ColinFinck.de

nt-load-order Part 2: More than you ever wanted to know

Sun, 26 Jan 2025 00:00:00 +0000

Welcome to the second part of my blog series on the Windows driver load order. Good to see that you made it up to here. After the preparations in my last post, we are now finally equipped with all necessary tools to analyze the load order and develop a compatible sorting algorithm …

nt-load-order Part 1: WinDbg'ing our way into the Windows bootloader

Sun, 19 Jan 2025 00:00:00 +0000

There are close to zero reasons to reverse-engineer the Windows driver load order. Which is exactly why I’m doing it. And if you are as crazy as me and want to write a Windows bootloader in Rust, you inevitably need to deal with this topic. Likewise, if you want to know what happens under the hood when booting …

A Decade After Stuxnet: How Siemens S7 is Still an Attacker's Heaven

Thu, 02 May 2024 00:00:00 +0000

Industrial Control Systems have long evolved from specialized electronics communicating over proprietary bus systems to fully-fledged embedded computers based on commodity Ethernet connections. The Stuxnet computer worm of 2010 demonstrated to the general public that this development makes Industrial Control Systems …

A new Windows CE x86 compiler in 2024

Tue, 26 Mar 2024 00:00:00 +0000

At ENLYZE we need to deal with operating systems from the last century on customer machines everyday. No matter whether it’s something “simple” like Windows 2000 running on an operator touch panel (“HMI”) or something peculiar like QNX 4 controlling a production machine: If they handle …

nt-apiset: A Rust parser for Windows API Set Map files

Fri, 09 Jun 2023 00:00:00 +0000

The next building block for my bootloader project is ready! nt-apiset is a parser written in Rust for the API Set Map files of Windows 10 and later versions. API Sets are dependencies of PE executables whose names start with “api-” or “ext-”, e.g. api-ms-win-core-sysinfo-l1-1-0 …

nt-string: The missing Windows string types for Rust

Wed, 31 May 2023 00:00:00 +0000

This release was not planned. I actually wanted to write a parser for Windows apiset DLLs, but quickly found myself implementing the umpteenth string type to handle Windows UTF-16 characters. After having done that work once for nt-hive and another time for ntfs, it was time to refactor the common parts into a crate …

On the hype around the critical Siemens S7-1200/S7-1500 vulnerability CVE-2022-38465

Fri, 16 Dec 2022 00:00:00 +0000

Around two months ago, the Team82 research group at Claroty disclosed a critical vulnerability in Siemens current S7-1200/S7-1500 series of PLCs. This is the next issue in a series of recent disclosures on the security of these ubiquitous logic controllers. What’s different this time is the whopping CVSS severity …

Talking at EuroRust about my Windows Linked List crate

Mon, 07 Nov 2022 00:00:00 +0000

I recently attended the first ever EuroRust in Berlin from 13th to 14th October. I have been eagerly looking for such a dedicated European conference on Rust, but my previous Google searches were all in vain - and always ended up here. Glad that’s no longer the case :) At EuroRust, I had the opportunity to speak …

Releasing the S7-Project-Explorer as open-source

Wed, 05 Oct 2022 00:00:00 +0000

After the ENLYZE PortSniffer in 2020, I’m glad to announce that another tool I developed at ENLYZE has just been released as open-source. The ENLYZE S7-Project-Explorer is a Windows application to explore Siemens STEP 7 projects and export a complete PLC variable list as a CSV table. This solves our recurring …

nt-list: Windows Linked Lists in idiomatic Rust

Thu, 28 Jul 2022 00:00:00 +0000

On my quest to develop a ReactOS/Windows bootloader in Rust, I inevitably had to stumble upon the infamous LIST_ENTRY structure used in the LOADER_PARAMETER_BLOCK. This is what Windows, Windows drivers, and components influenced by Windows (e.g. UEFI) have been using for a long time to uniformly handle linked lists …

My FOSDEM talk on implementing NTFS in Rust

Mon, 07 Feb 2022 00:00:00 +0000

FOSDEM 2022 has just ended. Despite being an all-virtual event again, it was another awesome conference with a packed schedule full of interesting talks. I had the honor of speaking about my recent NTFS Rust filesystem crate and the video is now online: Slides are available here. Thanks a lot to all volunteers for …

An implementation of the NTFS filesystem in a Rust crate

Fri, 14 Jan 2022 00:00:00 +0000

Happy new year everybody! It’s finally time to reveal a project I have been working on over several weekends of the past year. It’s also the next building block on my mission to write a ReactOS/Windows bootloader in Rust. ntfs is a Rust library that implements the low-level structures of the NTFS …

That time I had to patch the Universal CRT

Tue, 23 Nov 2021 00:00:00 +0000

I just finished a blog post where I replaced almost the entire Microsoft build toolchain for our Windows software with open-source alternatives better suiting our needs. Except for the Visual Studio C runtime library, nowadays called Universal CRT (shortened to UCRT or just CRT). The CRT had been performing without any …

Relaunched my website!

Sun, 21 Nov 2021 00:00:00 +0000

I finally got the mood to do what was long overdue and recreate my website from the ground up. People who visited ColinFinck.de within the past decade must have had the impression that I vanished without a trace. Whereas in reality, I had just been extremely busy with ReactOS, Rust, and my daily job at ENLYZE. There …

Targeting 25 years of Windows with Visual Studio 2019

Tue, 19 Oct 2021 00:00:00 +0000

Our method to build software compatible down to Windows 2000 using Visual Studio 2017 served us well for several months. And trust me, I had really hoped that Windows 2000 would be as low as we ever had to go. But the world of industrial manufacturing surprises you every day. So at some point, we inevitably stumbled …

Modern Visual Studio meets ancient Windows

Tue, 05 Oct 2021 00:00:00 +0000

In my previous blog series, I have shown how to write Win32 applications in 2020 using the amenities that modern C++ brings. Writing an application in 2020 doesn’t mean that we have to forget about 2000 though: The unrivaled compatibility of the Win32 API makes it possible to run your modern application even on …

nt-hive: A Rust crate for parsing Windows registry hive files

Sun, 21 Feb 2021 00:00:00 +0000

I have embraced the Rust programming language since my unikernel thesis 3 years ago, and at my daily job at ENLYZE I get to use it everyday for implementing parsers for machine protocols. What had been missing so far was a Rust project that combines my passions for Rust and ReactOS. Aiming to fix this, I’m …

The ENLYZE PortSniffer - Monitor serial/parallel port traffic on modern Windows

Mon, 19 Oct 2020 00:00:00 +0000

I’m proud to release the first open-source product of ENLYZE today, a driver and tool to monitor serial/parallel port traffic on modern Windows systems (Windows XP and later). You can download it and get the source code from our GitHub page. Naturally, we would have used the popular Sysinternals Portmon tool for …

Writing Win32 apps like it's 2020: A DPI-aware resizable wizard

Thu, 30 Jul 2020 00:00:00 +0000

User interfaces in 2020 need to consider many more details than those of previous generations. One of the biggest changes of the last decade is certainly the introduction of HiDPI displays, displays with much higher resolutions together with software using more pixels per GUI element. Win32 with its pixel-based …

Writing Win32 apps like it's 2020: Helpers for a modern C++ world

Thu, 30 Jul 2020 00:00:00 +0000

We are now going to get into the nitty-gritty details of Win32 and how modern C++ can help us here: Pointers that free themselves, Universal C++ containers, String resources without regrets, Mastering the handle mess, Gracefully failing constructors, The only WndProc you’ll ever need, …