Process termination in Windows is tricky... what will be the return code of a process compiled from the code below? gist.github.com/m417z/a226a456…

#Winbindex just got some extra data! Recently, I discovered that it's not so difficult to get the links to the missing updates. tl;dr old updates are removed from the Update Catalog, but MSU links still work. So I collected all links I could find: github.com/m417z/windows-… 🆕👇

I combined Everything's mighty indexing abilities together with Windhawk's modding powers to create a mod that adds the badly missing folder sizes right into Explorer! Check it out: windhawk.net/mods/explorer-…

If you want to customize your Windows PC, Windhawk is the app to try xda-developers.com/windhawk-windo…

Windhawk + Everything integration for immediate folder sizes in Explorer for Windows

If you haven't tried Windhawk on your Windows PC, you might want to change that xda-developers.com/reasons-windha…

Want to customize Windows to improve your workflow? Find out whether Windhawk or PowerToys is the best option for you. xda-developers.com/windhawk-vs-po…

Octoberfest7 Regarding brittleness, winbindex is a godsend to actually know if the gadget is stable accross versions. I usually check a few revisions of each non-EOL version from 14393, and if it's stable at least for each win version then it's acceptable (easy to check in KUSER_SHARED_DATA)

Process initialization question: Why would console creation (specifically, NtDeviceIoControlFile in ConsoleLaunchServerProcess) dispatch pending APCs? I expected my APC to be dispatched in NtTestAlert, not earlier.

Suppose you injected/loaded a DLL and hooked some functions. At some point you remove the hooks to unload the DLL. How can you be sure it's safe? I didn't see any hooking library or any written material that discusses this. Here's my take on the subject: github.com/m417z/thread-c…

Good to know I'm absolutely right, thanks ChatGPT!

I had to adjust the stack walking code for ARM64. Luckily, I found an implementation in the Chromium codebase. Surely it must be solid and well-tested, right? Well, turns out that the case of a syscall returning back to user mode wasn't supported. The fix: chromium-review.googlesource.com/c/chromium/src…

Quiz: Paste this command in Win+R and run it, what will happen? gist.github.com/m417z/4ba3bbc0… I was debugging some batch script which cleans up temp files. I grabbed a line, pasted it in Win+R for testing, and something unexpected happened. Luckily in a VM. WTF Microsoft?

Problem: I create a thread in a program and wait for events. Usually, a program exits with ExitProcess. But in rare cases, ExitThread is called, explicitly or by returning from the native entry point. What's the best way to detect that and exit? i.e. I want a "weak thread".

Another gap with waiting for all threads is that by having my extra thread exit last, it determines the process exit code, which would otherwise be determined by the last thread. This may have side effects, and I can't think of a simple way for the extra thread to fake it.

NtDoc has been updated with definitions and documentation from the official Windows Driver Kit DDI reference and portions of the Win32 API reference. This update reduces the need to switch between NtDoc and Microsoft Docs, addressing one of the most common suggestions for NtDoc.

NtDoc has been updated with definitions from the official Windows Driver Kit DDI reference and portions of the Win32 API reference. This update reduces the need to switch between NtDoc and Microsoft Docs, addressing one of the most common suggestions. ntdoc.m417z.com