Category Archives: Blog

IRPMon v0.8 Released

IRPMon is a tool capable of monitoring communication between drivers and applications and possibly between drivers themselves. The application is very similar to the IrpTracker utility and I created it because I needed something that works well also on new versions of Windows. Except working on Windows XP-10, the IRPMon brings certain advantages over the […]

New Certificate!

Finally, it seems I have found a certificate authority that suits my needs related to kernel mode code signing certificates. I am talking about the Certum CA from Poland. There are three main advantages: code signing certificates may be acquired by individuals, their price is quite good, the identity verification process is fast and not […]

Messing with Boot-time Drivers

Quite recently, one of our customres (the term “our” means Safetica Technologies s.r.o here) reported a strange problem with our software. The problem seemed to be related to one of our kernel drivers and Such troubles tend to land on my virtual desk; this one was no exception. This article describes our investigation that revealed […]

Windows 7/8/8.1 MBR Examination Part 2

The second (and the last so far) article about Master Boot Record and Windows boot process describes what the code stored in this special sector actually does. MBR Boot Code The boot code is executed in the real mode of the processor which implies non-flat addressing. Every address consists of two parts: segment and offset. […]

Windows 7/8/8.1 MBR Examination Part 1

Master Boot Record (MBR) is usually a label for the first sector of a hard drive. The sector contains part of the operating system boot code and information about primary partitions of the hard drive. The boot code gets executed just after BIOS finishes its initialization and performs POST sequence. Main task of the boot […]