Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/islipnot/winload

Reversing and recreating the Windows 10 image loader (usermode, x86)
https://github.com/islipnot/winload

c reverse-engineering windows-10 windows-internals

Last synced: about 1 month ago
JSON representation

Reversing and recreating the Windows 10 image loader (usermode, x86)

Host: GitHub
URL: https://github.com/islipnot/winload
Owner: islipnot
Created: 2024-10-03T22:40:52.000Z (4 months ago)
Default Branch: main
Last Pushed: 2024-11-27T02:27:19.000Z (about 2 months ago)
Last Synced: 2024-11-27T03:26:59.548Z (about 2 months ago)
Topics: c, reverse-engineering, windows-10, windows-internals
Language: C
Homepage:
Size: 228 KB
Stars: 2
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

        # WinLoad

Reverse engineering the Windows 10 32 bit usermode image loader. Due to the motivation behind this project, many segments of the image loader that aren't relevant to me aren't mentioned. 

Due to much of the module directory resolution process not being applicable to my use of it, assume that members of the closely related MODULE_PATH_DATA struct may be innacurate, and confirm my findings if you plan to use it yourself. And, although I am confident in it's accuracy, take my findings in the LDRP_LOAD_CONTEXT struct with a grain of salt, as there are several unclear flags and members.

#  Credits

- [Geoffchappell.com](https://www.geoffchappell.com) - helpful in understanding and reversing undocumented or partially documented Windows structures.