, this was more of security related stuff, how windows can be vulnerable through different mediums, Nevermind, Got to learn something new.
This video is very interesting! I tried in command prompt (Win10), the syntax should be: - To save to data stream with customized name: "type C:\Windows otepad.exe > D:\1.txt:test" (single colon) - To save in default data stream: "type C:\Windows otepad.exe > D:\1.txt::$DATA" (double colon) :)
Great talk! One clarification for confusion at 1:11:05 It's file.txt::$DATA (2 colons) and file.txt:$FOO (1 colon) Also, command "type" will not read it, notepad.exe will.
I don't think it was recorded in 2017. It's a pretty old but good stuff. I also wish that lecturers like that besides pointing out the bad ways of doing things immediately followed up with a good example of how its recommended to do things. Otherwise everyone gets scared by a bad example but don't learn the good way.
what should i have prior knowledge of before watching this video, cz i did not fully understand and i am a new student(first year ) but i do look to know what should i learn before jumping into windows architecture
In the 1990s, when Microsoft was designing NTFS, the major use case for alternate data streams was so that Services for Macintosh (SFM), Microsoft's early AppleTalk server implementation, could store Mac file resource forks and data forks together. In this century, it's easy to forget that classic Mac OS had an interop problem where its files, especially executable programs, had multiple data streams that had to be handled when saving Mac files on other systems. That's what MacBinary and BinHex encodings dealt with. BTW, SMB servers including Samba to this day recognize a filename mapping that Microsoft came up with for SFM so that it could encode filename characters that were legal on Macs but illegal on Windows, like "?", "/", etc. using vendor-specific Unicode sequences (NTFS and NT in general use UTF-16 everywhere, including filenames). Apple has similarly extended the SMB protocol in recent years in their client and server to handle macOS-specific filesystem metadata like Finder window position (which otherwise goes into ".DS_Store" files that the client creates) and Spotlight searching / Time Machine backup / etc..
Python program install by dafault user/vendor/appdata/.. which doesn't required any special permission . Interfer with doesn't required any special permission
8:54 I couldn't quite catch the name of the case that he mentioned which caused the release of several Native API documentations. Does anyone know that case?
What inbred thought I would want to load the DLL from the same folder as some random shortcut? Welcome to Windows NT. Population: misguided clusterf***
12:25 this is impressive, but Linux was always designed to not only allow easy cross compilation between architectures so they can "use each others code", but is always inherently designed to run on anything. Windows OS internals is just slow experiments in realizing the Linux people know their shit better.
12:30 its functions are not as easy to use? WTF does that mean? its code, you call the code because it does a thing. OR we don't know what it does and we are not allowed to know, or make it simpler to know.
it's embedded stub asm code which makes transition to ring 0, in nutshell is reference to dispatcher table in the kernel part of the memory. it's something that change quite often, and in wndows 10 is again changed.
More parameters basically. For example, you may need to send some handle or other structs as parameters, which may require you to call other API functions to get.
Potentially not bad presentation but the only way to listen is 1.5x original speed, still painfull "um um um" omg 52:00 defined in PATH by user, nothing said about protection UAC etc, system\drivers directory, services, syswo64 (32 bit dll) and system32 directory (64 bit dlls) lot about slashes backslashes.. sorry but its waste of time
![Windows Native API - Roger Orr [ACCU 2019]](http://i.ytimg.com/vi/a0KozcRhotM/mqdefault.jpg)
![Windows Native API - Roger Orr [ACCU 2019]](/img/tr.png)
6 years from now, the content concept is still relevant. Great presentation, thanks a lot!
1:15:24 the dude falls asleep after listening to Windows Internals for an hour....
I know that feeling.
🤣🤣
This video taught me a lot about the NT Kernel Interface and I am grateful for that. Despite that, certain people will always find ways to be jackasses about it in the comment section. You do you, Mr. Sotirov, and thank you for the knowledge.
Thanks a lot @Jasmine Rice for sharing this, this is simply amazing. Always love Sotirov's presentations!
I expected some Memory Management and other operating functionalities because of the title of the video, this was more of security related stuff, how windows can be vulnerable through different mediums, Nevermind, Got to learn something new.
thanks for your review
Very insightful as per security perspectrive.. well done @jasmine rice !
This video is very interesting!
