It is really hard to find quality content covering Windows Internals that starts at a fundamental, digestible level. This was exceptionally done and I really hope you keep producing content like this. Your time and hard work is genuinely appreciated.
quick question: at 13:18 you said you can't read the register directly. so i made a quick program in fasm to check if this is true: format PE GUI include 'win32axp.inc' .code _entry: lea esi, [fs:0] .end _entry when i run this in x64dbg it shows that fasm instead assembled `lea esi, dword ptr ds:[0]`. however, if i change lea to mov, it assembles the fs register correctly. any idea why this occurs?
@@edcdecl this occurs because lea is only doing an address calculation, it doesn’t read memory. If it had to deal with segments it would have to also read memory. Actually it’s not true what I said though, you can use the rdgsbase instruction to read it directly.
lol @ the hammer & sickle on "Love doing Open Source"; ask programmers, the guy who invented Tetris comes to mind, in the former CCCP how any kind of personal 'intellectual property' was treated. But great content. Being a *NIX guy I appreciate seeing the Windows side of things too.
1:52 -> Process
2:53 -> Process Creation (Kernel)
4:18 -> PE
9:10 -> PEB
10:43 -> TEB
13:29 -> Calling Conventions
15:06 -> DllMain/TLS Callbacks
23:56 -> Debuggers
26:18 -> LdrInitializeThunk
37:02 -> RtlUserThreadStart
41:47 -> Syscalls
44:10 -> Callbacks
49:42 -> Process Monitor
Great presentation, thank you so much!
It is really hard to find quality content covering Windows Internals that starts at a fundamental, digestible level. This was exceptionally done and I really hope you keep producing content like this. Your time and hard work is genuinely appreciated.
this video is incredible. if you want to go deeper check pavel yosifivich's courses on pluralsight.
Probably because windows is closed sourced. It's hard for outsiders to get accurate information.
this is really gonna help me through my reversing journey, thank you
security researcher mantains x64 dbg hammer and sickle ur truly the goat
maintains? created + maintains bruh.
Your such a beast Duncan, so glad people like you exist.
THE CREATOR OF x64dbg! JUST WOW
Great video. I learned a lot.
Wow the creator of dbg ❤️ I dont know how to use it yet but amazing
the creator & maintainer of x64dbg, no way dude that's awesome lol
You are the best at explaining ❤
Hey Mr.Exodia - Good to see the video!
quick question:
at 13:18 you said you can't read the register directly. so i made a quick program in fasm to check if this is true:
format PE GUI
include 'win32axp.inc'
.code
_entry:
lea esi, [fs:0]
.end _entry
when i run this in x64dbg it shows that fasm instead assembled `lea esi, dword ptr ds:[0]`. however, if i change lea to mov, it assembles the fs register correctly. any idea why this occurs?
@@edcdecl this occurs because lea is only doing an address calculation, it doesn’t read memory. If it had to deal with segments it would have to also read memory. Actually it’s not true what I said though, you can use the rdgsbase instruction to read it directly.
@@mrexodia thank you for the explanation!
Nice one
good talk duncan!
This is amazing
big fan from india sir
lol @ the hammer & sickle on "Love doing Open Source"; ask programmers, the guy who invented Tetris comes to mind, in the former CCCP how any kind of personal 'intellectual property' was treated. But great content. Being a *NIX guy I appreciate seeing the Windows side of things too.
Nice to know that the creator of x64dbg is dutch :)
I needed this crash course! Thanks 🦾 hope to see more
ep1c
mr sexodiaaaaaaaa
Please create more .🎉