Author Archive

Windows UEFI startup – A technical overview

Trough this analysis paper we’ll give a look at Windows 8 (and 8.1) UEFI startup mechanisms and we’ll try to understand their relationship with the underlying hardware platform. Windows boot manager and loader The Windows boot manager starts its execution in the EfiEntry procedure. EfiEntry is, as

Securing Microsoft Windows 8: AppContainers

Recently, we have been conducting an analysis concerning the new Windows 8 security features. There are few documents available in Internet about this topic and no one of them explains the entire implementations in detail. The paper has been divided in two parts because of the complexity of

Saferbytes x86 memory bootkit: new updated build is out

Some months ago we wrote a blog post about physical memory limits in all Microsoft Windows 32 bit builds along with a test application able to install a bootkit in the system. This bootkit enables the operating system to exploit all available memory above 4 GB (up

UEFI technology: say hello to the Windows 8 bootkit!

In this article we are going to analyze the Unified Extensible Firmware Interface, from both a technical and security perspective. We will also take a brief look at the new Windows 8 EFI Kernel, we’ll discover many new interesting feature Microsoft implemented in it. In the beginning

x86 4GB memory limit from a technical perspective

In this post I’d like to talk about the x86 memory restriction in Windows. As you may already know, every 32bit build of Windows operating system can’t handle more than 4GB of memory and part of it is already used by the operating system to map hardware