no ads, no fancy wording, no overreaction just simply going straight to the point. really like your videos and i am always happy if a new one pops up at my frontpage :)
This is genuinely so insane, how did you learn to use windbg like that?? Also how did you know what function in the kernel you wanted, from messing around with it or a book/class?
Experience and reading the docs :) also specifically for Kernel debugging there is a recommended free book (that comes with the windows sdk) that is handy, I will put info about this next time I update the welcome page. About the second question, I found the specific function through my own reserach, info about BasicDisplay is pretty scarce on the WWW
Amazing video just for the sheer amount of WinDbg knowledge you have. It is far more entertaining to hear and see the commands in a neat tidy and time respecting package that you have offered here compared to reading the docs. Bless you and I'm so glad I got this recommended. Keep it up, perfect pace and no nonsense and wasting time. As for the debugging part, I have had the most productive success by running a Hyper-V Windows instance and using network debugging aka KDNET. Everything else was way too slow for me.
Interesting, I actually haven't tried network debugging yet since serial works pretty well in my experience, but now that I think about it, it is a little slow sometimes, I'll give it a try sometime. Also the Hyper-V setup, looks interesting!
@@jirehla-ab1671 nope win32 is just a legacy nickname of windows api going back to the old days when there was also a 16bit windows api, nowadays win32 just means windows api in general
Its actually kinda cool , compared to the insanity of the Linux Graphics stack, Windows is a surprisingly good system. That's one of the reasons I run Xen and use Windows as a DE.
Man I am genuinely surprised at how cool Windows really is. Its docs are outstanding, APIs makes so much sense, development tools are simply awesome. And your videos are so cool man, always extremely informative. Please keep making more such videos related to Windows.
Too bad it's closed source and they shove adware and spyware into it. If it were open source, at least we could confidently strip out whatever crap we don't want
Is this sarcastic? The docs are really lacking once you get into the more complicated stuff. Your only option at that point is obscure books or asking people "in the know". I wouldn't call that good docs. APIs also stop making sense when you hit the Function2Ex territory.
@@theairaccumulator7144 not sarcastic. I have had a look at some API functions and they were well documented. Maybe there are docs which lack details which I am unaware of, I am sure there should be some way to report it so they can improve it.
Your videos are amazing! They are super informative, to the point, and incredibly interesting. They are also technical, yet very easy to watch. I'd watch an hour long video if you made one. Keep up the great work!
I'm genuinely happy that I didn't know it was that easy to grab and use debugging information in Windows through the serial port like that, or I could be profiled for being a potential Windows hacker. Great video, and super crazy that this is even possible. Love watching interesting things like this. Personally, I'm mainly a Linux user, but love learning and understand all technology, as each bit of software is always put together in it's own unique way. Windows is interesting as it is closed source, and I find it generally more difficult to see it's internals, this video really changes that perspective for me, seeing a command like "lsmod" on Linux to see all loaded modules in the Windows kernel... Mind blown!
I would really love to see you break the hell out of an operating system and see some really interesting artifacts. Man who would have though that kernel debugging would be so awesome!
This is a genuinely good video. Thanks for making this, I can't be bothered enough to actually figure out windbg and you've pretty much set up the most practical foundation with this.
awesome video. makes me wonder why they have two different APIs on top of DirectX. Why not have just one API with both the simpler Rectangle calls along with more advanced ones. An area I always wanted to see explored is how something like openGL works across different platforms such as Windows and Linux where you have a common openGL API that caters, under the hood, to make the right call/bindings to whatever system it's on (directx, x11 is it? or wayland?) anyway, love these low level how things work videos and your style of just getting right to the dam point without a lot of upfront yappin lol... anyway, you got another subscriber!
One of the reasons is historical, GDI is considered a legacy API and Direct3D is more modern and used by many modern applications and also components of Windows (even DWM - the window manager that is built-in Windows uses Direct3D). GDI is simpler to use but is a lot more limited in terms of performance and features. But in the end Windows has to remain backwards compatible and thus GDI is here to stay.
damn I was actually researching how to write to the graphics frame buffer so that I could create my own little undetected esp cheat but everywhere I read about it people were saying thats a thing one would do ages ago and that displaying graphics nowadays wouldnt be as easy as just writing pixel color values to a buffer - but here we are. Dope video as always!
