https://github.com/islipnot/winload

Reversing & recreating Windows 10 image loader with executable API resolution. (usermode, x64/86)
https://github.com/islipnot/winload

c reverse-engineering windows-10 windows-internals

Last synced: 9 months ago
JSON representation

Reversing & recreating Windows 10 image loader with executable API resolution. (usermode, x64/86)

Host: GitHub
URL: https://github.com/islipnot/winload
Owner: islipnot
Created: 2024-10-03T22:40:52.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2025-06-09T08:58:11.000Z (10 months ago)
Last Synced: 2025-06-09T09:37:38.424Z (10 months ago)
Topics: c, reverse-engineering, windows-10, windows-internals
Language: C
Homepage:
Size: 83 KB
Stars: 2
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

          # WinLoad

Reverse engineering the Windows 10 32 bit usermode image loader. Due to the motivation behind this project, many segments of the image loader that aren't relevant to me aren't mentioned. 

Due to much of the module directory resolution process not being applicable to my use of it, assume that members of the closely related MODULE_PATH_DATA struct may be innacurate, and confirm my findings if you plan to use it yourself. And, although I am confident in it's accuracy, take my findings in the LDRP_LOAD_CONTEXT struct with a grain of salt, as there are several unclear flags and members.

#  Credits

- [Geoffchappell.com](https://www.geoffchappell.com) - helpful in understanding and reversing undocumented or partially documented Windows structures.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/islipnot/winload

Awesome Lists containing this project

README