Find which process is using the microphone, from a kernel-mode driver

Background A while ago I was at Alex Ionescu's house and we were discussing random Windows internals stuff. I learned that we both discovered cool things in the Windows Notification Framework (WNF). Alex and Gabrielle Viala presented their research on the topic at Black Hat USA 2018 (BHUSA2018) [1]. It is fairly comprehensive and will… Continue reading Find which process is using the microphone, from a kernel-mode driver

System call dispatching for Windows on ARM64

System call dispatching on Windows ARM64 Background Microsoft recently announced that there will be Windows ARM64 devices. Technically, it should be "AArch64" but ARM64 is easier to type. This article briefly documents the system call dispatching mechanism for Windows on ARM64.  Readers are assumed to be familiar with ARM64 assembly and system call dispatching on… Continue reading System call dispatching for Windows on ARM64