SyscallProvider is a feature available from Windows 11 22H2, that allows for inline hooking of syscalls.
This unfinished research was done on Windows 11 22H2. The feature is fully undocumented at the moment and it looks like it's locked to Microsoft-signed drivers.
All of the information here was gathered by manual reverse engineering of securekernel.exe, skci.dll and ntoskrnl.exe.
The kernel exports three functions to work with the new feature: PsRegisterSyscallProvider, PsQuerySyscallProviderInformation, PsUnregisterSyscallProvider.
This writeup will explore how this feature is initialized, how it works internally, and how to interact with it and use it.
Duncan Ogilvie mrexodia
❤️
Kristal-g
/ SyscallProvider.md
Created
May 12, 2025 09:02
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- OldCheck: | |
| -- (omitted) | |
| # The Interaction Calculus | |
| The [Interaction Calculus](https://github.com/VictorTaelin/Interaction-Calculus) | |
| is a minimal term rewriting system inspired by the Lambda Calculus (λC), but | |
| with some key differences: | |
| 1. Vars are affine: they can only occur up to one time. | |
| 2. Vars are global: they can occur anywhere in the program. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| I want you to refine this brainstorming document into a prompt for a deep research system that will be tasked with writing a technical spike | |
| research document on a software engineering project. The goal of this research is to help guide future agentic coding systems into | |
| having a good understanding of the technical landscape around the software the user wants to create. | |
| <context> | |
| Deep research is a category of product where large language models capable of test time compute are paired with capacities to: | |
| - search the web | |
| - browse documentatin | |
| - read research paper | |
| - further refine their research based on their finding |
The Interaction Calculus (IC) is term rewriting system inspired by the Lambda Calculus (λC), but with some major differences:
- Vars are affine: they can only occur up to one time.
- Vars are global: they can occur anywhere in the program.
- There is a new core primitive: the superposition.
An IC term is defined by the following grammar:
Here's a much more complete description of how I do SSA, beyond just how I do Phis.
This describes how I do SSA form, which avoids the need to have any coupling between CFG data structures and SSA data structures.
Let's first define a syntax for SSA and some terminology. Here's an example SSA node:
A = Add(B, C)
In reality, this will be a single object in your in-memory representation, and the names are really addresses of those objects. So, this node has an "implicit variable" called A; it's the variable that is implicitly assigned to when you execute the node. If you then do:
hackermondev
/ research.md
Last active
June 5, 2025 18:26
Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform
hi, i'm daniel. i'm a 15-year-old high school junior. in my free time, i hack billion dollar companies and build cool stuff.
3 months ago, I discovered a unique 0-click deanonymization attack that allows an attacker to grab the location of any target within a 250 mile radius. With a vulnerable app installed on a target's phone (or as a background application on their laptop), an attacker can send a malicious payload and deanonymize you within seconds--and you wouldn't even know.
I'm publishing this writeup and research as a warning, especially for journalists, activists, and hackers, about this type of undetectable attack. Hundreds of applications are vulnerable, including some of the most popular apps in the world: Signal, Discord, Twitter/X, and others. Here's how it works:
By the numbers, Cloudflare is easily the most popular CDN on the market. It beats out competitors such as Sucuri, Amazon CloudFront, Akamai, and Fastly. In 2019, a major Cloudflare outage k
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <stdio.h> | |
| #include <wchar.h> | |
| #include <Unknwn.h> | |
| typedef enum _TTD_LOG_LEVEL | |
| { | |
| TTD_LOG_LEVEL_ERROR = 1, | |
| TTD_LOG_LEVEL_WARNING, | |
| TTD_LOG_LEVEL_INFO, |
richinseattle
/ _idapro9_macarm_patch_guide.md
Created
October 2, 2024 03:49
— forked from AutoScrape123TX/_idapro9_macarm_patch_guide.md
Guide: Patching IDA Pro 9.0 BETA
Note
Obligatory disclaimer: this is for educational purposes only. I am not responsible for any damages caused by following this guide, or using any of the script(s) herein.
This guide prioritizes arm64 macOS, but may also work for other platforms.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include "CertInjector.h" | |
| #include "MinHook.h" | |
| #include <string> | |
| #include <unordered_set> | |
| #define COUNT_OF(arr) (sizeof(arr) / sizeof(*arr)) | |
| // #define PRINT_DEBUG |
bartowski1182
/ calibration_datav3.txt
Last active
May 31, 2025 19:40
Calibration data provided by Dampf, combines his own efforts on top of Kalomaze's. Used for calibrating GGUF imatrix files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| In addition to a significant decrease in hepatic lipid accumulation in the IOE group, which inhibited energy intake by propionate enrichment, hepatic lipids were also significantly reduced in the mice in the IOP group, which was largely enriched with butyrate. Compared with the IOE group, IOP had a stronger regulatory effect on hepatic metabolism and triglyceride metabolism and higher levels of TCA cycle in the host. In addition, butyrate has the ability to promote browning of white adipose tissue (WAT) to brown adipose tissue (BAT).^[@ref39],[@ref40]^ WAT stores energy, whereas BAT uses energy for heating and consequently host energy expenditure increases.^[@ref41],[@ref42]^ However, adipose tissue weight does not change after WAT browning.^[@ref43]^ Therefore, the weight of adipose tissue of mice in the IOP group dominated by butyrate was greater than that of the mice in the IOE group dominated by propionate. | |
| In conclusion ([Figure [7](#fig7){ref-type="fig"}](#fig7){ref-type="fig"}C), the improvement of ob |
NewerOlder