These videos are gold. Thank you for sharing with us, mr Nir! One thing that has always puzzled me is whether total obfuscation of a virtual machine (VM) is possible or if it can still be detected. Some malware can determine if a host is running on bare metal or in a VM, but I’m not sure how they accomplish this. I’ve read that there are methods like checking the Windows registry for certain keys, querying hardware information with tools like dmidecode, and so on. But is it possible to obfuscate a VM to the extent that it is 100% undetectable?
Never in a million years would I suspect microsoft giving debuggung capabilities to the average windows user! Wouldn't this allow people to try and clean-room decompile the kernal? The debugging symbols would be really useful for that kind of stuff...
@@smallcube-zn2mm It's true & it's not my fault you've never been smart enough to bother looking. There's a whole world outside your Reddit-harvested opinions :)
@@smallcube-zn2mm no they're quite serious, its just the deeper into the kernel you go, the less documented it becomes. but a large amount of it is publicly documented
Great video! I used to do this in DOS with assembler. Nothing really new about overwriting the raw bytes drawn to the screen. Today, it's just more complex to do.
this is pretty off topic but here goes first time i was learning opengl i thought it was pretty stupid but now that i am trying it again with a little more experience, i think it has really nice and logical interface i don't know why i am writing this in a comment section maybe beacuse i just want to talk about it with like minded people
This is my experience when learning everything Try something -> quit because it’s hard -> try again and it’s so much easier because I’ve already learned so much
@@commander3494 thats a great choice and learning web gpu will also be useful in case you want to learn vulkan in the future because the concepts translate well from web gpu to vulkan
The mouse pointer functions over there come from the win32k driver which was part of the move Microsoft did in the second major release of NT - they moved part of the graphical subsystem to the kernel to improve performance, hence the name win32k (win32 kernel part)
Comments so the algo recommends me more of your stuff. I'm not yet skilled wnough to be at the level of fully dollowing your vids, Its neat knowledge. But when I'll get there I want them. Algods: Great video. Very helpful. Loved it. Thank you you helped me so much. Seriously, I had this problem for 3 months and I just fixed it with it. You can't imagine how much it helped me. I wish more people would see it. It's criminal you don't have more subscribers. Should be enough. Love your stuff for real. Cya
Awesome video!!! Would this be a valid way to realize a desktop warp (and blend) to project the screen onto a curved canvas by reading the current pixel value and putting it somewhere else? or would you rather use a more high-level API? :)
Thanks! The trick I did in the video is very hacky, I wouldn't recommend to build something based on that :) I would start by looking to see if there is a clean existing solution (program/driver) and if not look into a clean solution using an API (for example looking into the available DWM API methods in the win32 docs), but since this is quite a unique use case there is a good chance no API exists (at least in user mode) to facilitate this, and then you could resort to trying to make a more hacky user mode solution (perhaps extending dwm or the user mode graphical driver), or perhaps making a driver to help with this in the kernel
This is really cool low level stuff, where do you learn these things? I wanna know more and get in to doing some cool experiments like this, do you have any resources?
Hey nice video! i am wondering where the bytes you turned to grey are located, is it the ram or the graphic-ram? Thanks a lot in advance, always nice to so where problems have their roots, since i had these kind of graphic bugs with my old pc and was wondering what was wrong.
Really interesting video, thank you! Is it possible to do the same regarding some popular display manager and desktop environment on linux just to get a better grasp of it?
who are you? this is good and amazing, we wanto more windbg stuff and windows topics. do you have some private channel or somethingfrom where we can learn, pay for this? Thank you.
