Practical Reverse Engineering Solutions
Hey, Here I save all the solutions to the windows kernel chapter of the practical reverse engineering book. The exercises in this book are pretty insightful.
The target audience of these posts are:
- People that want to read cool stuff about windows kernel reverse engineering
- People that want to learn how to break down reverse engineering tasks effeciently
- People that actually do the exercises and need a reference to the solutions.
it’s important to remember: There are different ways to retrieve information about windows kernel components. For example - MSDN, WRK, ReactOs, etc - So for most essential kernel components like DPC, there’s no need to disassemble the kernel to find out information. These exercises are about learning reverse engineering, so we’ll not use information from WRK and ReactOs - Only MSDN and symbols.
I’ll perform the exercises on windows 10 x64.
The solutions:
Page 124-127: Linked Lists
The main focus of these exercises is to understand the usage of linked lists in the windows kernel.