Skip to content

Commit e085d45

Browse files
AdminSam313qwencoder
AdminSam313
and
qwencoder
committed
Add essential source files section with Wine, ReactOS, SystemInformer links
Co-authored-by: Qwen-Coder <qwen-coder@alibabacloud.com>
1 parent 824b8e7 commit e085d45

1 file changed

Lines changed: 174 additions & 5 deletions

File tree

index.html

Lines changed: 174 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -267,8 +267,9 @@ <h1>Windows Kernel:<br>Myths vs Reality</h1>
267267
<li><a href="#community-resources"><span class="section-num mono">03</span>Community Resources & Open Source</a></li>
268268
<li><a href="#wine-reactos"><span class="section-num mono">04</span>Wine & ReactOS: Alternative Kernel Insights</a></li>
269269
<li><a href="#process-hacker"><span class="section-num mono">05</span>Process Hacker & SystemInformer</a></li>
270-
<li><a href="#ai-reverse-engineering"><span class="section-num mono">06</span>AI-Powered Reverse Engineering</a></li>
271-
<li><a href="#conclusion"><span class="section-num mono">07</span>Conclusion</a></li>
270+
<li><a href="#source-files"><span class="section-num mono">06</span>Essential Source Files</a></li>
271+
<li><a href="#ai-reverse-engineering"><span class="section-num mono">07</span>AI-Powered Reverse Engineering</a></li>
272+
<li><a href="#conclusion"><span class="section-num mono">08</span>Conclusion</a></li>
272273
</ul>
273274
</nav>
274275

@@ -462,7 +463,175 @@ <h3 class="mono"><span class="mono" style="color: var(--text-muted);">//</span>
462463
<li><strong>WinObjEx64:</strong> Windows Object Manager Explorer</li>
463464
</ul>
464465