Oh I've encountered graphical bugs where the screen would be totally black unless i move my cursor, in which whatever is in the cursor's path somehow regenerates my wallpaper and other GUI elements. As if I'm 'magic brushing' in the correct colours on my screen. ....and now I have a bit of a deeper clue as to why! Perhaps, some memory space was just zero'd out and I guess it even zero'd out the ones responsible for storing the information of the frame buffer so everything went black, until it gets updated with new information such as having to render a cursor and the shadow effects around said cursor?
The truly impressive thing is how expertly you used WinDbg. That thing is *not* user-friendly. The few times I've had the misfortune of using it, it felt like the sort of thing meant to be used internally within Microsoft to aid in Windows development, and only later did they decide to release it.
Thanks :) right, it's highly geared for internal Microsoft Windows dev and in fact in the kernel debugging tutorial document that comes with the Windows SDK it can clearly be seen in the screenshots that Microsoft uses WinDbg to debug Windows on the source level. And indeed the learning curve is steep at first, but the debugger is very powerful.
@@YmanTH-cam yes, that's what "3rd party graphics client" refers to in the graph :) As far as I understand -it's- the directx kernel subsystem is similar to the "Direct rendering manager" on Linux, in that it manages per-process memory for the GPU and such.
Man you so good. Thx for ur videos. Can u advice some books abt understanding windows from zero. Im understand smth in progrmming, but idk low level things in windows
In case i'm running a game that's using Vulkan api instead of directx (i suppose the correct name should be direct3D), will everything be handled anyway by the directx kernel subsystem in the lower level?
That's awesome. Has Windows always allowed you to debug it just willy-nilly like that? Maybe you could make a video on patching it, to either alter functionality or to legitimately fix bugs. It'd be cooler still if we had access to the source, but back when I was a kid we'd patch commercial applications when they had bugs and think nothing of it, so why not.
Could you do something similar and trace how the graphics stack works on Linux? I think there's a huge value in seeing how to do this kernel debug tracing and how to set up all the tools to analyze that for Linux. Thanks!
maybe because he wants to be able to run Premiere for video editing or doesnt want to have trouble with anti cheat in games. Or he had a bad experience with an Nvidia gpu in Wayland. But most likely because WinDbg is a windows program, and debugging a windows kernel is easier with a windows host. Anyhow let's leave the tribalism aside. He can use whatever he wants, even TempleOS.
I have 1 small question. Why didn't windows immediately refresh the screen with new content even after you wrote the fb with white and grey data. I thought that it followed the swap chain method, where the backbuffer gets switched and becomes the front buffer, erasing all the custom content you just wrote.
Windows UI code doesn't work in the same way as games do. It tries to only refresh parts of framebuffer which actually have some changes. For performance reasons. This approach does not work with 2 buffers.
@@rohitjacob803 A typical desktop application (including the desktop environment itself) doesn't change much if no user input is involved. Think: An uncompressed screenshot of my computer's desktop (same aspect ratio) is open on your device. If you touch nothing, will you be able to distinguish it from a real running os? Now let's say that you moved your mouse, this invalidates the pixels that correspond with previous/next mouse positions. Nothing really changed beside those few pixels, so why bother rerendering the whole UI again. This concept in graphics programming is called damage and is often used in event-driven desktop applications.
From pdb files which are automatically fetched by WinDbg from Microsoft's public symbols server (the default WinDbg symbol path config has Microsoft's server as part of the search), the server contains symbols for many Windows components and versions to assist debugging.
When you said "win d b g", I immediately get reminded of a video by MattKC about porting housands of apps to windows 95 and his awful struggle with windbg, which lead him to pronounce it as "win dbg" (not even "debug", just pronounced as "dbg" in the most awkward way possible) It was so funny tho, and hope windbg isn't that bad today?