I tried in command prompt (Win10), the syntax should be:
- To save to data stream with customized name: "type C:\Windows
otepad.exe > D:\1.txt:test" (single colon)
- To save in default data stream: "type C:\Windows
otepad.exe > D:\1.txt::$DATA" (double colon)
:)
Great talk!
One clarification for confusion at 1:11:05
It's file.txt::$DATA (2 colons) and file.txt:$FOO (1 colon)
Also, command "type" will not read it, notepad.exe will.
Great talk, thanks so much!
I don't think it was recorded in 2017. It's a pretty old but good stuff. I also wish that lecturers like that besides pointing out the bad ways of doing things immediately followed up with a good example of how its recommended to do things. Otherwise everyone gets scared by a bad example but don't learn the good way.
I was hoping this would be about the Windows 9x kernel
what should i have prior knowledge of before watching this video, cz i did not fully understand and i am a new student(first year ) but i do look to know what should i learn before jumping into windows architecture
It's like he's not breathing while talking.
A bit mundane but with good explanation.
Thanks!
Thanks for sharing!
Alternate Data Streams are fascinating! I wonder what some legitimate use cases are for them
In the 1990s, when Microsoft was designing NTFS, the major use case for alternate data streams was so that Services for Macintosh (SFM), Microsoft's early AppleTalk server implementation, could store Mac file resource forks and data forks together. In this century, it's easy to forget that classic Mac OS had an interop problem where its files, especially executable programs, had multiple data streams that had to be handled when saving Mac files on other systems. That's what MacBinary and BinHex encodings dealt with.
BTW, SMB servers including Samba to this day recognize a filename mapping that Microsoft came up with for SFM so that it could encode filename characters that were legal on Macs but illegal on Windows, like "?", "/", etc. using vendor-specific Unicode sequences (NTFS and NT in general use UTF-16 everywhere, including filenames). Apple has similarly extended the SMB protocol in recent years in their client and server to handle macOS-specific filesystem metadata like Finder window position (which otherwise goes into ".DS_Store" files that the client creates) and Spotlight searching / Time Machine backup / etc..
love this!
Python program install by dafault user/vendor/appdata/..
which doesn't required any special permission . Interfer with doesn't required any special permission
thank for this content :D
Windows is not bad, it's just too different from UNIX and costly to experience.
Is the content of this talk still relevant today, particularly in regards to security?
8:54 I couldn't quite catch the name of the case that he mentioned which caused the release of several Native API documentations. Does anyone know that case?
What inbred thought I would want to load the DLL from the same folder as some random shortcut?
Welcome to Windows NT. Population: misguided clusterf***
Thnx :)
The linux kernel’s userspace interface is not stable. He’s confusing glibc and the kernel. Which btw is also not stable between versions.
Uapi is fairly stable. Linus especially said very often: Don't break the userspace.
He's using an overhead projector! Was this recorded in the 90's?
Looking at the laptops and video quality, I'd guess 2013-2017.
Anything wrong with the throat? Just wondering
MyProgressTime 8:00
You need to breathe man.
Windows Rocks
Саня, можно было и на русском)
Зачем выпендриваться
The fluctuations in voice making uncomfortable 😣
12:25 this is impressive, but Linux was always designed to not only allow easy cross compilation between architectures so they can "use each others code", but is always inherently designed to run on anything. Windows OS internals is just slow experiments in realizing the Linux people know their shit better.
Keith Makan lol
windows OS internals are bloated asf. Even their compiler MSVC is bloated.
12:30 its functions are not as easy to use? WTF does that mean? its code, you call the code because it does a thing. OR we don't know what it does and we are not allowed to know, or make it simpler to know.
it's embedded stub asm code which makes transition to ring 0, in nutshell is reference to dispatcher table in the kernel part of the memory. it's something that change quite often, and in wndows 10 is again changed.
More parameters basically. For example, you may need to send some handle or other structs as parameters, which may require you to call other API functions to get.
Potentially not bad presentation but the only way to listen is 1.5x original speed, still painfull "um um um" omg 52:00 defined in PATH by user, nothing said about protection UAC etc, system\drivers directory, services, syswo64 (32 bit dll) and system32 directory (64 bit dlls) lot about slashes backslashes.. sorry but its waste of time
"Focus"
Pronounced: Fow-kus
Not: Fockus