465-
<h2 id="ai-reverse-engineering" class="mono"><span class="mono" style="color: var(--text-muted);">//</span> 06_AI_Reverse_Engineering</h2>
466+
<h2 id="source-files" class="mono"><span class="mono" style="color: var(--text-muted);">//</span> 06_Essential_Source_Files</h2>
467+
468+
<div class="callout callout-info">
469+
<div class="callout-header mono">
470+
<span class="callout-title">📚 study_resources</span>
471+
</div>
472+
<p>Direct links to the most educational source files from Wine, ReactOS, and SystemInformer — study these to understand Windows internals from clean-room implementations.</p>
473+
</div>
474+
475+
<h3 class="mono"><span class="mono" style="color: var(--text-muted);">//</span> Wine_HQ_Files</h3>
476+
<div class="table-wrapper">
477+
<table>
478+
<thead>
479+
<tr><th>File</th><th>What You'll Learn</th></tr>
480+
</thead>
481+
<tbody>
482+
<tr>
483+
<td class="mono"><a href="https://github.com/wine-mirror/wine/blob/master/include/ntdef.h" target="_blank">ntdef.h</a></td>
484+
<td>Core Windows NT type definitions, PEB/TEB structures, LIST_ENTRY macros</td>
485+
</tr>
486+
<tr>
487+
<td class="mono"><a href="https://github.com/wine-mirror/wine/blob/master/include/winternl.h" target="_blank">winternl.h</a></td>
488+
<td>Undocumented NTAPI functions, Rtl* APIs, internal kernel structures</td>
489+
</tr>
490+
<tr>
491+
<td class="mono"><a href="https://github.com/wine-mirror/wine/blob/master/dlls/ntdll/processenv.c" target="_blank">processenv.c</a></td>
492+
<td>Process environment block access, CreateProcess internals, handle inheritance</td>
493+
</tr>
494+
<tr>
495+
<td class="mono"><a href="https://github.com/wine-mirror/wine/blob/master/dlls/ntdll/virtual.c" target="_blank">virtual.c</a></td>
496+
<td>Virtual memory management, VAD tree implementation, page fault handling</td>
497+
</tr>
498+
<tr>
499+
<td class="mono"><a href="https://github.com/wine-mirror/wine/blob/master/dlls/ntdll/thread.c" target="_blank">thread.c</a></td>
500+
<td>Thread creation/scheduling, TLS implementation, APC queue management</td>
501+
</tr>
502+
<tr>
503+
<td class="mono"><a href="https://github.com/wine-mirror/wine/blob/master/dlls/kernel32/sync.c" target="_blank">sync.c</a></td>
504+
<td>Synchronization primitives: mutexes, semaphores, events, critical sections</td>
505+
</tr>
506+
<tr>
507+
<td class="mono"><a href="https://github.com/wine-mirror/wine/blob/master/include/winnt.h" target="_blank">winnt.h</a></td>
508+
<td>Complete Windows structure definitions, exception handling, security descriptors</td>
509+
</tr>
510+
</tbody>
511+
</table>
512+
</div>
513+
514+
<h3 class="mono"><span class="mono" style="color: var(--text-muted);">//</span> ReactOS_Files</h3>
515+
<div class="table-wrapper">
516+
<table>
517+
<thead>
518+
<tr><th>File</th><th>What You'll Learn</th></tr>
519+
</thead>
520+
<tbody>
521+
<tr>
522+
<td class="mono"><a href="https://github.com/reactos/reactos/blob/master/ntoskrnl/ke/process.c" target="_blank">ke/process.c</a></td>
523+
<td>Process object creation, address space switching, process attachment</td>
524+
</tr>
525+
<tr>
526+
<td class="mono"><a href="https://github.com/reactos/reactos/blob/master/ntoskrnl/ke/thread.c" target="_blank">ke/thread.c</a></td>
527+
<td>KTHREAD structure, thread scheduling, wait blocks, context switching</td>
528+
</tr>
529+
<tr>
530+
<td class="mono"><a href="https://github.com/reactos/reactos/blob/master/ntoskrnl/mm/ARM3/virtual.c" target="_blank">mm/ARM3/virtual.c</a></td>
531+
<td>Windows NT memory manager, section objects, memory-mapped files</td>
532+
</tr>
533+
<tr>
534+
<td class="mono"><a href="https://github.com/reactos/reactos/blob/master/ntoskrnl/ob/objdir.c" target="_blank">ob/objdir.c</a></td>
535+
<td>Object manager namespace, directory structure, object parsing</td>
536+
</tr>
537+
<tr>
538+
<td class="mono"><a href="https://github.com/reactos/reactos/blob/master/ntoskrnl/ob/obhandle.c" target="_blank">ob/obhandle.c</a></td>
539+
<td>Handle table implementation, reference counting, handle inheritance</td>
540+
</tr>
541+
<tr>
542+
<td class="mono"><a href="https://github.com/reactos/reactos/blob/master/ntoskrnl/io/iomgr/device.c" target="_blank">io/iomgr/device.c</a></td>
543+
<td>Device object creation, driver dispatch, IRP handling basics</td>
544+
</tr>
545+
<tr>
546+
<td class="mono"><a href="https://github.com/reactos/reactos/blob/master/ntoskrnl/ps/create.c" target="_blank">ps/create.c</a></td>
547+
<td>Process/thread creation, PEB/TEB initialization, image loading</td>
548+
</tr>
549+
<tr>
550+
<td class="mono"><a href="https://github.com/reactos/reactos/blob/master/ntoskrnl/include/internal/ob.h" target="_blank">include/internal/ob.h</a></td>
551+
<td>Object header structure, object type objects, callback mechanisms</td>
552+
</tr>
553+
</tbody>
554+
</table>
555+
</div>
556+
557+
<h3 class="mono"><span class="mono" style="color: var(--text-muted);">//</span> SystemInformer_Files</h3>
