# Internals

* [Configuring Kernel Debugging Environment with kdnet and WinDBG Preview](https://hamcodes.gitbook.io/hackersnotes/reversing-forensics-and-misc/internals/configuring-kernel-debugging-environment-with-kdnet-and-windbg-preview)
* [Compiling a Simple Kernel Driver, DbgPrint, DbgView](https://hamcodes.gitbook.io/hackersnotes/reversing-forensics-and-misc/internals/compiling-a-simple-kernel-driver-dbgprint-dbgview)
* [Loading Windows Kernel Driver for Debugging](https://hamcodes.gitbook.io/hackersnotes/reversing-forensics-and-misc/internals/loading-windows-kernel-driver-for-debugging)
* [Subscribing to Process Creation, Thread Creation and Image Load Notifications from a Kernel Driver](https://hamcodes.gitbook.io/hackersnotes/reversing-forensics-and-misc/internals/subscribing-to-process-creation-thread-creation-and-image-load-notifications-from-a-kernel-driver)
* [Listing Open Handles and Finding Kernel Object Addresses](https://hamcodes.gitbook.io/hackersnotes/reversing-forensics-and-misc/internals/listing-open-handles-and-finding-kernel-object-addresses)
* [Sending Commands From Your Userland Program to Your Kernel Driver using IOCTL](https://hamcodes.gitbook.io/hackersnotes/reversing-forensics-and-misc/internals/sending-commands-from-your-userland-program-to-your-kernel-driver-using-ioctl)
* [Windows Kernel Drivers 101](https://hamcodes.gitbook.io/hackersnotes/reversing-forensics-and-misc/internals/windows-kernel-drivers-101)
* [Windows x64 Calling Convention: Stack Frame](https://hamcodes.gitbook.io/hackersnotes/reversing-forensics-and-misc/internals/windows-x64-calling-convention-stack-frame)
* [Linux x64 Calling Convention: Stack Frame](https://hamcodes.gitbook.io/hackersnotes/reversing-forensics-and-misc/internals/linux-x64-calling-convention-stack-frame)
* [System Service Descriptor Table - SSDT](https://hamcodes.gitbook.io/hackersnotes/reversing-forensics-and-misc/internals/system-service-descriptor-table-ssdt)
* [Interrupt Descriptor Table - IDT](https://hamcodes.gitbook.io/hackersnotes/reversing-forensics-and-misc/internals/interrupt-descriptor-table-idt)
* [Token Abuse for Privilege Escalation in Kernel](https://hamcodes.gitbook.io/hackersnotes/reversing-forensics-and-misc/internals/token-abuse-for-privilege-escalation-in-kernel)
* [Manipulating ActiveProcessLinks to Hide Processes in Userland](https://hamcodes.gitbook.io/hackersnotes/reversing-forensics-and-misc/internals/manipulating-activeprocesslinks-to-hide-processes-in-userland)
* [ETW: Event Tracing for Windows 101](https://hamcodes.gitbook.io/hackersnotes/reversing-forensics-and-misc/internals/etw-event-tracing-for-windows-101)
* [Exploring Injected Threads](https://hamcodes.gitbook.io/hackersnotes/reversing-forensics-and-misc/internals/exploring-injected-threads)
* [Parsing PE File Headers with C++](https://hamcodes.gitbook.io/hackersnotes/reversing-forensics-and-misc/internals/parsing-pe-file-headers-with-c++)
* [Instrumenting Windows APIs with Frida](https://hamcodes.gitbook.io/hackersnotes/reversing-forensics-and-misc/internals/instrumenting-windows-apis-with-frida)
* [Exploring Process Environment Block](https://hamcodes.gitbook.io/hackersnotes/reversing-forensics-and-misc/internals/exploring-process-environment-block)
* [Writing a Custom Bootloader](https://hamcodes.gitbook.io/hackersnotes/reversing-forensics-and-misc/internals/writing-a-custom-bootloader)