the kernel doing the graphics is a bit cursed in my opinion, but windows is a GUI only operating system anyway so idk if that's a actually a problem or not
interestingly on the first release of Windows NT they had a lot of the graphical handling in user mode as part of the win32 subsystem, on the next major release they pushed it down to the kernel for performance reasons and called the kernel part win32k - the kernel side of the win32 subsystem
not an expert on this by any means, but that method was very popular when windows was just starting to take hold in the days of ms-dos, since graphics were usually cpu driven on very slow (by modern standards at least) single core cpu's. the bandwidth to copy around entire windowfuls at a time just wasn't there to keep up a speedy pace, so only the changes were ever written to screen
@@BudgiePanic i feel like boiling winapi down ti a retained mode user interface isn't quite enough given how weird using it can feel. it's event driven more than anything else, including repaints, though i'm nowhere near clear on the theory behind everything
no ads, no fancy wording, no overreaction just simply going straight to the point. really like your videos and i am always happy if a new one pops up at my frontpage :)
@@givememoJo Vulkan > DirectX
I like to call that type of stuff "retention bait" like click bait but instead it's to make you think it's worth it to continue watching
exactly that
@@Osmosisisthespontaneousnetmove It's kinda true as Vulkan supports other operating systems :)
bot i seen your comment 500 times
Never thought someone could explain so easily going from an action, to the driver, to the kernel, to fking ASSEMBLY, this was brilliant.
This is genuinely so insane, how did you learn to use windbg like that?? Also how did you know what function in the kernel you wanted, from messing around with it or a book/class?
Experience and reading the docs :) also specifically for Kernel debugging there is a recommended free book (that comes with the windows sdk) that is handy, I will put info about this next time I update the welcome page. About the second question, I found the specific function through my own reserach, info about BasicDisplay is pretty scarce on the WWW
The good answer is always "read the doc", I hate this answer x')
@@jackcartersmithWhy do you hate it? Curious
@@tablettablete186 i guess cuz it's a obvious answer and what we already know but just don't do it
@@eobardthawnemcoc have the point :P
This channel is a hidden gem. Should have millions of subscribers
Billions must subscribe
@@TheVizualkat trillions tbh we need a larger population to sufficiently appreciate this
Amazing video just for the sheer amount of WinDbg knowledge you have. It is far more entertaining to hear and see the commands in a neat tidy and time respecting package that you have offered here compared to reading the docs. Bless you and I'm so glad I got this recommended. Keep it up, perfect pace and no nonsense and wasting time.
As for the debugging part, I have had the most productive success by running a Hyper-V Windows instance and using network debugging aka KDNET. Everything else was way too slow for me.
Interesting, I actually haven't tried network debugging yet since serial works pretty well in my experience, but now that I think about it, it is a little slow sometimes, I'll give it a try sometime. Also the Hyper-V setup, looks interesting!
@@nirlichtman does win32 really mean that its just for 32 bit
@@jirehla-ab1671 nope win32 is just a legacy nickname of windows api going back to the old days when there was also a 16bit windows api, nowadays win32 just means windows api in general
Always high quality content 👏
Interesting to see what is actually happening under the hood of Windows. Keep up the good work.
Its actually kinda cool , compared to the insanity of the Linux Graphics stack, Windows is a surprisingly good system.
That's one of the reasons I run Xen and use Windows as a DE.
10:06 I got flashbacks from Win 9x era
Man I am genuinely surprised at how cool Windows really is. Its docs are outstanding, APIs makes so much sense, development tools are simply awesome. And your videos are so cool man, always extremely informative. Please keep making more such videos related to Windows.
Too bad it's closed source and they shove adware and spyware into it. If it were open source, at least we could confidently strip out whatever crap we don't want
Is this sarcastic? The docs are really lacking once you get into the more complicated stuff. Your only option at that point is obscure books or asking people "in the know". I wouldn't call that good docs. APIs also stop making sense when you hit the Function2Ex territory.
@@theairaccumulator7144 not sarcastic. I have had a look at some API functions and they were well documented. Maybe there are docs which lack details which I am unaware of, I am sure there should be some way to report it so they can improve it.
@@theairaccumulator7144 Windows docs may be better than average API docs, and this may be thanks to the average being pretty abysmal.
This has helped explain so many graphics weirdness bugs I've encountered over the years
Your videos are amazing! They are super informative, to the point, and incredibly interesting. They are also technical, yet very easy to watch. I'd watch an hour long video if you made one.
Keep up the great work!