558+
<div class="table-wrapper">
559+
<table>
560+
<thead>
561+
<tr><th>File</th><th>What You'll Learn</th></tr>
562+
</thead>
563+
<tbody>
564+
<tr>
565+
<td class="mono"><a href="https://github.com/winsiderss/systeminformer/blob/master/phlib/native.c" target="_blank">phlib/native.c</a></td>
566+
<td>Native API wrappers, NtQuery* functions, system information classes</td>
567+
</tr>
568+
<tr>
569+
<td class="mono"><a href="https://github.com/winsiderss/systeminformer/blob/master/Windows/ntos.h" target="_blank">Windows/ntos.h</a></td>
570+
<td>Comprehensive NT kernel structures, exported function prototypes</td>
571+
</tr>
572+
<tr>
573+
<td class="mono"><a href="https://github.com/winsiderss/systeminformer/blob/master/Plugins/ProcessHacker/procprp.c" target="_blank">procprp.c</a></td>
574+
<td>Process property enumeration, EPROCESS field parsing, handle counting</td>
575+
</tr>
576+
<tr>
577+
<td class="mono"><a href="https://github.com/winsiderss/systeminformer/blob/master/Plugins/ProcessHacker/thrdprp.c" target="_blank">thrdprp.c</a></td>
578+
<td>Thread enumeration, KTHREAD analysis, wait reason, stack walking</td>
579+
</tr>
580+
<tr>
581+
<td class="mono"><a href="https://github.com/winsiderss/systeminformer/blob/master/Plugins/ProcessHacker/memprp.c" target="_blank">memprp.c</a></td>
582+
<td>Memory map enumeration, VAD walk, protection flags, private bytes</td>
583+
</tr>
584+
<tr>
585+
<td class="mono"><a href="https://github.com/winsiderss/systeminformer/blob/master/Plugins/ProcessHacker/hndltree.c" target="_blank">hndltree.c</a></td>
586+
<td>Handle tree visualization, object reference tracking, handle leaks</td>
587+
</tr>
588+
<tr>
589+
<td class="mono"><a href="https://github.com/winsiderss/systeminformer/blob/master/Plugins/ProcessHacker/drvprp.c" target="_blank">drvprp.c</a></td>
590+
<td>Driver enumeration, module base addresses, driver memory regions</td>
591+
</tr>
592+
</tbody>
593+
</table>
594+
</div>
595+
596+
<h3 class="mono"><span class="mono" style="color: var(--text-muted);">//</span> Additional_Resources</h3>
597+
<div class="table-wrapper">
598+
<table>
599+
<thead>
600+
<tr><th>Resource</th><th>What You'll Learn</th></tr>
601+
</thead>
602+
<tbody>
603+
<tr>
604+
<td class="mono"><a href="https://github.com/microsoft/Windows-driver-samples" target="_blank">microsoft/Windows-driver-samples</a></td>
605+
<td>Official WDF/KMDF examples, driver templates, best practices from Microsoft</td>
606+
</tr>
607+
<tr>
608+
<td class="mono"><a href="https://github.com/ionescu007/ntoskrnl" target="_blank">ionescu007/ntoskrnl</a></td>
609+
<td>Windows 10 kernel headers, structure definitions, research notes by Alex Ionescu</td>
610+
</tr>
611+
<tr>
612+
<td class="mono"><a href="https://github.com/tandasat/Complete-Pe-Parse" target="_blank">tandasat/Complete-Pe-Parse</a></td>
613+
<td>PE file format parsing, section headers, import/export table resolution</td>
614+
</tr>
615+
<tr>
616+
<td class="mono"><a href="https://github.com/j00ru/windows_kernel_types" target="_blank">j00ru/windows_kernel_types</a></td>
617+
<td>Accurate kernel structure offsets for multiple Windows versions</td>
618+
</tr>
619+
<tr>
620+
<td class="mono"><a href="https://github.com/Mandiant/flare-vm" target="_blank">Mandiant/flare-vm</a></td>
621+
<td>Reverse engineering VM setup, kernel debugging tools, analysis environment</td>
622+
</tr>
623+
</tbody>
624+
</table>
625+
</div>
626+
627+
<div class="callout callout-success">
628+
<div class="callout-header mono">
629+
<span class="callout-title">✓ study_path</span>
630+
</div>
631+
<p>Start with Wine's <code class="mono">ntdef.h</code> for structures, then ReactOS <code class="mono">ke/process.c</code> for process internals, finally SystemInformer for live system analysis techniques.</p>
632+
</div>
633+
634+
<h2 id="ai-reverse-engineering" class="mono"><span class="mono" style="color: var(--text-muted);">//</span> 07_AI_Reverse_Engineering</h2>
466635

467636
<div class="callout callout-warning">
468637
<div class="callout-header mono">
@@ -553,8 +722,8 @@ <h2 id="conclusion" class="mono"><span class="mono" style="color: var(--text-mut
553722
<p><strong>The reality:</strong> Windows kernel programming requires dedication and learning, but the ecosystem is designed to be accessible. The claim that only state-level actors can effectively work at this level contradicts the observable reality of thousands of independent researchers, small companies, and open-source contributors successfully working with Windows kernel technology daily.</p>
554723

555724
<nav class="section-nav">
556-
<a href="#pdb-symbols">← Previous Section</a>
557-
<a href="#ai-reverse-engineering">Next Section →</a>
725+
<a href="#source-files">← Previous Section</a>
726+
<a href="#conclusion">Next Section →</a>
558727
</nav>
559728
</article>
560729
</div>

0 commit comments

Comments
 (0)