Windows Insight: A New ERNW Repository

We are glad to announce the Windows Insight repository. The content of this repository aims to assist efforts on analysing inner working principles, functionalities, and properties of the Microsoft Windows operating system. This repository stores relevant documentation as well as executable files needed for conducting analysis studies.

Some of the content of this repository has been created in the course of a project named ‘Studie zu Systemaufbau, Protokollierung, Härtung und Sicherheitsfunktionen in Windows 10 (SiSyPHuS Win10)’ (ger.) – ‘Study of system design, logging, hardening, and security functions in Windows 10’ (eng.). This project has been contracted by the German Federal Office for Information Security (ger., Bundesamt für Sicherheit in der Informationstechnik – BSI). The work planned as part of the project is conducted by ERNW GmbH, starting in May 2017.

Windows Insight is structured as follows:

  • Folder files: This folder stores executable files, such as scripts and library DLL files, needed for conducting an analysis study.
  • Folder articles: This folder stores documentation articles on internal functionalities and properties of the Windows operating system. This documentation is often associated with executable files stored in the ‘files’ folder. It is structured with respect to different technologies or components of the Windows operating system. Documentation articles often take a reverse-engineer’s view so that readers can recreate analysis work and observe on their own.

The current list of articles includes:

  • ELAM: The Windows Defender ELAM Driver (Aleksandar Milenkoski)
  • The TPM: Communication Interfaces (Aleksandar Milenkoski)
  • The TPM: Integrity Measurement (Aleksandar Milenkoski)
  • The TPM: Workflow of the Manual and Automatic TPM Provisioning Processes (Aleksandar Milenkoski)
  • Virtual Secure Mode: Architecture Overview (Aleksandar Milenkoski, Dominik Phillips)
  • Virtual Secure Mode: Communication Interfaces (Aleksandar Milenkoski)
  • Virtual Secure Mode: Initialization (Dominik Phillips, Aleksandar Milenkoski)
  • Virtual Secure Mode: Protections of Communication Interfaces (Aleksandar Milenkoski)

We will continuously update the repository with new articles and executable files. New contents on the latest Windows 10 release of the Long Term Servicing Channel (LTSC) are coming soon.

– Aleksandar Milenkoski