Practical Reverse Engineering Solutions

Hey, Here I save all the solutions to the windows kernel chapter of the practical reverse engineering book. The exercises in this book are pretty insightful.

The target audience of these posts are:

it’s important to remember: There are different ways to retrieve information about windows kernel components. For example - MSDN, WRK, ReactOs, etc - So for most essential kernel components like DPC, there’s no need to disassemble the kernel to find out information. These exercises are about learning reverse engineering, so we’ll not use information from WRK and ReactOs - Only MSDN and symbols.

I’ll perform the exercises on windows 10 x64.

The solutions:

Page 124-127: Linked Lists

The main focus of these exercises is to understand the usage of linked lists in the windows kernel.

Page 140: DPC - Deferred Procedure Calls