OS Dev

Read “Windows Internals: Thread Management — Part 1“ by OS Dev on Medium: This article discusses about ETHREAD, KTHREAD kernel objects & windows scheduler - how it schedules a thread. medium.com/windows-os-int…

Bensoussan, Clingen & Daley (1972) – The Multics Virtual Memory: Concepts and Design Explains the combination of segmentation and paging that influenced modern VM systems. ed-thelen.org/MulticsVM.pdf

Algorithm to avoid race conditions? youtu.be/QAzuAn3nFGo?si…

One of the most interesting Windows NT kernel bugs is MS08-067 - tracked as CVE-2008-4250 - learn.microsoft.com/en-us/security… The vulnerability was in the Server service ("srvsvc") and was triggered remotely through a crafted RPC request. An unchecked path parsing routine led to a stack buffer overflow, allowing attackers to execute code in kernel-related services without authentication. It became the primary infection vector for the Conficker worm, proving that a single parsing bug could compromise millions of Windows machines worldwide.

Daley & Dennis (1968) – Virtual Memory, Processes, and Sharing in MULTICS Introduces segmentation and virtual memory concepts. andrew.cmu.edu/course/15-440/…

@sudox7 @VazeKshitij @Vicharak_In @Vicharak_In please help

@OSdev_ @VazeKshitij @Vicharak_In hey how can i get this i am thinking to get a esp but if this available i will buy it

I’d like to sponsor this FPGA learning kit for a deserving student who genuinely wants to learn FPGA but can’t afford it. Just a small help from my side. @VazeKshitij @Vicharak_In, could you help me find someone who would benefit from this opportunity?

@0day_ninja @VazeKshitij @Vicharak_In You're doing great ! Wish you luck ! I'll re-check this after 2-3 days to see if there are more responses :)

@OSdev_ @VazeKshitij @Vicharak_In I'm right here😭

@aryamman_bhatia @hackerfabindia @4rynv What you guys are doing is incredible !!

In a few years you’ll be able to have a chip lab in your hostel room

Randell & Kuehner's Dynamic Storage Allocation Systems (1968) is one of the earliest papers that studies how operating systems allocate and reclaim memory at runtime. Instead of proposing a new allocator, it surveys existing allocation techniques and classifies them based on their design and trade-offs. The paper discusses fixed-size and variable-size allocation schemes, relocation, protection, and different placement algorithms such as first fit and best fit. A major focus is memory fragmentation, especially external fragmentation, and how it affects long-running systems. It highlights the limitations of contiguous allocation and provides a framework for evaluating dynamic storage management techniques that later influenced modern memory management designs. *This motivated the innovation of Paging*

@splinedrive That's incredible man. Could you please share any articles or blogs that I can follow along ?

I think I need to finish my SoC and use it as my daily machine. The more I learn, the less I trust the existing stack — from vendor silicon to distribution packages. At some point, building everything yourself starts to look like the only way to know what's really running.

@abhi9u That's very unfortunate. Trusting only software without any hardware backing up in safety-critical systems is very risky.

TIL about a race condition bug in a radiation therapy machine called Therac-25 that caused the deaths of 3 patients. Therac was a radiation therapy machine for treating cancer patients. It had two modes: electron beam for shallower treatment, and high-energy x-ray/photon for deeper treatments. The older models of the machine had hardware interlocks as safety mechanisms to prevent any bad configuration from ever happening. Then came Therac-25 that removed many of the hardware interlocks in favor of implementing them in software. There was a race condition in which if an operator entered the wrong mode (e.g. x-ray) and then switched it quickly within 8 seconds, the mode would not be updated. As a result, the patient could end up receiving massive overdose of radiation. Between 1985-87, six such accidents were known to have occurred, leading to the death of at least 3 patients. Wikipedia notes this as a case study in software engineering and the danger of engineer overconfidence.

Randell & Kuehner (1968) – Dynamic Storage Allocation Systems One of the classic surveys explaining contiguous allocation techniques and fragmentation problems. researchgate.net/profile/Brian-…

Windows Boot Flow youtu.be/mxj7z6WqK14?si…

Windows NT kernel bug CVE-2022-21882 - sentinelone.com/vulnerability-… The vulnerability abuses a use-after-free in "win32k.sys". By carefully manipulating window objects and their lifetime, an attacker can make the kernel operate on a freed object that is now under attacker control. This primitive is then used to achieve arbitrary kernel read/write and finally swap the current process token with the SYSTEM token.

One of the most fascinating Windows kernel bugs is CVE-2023-21768 - sentinelone.com/blog/cve-2023-… A simple integer overflow in the Common Log File System (CLFS) driver causes the kernel to allocate less memory than required but continue writing as if the buffer was large enough. The resulting out-of-bounds write corrupts adjacent kernel objects, giving attackers arbitrary kernel read/write and eventually SYSTEM privileges.

@vivekgalatage Thank you 😀

The amazing perf book you will need github.com/dendibakh/perf…

One of the most interesting Windows NT kernel bugs is CVE-2018-8611 - nccgroup.com/research/cve-2… It's a series of 5 articles. The exploit didn't need to overflow any buffer. Instead, it abuses a race condition in the Kernel Transaction Manager (KTM) to create a use-after-free. Once the attacker gets an arbitrary kernel read/write, it's game over, they simply replace their process token with the SYSTEM token and instantly become SYSTEM.

One unchecked integer multiplication can own the entire Windows kernel. In CVE-2024-30088, an integer overflow caused the kernel to allocate a smaller buffer than required while continuing to process it as if it were large enough. The resulting out-of-bounds write let attackers corrupt kernel memory, build arbitrary read/write primitives, and ultimately replace their process token with the SYSTEM token. github.com/tykawaii98/CVE…

CVE-2021-1732 is a great example of how a tiny logic bug can compromise the entire Windows kernel. During "NtUserCreateWindowEx()", an attacker abuses a user-mode callback to confuse "win32k.sys" about a window's "cbWndExtra" and "pExtraBytes" fields. This type confusion turns "SetWindowLongPtr()" into an arbitrary kernel read/write primitive, allowing the attacker to overwrite the current process token with the SYSTEM token and gain full privileges. safe.security/wp-content/upl…

@IITBHU_Varanasi This is insanely cool !!

IIT (BHU) students have completed the institute’s first-ever silicon tape-out! Primarily led by second-year B.Tech students from the Department of Electronics Engineering, the team designed a 64-point FFT Hardware Accelerator chip in just 5 months using the SKY130 process and submitted it for fabrication through the Tiny Tapeout MPW Shuttle Program. FFT technology is a key component in modern communication systems, AI applications, medical imaging, GPS, radar, and multimedia platforms, making this achievement a significant step in hands-on semiconductor innovation. A landmark accomplishment for undergraduate research, indigenous chip design, and India’s journey towards technological self-reliance. #IITBHU #Semiconductors #ChipDesign #VLSI #AtmanirbharBharat