Intel has a technology called Virtual RAID on CPU (VROC) that lets you set up RAID arrays of NVMe SSDs, with the RAID calculations being offloaded to specialised hardware on the CPU instead of being done in software. When I built my workstation back in 2019, I installed an Asus HYPER M.2 card, which is a PCIe 3.0 x16 carrier card that breaks out into four M.2 slots. The M.2 slots are separated using 4-way bifurcation, which allows one 16-lane slot to be split into four 4-lane slots. With four Corsair MP510...
Microsoft added a new field, GuardMemcpyFunctionPointer, to the PE load config structure in Windows 22H2. I couldn’t find any documentation on this at all, either from Microsoft or from reverse engineers, so I thought I’d post my initial findings here.
The field is a virtual address (VA) that typically points into the .rdata section. At this virtual address there is another virtual address, which (in every binary I have checked so far) points to the memcpy implementation in the .text section. As is...
How many processors does Windows 10 support? It’s a simple question, but the correct answer is surprisingly hard to come by.
What led me to ask this question was curiosity: I wondered whether it would be possible to run Windows 10 on a Supermicro 7089P-TR4T - a single-node server with eight Intel Xeon Scalable sockets in an S8S configuration.
Windows Server licenses come with a baseline limit of 16 physical processor cores. If you want to use more cores, you have to buy additional core licenses. For...
Intel Cryo Cooling is an active cooling solution that uses a TEC, also known as a Peltier element, to cool the CPU. A TEC can pump heat from one side of it to the other, meaning that one side gets cold while the other gets hot. This is useful for situations where you want to reduce the heat of something below the ambient temperature. Many camping fridges utilise TECs for this purpose.
While TECs have previously been investigated for the purposes of sub-ambient cooling, they were generally considered...
SwiftOnSecurity asked “What would you change in Windows?”. There are a lot of replies to the thread, and I read them all. I have some of my own thoughts, too, but it was too much for a bunch of Twitter replies, and I think it’s probably useful to collate everything I saw in the thread (or at least the ones that I agree with - some of them are a bit wild) into one place. So without further ado, here’s what I would change in Windows:
Finish the new settings UI
The new settings system was a recurring theme...
The Windows XP SP1 and Server 2003 source code leaked recently, and it includes the build system. While it isn’t exactly simple to get it up and running, and not everything is included (missing winlogon is the biggest problem), people have already figured it out and managed to make working VMs from it.
A quick disclaimer: Nothing in this blog post contains any source or copyrighted material from the leak, in any form. Don’t ask me for the leaked source, and don’t ask me where to find the leaked source,...
At the worst possible moment, my C920 developed a horizontal line of dead pixels. I’m due to run an online event this weekend and I can’t do that without a half-decent webcam. But, with the lockdown in full effect, it seems that everyone has scrambled to buy them, and they’re out of stock everywhere - including Logitech’s own store. The RMA process is likely to take weeks, and I don’t have the luxury of waiting that long. I managed to find a BRIO 4K Stream Edition in stock at a rather inflated price, but...
Windows Server supports NIC Teaming, also known as Load Balancing/Failover (LBFO), which allows you to bond multiple network interfaces together, for example using 802.3ad (LACP). It used to be possible to use Powershell on Windows 10 to use teaming, even though it wasn’t intended, but in 2016 Microsoft said that the feature was never intended to be available on desktop SKUs, and removed it.
But, if it can be removed, it can be put back in!
By copying a few files and registry keys from a Windows...
SMB Multi-Channel is a useful performance feature that distributes SMB traffic over multiple network connections, allowing it to scale across multiple network adapters, as well as multiple CPU cores through the use of receive-side scaling (RSS). It is supported and enabled in Windows 10 by default, and Samba has support for it as of version 4.4. At the time of writing, FreeNAS 11 is running smbd version 4.10.2, which of course means it supports multi-channel.
Multi-channel works by making multiple TCP...
TL;DR - OBS can do this using a display capture source and multiple output projectors. I’m using Streamlabs OBS on Windows, but you can probably make it work on regular OBS on any supported OS.
On my home workstation I’ve got three side-by-side monitors. Normally I roughly dedicate them to separate tasks - left usually has social/chat apps, music, etc., middle is whatever I’m working on, and right is usually either reserved for reference (e.g. documentation, diagrams, etc.) or as a sort of holding...
A lot of folks on the net seem to be interested in moving games from the Epic Games store from one drive to another, usually because they’re running out of space on their disk or they want to move the game to faster storage. I installed a bunch of games when I first built my new workstation, before I built a VROC RAID0 of M.2 NVMe SSDs, and wanted to move all of the games to the new large and fast storage array. Unfortunately, all of the advice I’ve found so far is basically to move the game files...
I recently built a new computer and enabled BitLocker on it. When doing so, it asked me to save my recovery key, but I didn’t have a working printer or a flash drive to hand to save my recovery key to (also it doesn’t seem sane to store the recovery key in cleartext on a USB stick), so I cheated and used Print to PDF to save the recovery key to my OS drive… the one I was encrypting.
A little later I was hardening my security settings and changed the DEP policy to from the default (opt-in) to opt-out. I...
I’ve recently been making some mods for the game Rust. I don’t play much of the game myself, as I’m pretty bad at FPS games in general, but I do enjoy watching a select few YouTubers and streamers play it. One thing that I’ve seen a bunch of them complain about is the excessive use of autoturrets and other traps during raids, and for griefing people and areas. While I can’t do much to help the vanilla players, I am familiar with making mods for the game using the Oxide mod framework, which is now part of...
Weak referencing is a really useful feature when you don’t mind if an object is deleted, but you might still potentially want to access it again in future. For those of you who aren’t familiar with the concept of weak referencing, I’ll describe it briefly. If you already know how it works then you can skip ahead.
.NET is a garbage collected language, meaning that objects you create on the heap (e.g. with new) are automatically cleared up by the garbage collector (GC) when they are no longer being used....
A lesser-known feature of the Windows memory manager is that it can maintain write watches on allocations for debugging and profiling purposes. Passing the MEM_WRITE_WATCH flag to VirtualAlloc “causes the system to track pages that are written to in the allocated region”. The GetWriteWatch and ResetWriteWatch APIs can be used to manage the watch counter. This can be (ab)used to catch out debuggers and hooks that modify memory outside the expected pattern.
There are four primary ways to exploit this...
I’ll be speaking at 44CON this year, at the community evening on Wednesday 9th September. The community evening is free to attend - you just need to register to attend if you don’t have a conference ticket. My talk is currently scheduled at 19:45, and I’m speaking about writing Windows drivers, with the goal of leaving you a bit more informed about how they work, and how to get started.
In addition to my talk, Saumil Shah will be speaking about Stegosploit, and Michael Boman will be running a workshop on...
Back in June, I was doing some analysis on a Windows driver and discovered that the INIT section had the read, write, and executable characteristics flags set. Windows executables (drivers included) use these flags to tell the kernel what memory protection flags should be applied to that section’s pages once the contents are mapped into memory. With these flags set, the memory pages become both writable and executable, which violates the W^X policy, a concept which is considered good security practice....