Windows Internals Crash Course

1:52 -> Process
2:53 -> Process Creation (Kernel)
4:18 -> PE
9:10 -> PEB
10:43 -> TEB
13:29 -> Calling Conventions
15:06 -> DllMain/TLS Callbacks
23:56 -> Debuggers
26:18 -> LdrInitializeThunk
37:02 -> RtlUserThreadStart
41:47 -> Syscalls
44:10 -> Callbacks
49:42 -> Process Monitor

Great presentation, thank you so much!

Hade-hwvl

It is really hard to find quality content covering Windows Internals that starts at a fundamental, digestible level. This was exceptionally done and I really hope you keep producing content like this. Your time and hard work is genuinely appreciated.

jasonmatthewhillman

security researcher mantains x64 dbg hammer and sickle ur truly the goat

hegelian

this is really gonna help me through my reversing journey, thank you

modifyingmemory

Your such a beast Duncan, so glad people like you exist.

moviesynopsis

the creator & maintainer of x64dbg, no way dude that's awesome lol

SF-egfq

Wow the creator of dbg ❤️ I dont know how to use it yet but amazing

evilazzuratm

Hey Mr.Exodia - Good to see the video!

SourceCodeDeleted

quick question:
at 13:18 you said you can't read the register directly. so i made a quick program in fasm to check if this is true:
format PE GUI
include 'win32axp.inc'
.code
_entry:
lea esi, [fs:0]
.end _entry

when i run this in x64dbg it shows that fasm instead assembled `lea esi, dword ptr ds:[0]`. however, if i change lea to mov, it assembles the fs register correctly. any idea why this occurs?

edcdecl

lol @ the hammer & sickle on "Love doing Open Source"; ask programmers, the guy who invented Tetris comes to mind, in the former CCCP how any kind of personal 'intellectual property' was treated. But great content. Being a *NIX guy I appreciate seeing the Windows side of things too.

leon_De_Grelle

Nice to know that the creator of x64dbg is dutch :)

Timo-Epis

I needed this crash course! Thanks 🦾 hope to see more

updateserver