Very rare to see such high quality and to the point content these days
I'm genuinely happy that I didn't know it was that easy to grab and use debugging information in Windows through the serial port like that, or I could be profiled for being a potential Windows hacker. Great video, and super crazy that this is even possible. Love watching interesting things like this. Personally, I'm mainly a Linux user, but love learning and understand all technology, as each bit of software is always put together in it's own unique way. Windows is interesting as it is closed source, and I find it generally more difficult to see it's internals, this video really changes that perspective for me, seeing a command like "lsmod" on Linux to see all loaded modules in the Windows kernel... Mind blown!
I would really love to see you break the hell out of an operating system and see some really interesting artifacts. Man who would have though that kernel debugging would be so awesome!
This is a genuinely good video. Thanks for making this, I can't be bothered enough to actually figure out windbg and you've pretty much set up the most practical foundation with this.
Bro casually messes up windows kernel memory like this is some sort of hello world example in JavaScript
Best channel for systems programming, always learn something new each video. Keep it up! 👌👌
my professor wants to give you 6 credit points for this awesome straight to the point demonstration
So this is how some of the malware do some cool wavy stuffs. Super thanks sir!
while i may not understand all things shown, i like how you break down topics and apply them
awesome video. makes me wonder why they have two different APIs on top of DirectX. Why not have just one API with both the simpler Rectangle calls along with more advanced ones. An area I always wanted to see explored is how something like openGL works across different platforms such as Windows and Linux where you have a common openGL API that caters, under the hood, to make the right call/bindings to whatever system it's on (directx, x11 is it? or wayland?) anyway, love these low level how things work videos and your style of just getting right to the dam point without a lot of upfront yappin lol... anyway, you got another subscriber!
One of the reasons is historical, GDI is considered a legacy API and Direct3D is more modern and used by many modern applications and also components of Windows (even DWM - the window manager that is built-in Windows uses Direct3D). GDI is simpler to use but is a lot more limited in terms of performance and features. But in the end Windows has to remain backwards compatible and thus GDI is here to stay.
damn I was actually researching how to write to the graphics frame buffer so that I could create my own little undetected esp cheat but everywhere I read about it people were saying thats a thing one would do ages ago and that displaying graphics nowadays wouldnt be as easy as just writing pixel color values to a buffer - but here we are. Dope video as always!
INSANE knowlage dude. What will you make next? 2nd place on the most recent vote, windows boot process?
next one will prob be a Linux vid
These videos are gold. Thank you for sharing with us, mr Nir!
One thing that has always puzzled me is whether total obfuscation of a virtual machine (VM) is possible or if it can still be detected. Some malware can determine if a host is running on bare metal or in a VM, but I’m not sure how they accomplish this. I’ve read that there are methods like checking the Windows registry for certain keys, querying hardware information with tools like dmidecode, and so on. But is it possible to obfuscate a VM to the extent that it is 100% undetectable?
Never in a million years would I suspect microsoft giving debuggung capabilities to the average windows user!
Wouldn't this allow people to try and clean-room decompile the kernal? The debugging symbols would be really useful for that kind of stuff...
dlls have to expose symbol names, u can use that to debug dlls
microsoft is very open with the internals of the windows kernel
@@hye181 joke of the year
@@smallcube-zn2mm It's true & it's not my fault you've never been smart enough to bother looking. There's a whole world outside your Reddit-harvested opinions :)
@@smallcube-zn2mm no they're quite serious, its just the deeper into the kernel you go, the less documented it becomes. but a large amount of it is publicly documented
This is extremely useful to someone wanting to get into Windows RE and research! Great video, clear explanations and no fluff.
@@ThatStella7922 daily reminder that you will never be a w
this guy is just straight to the point and I love it :)
Great video! I used to do this in DOS with assembler. Nothing really new about overwriting the raw bytes drawn to the screen. Today, it's just more complex to do.
this is pretty off topic but here goes
first time i was learning opengl i thought it was pretty stupid but now that i am trying it again with a little more experience, i think it has really nice and logical interface
i don't know why i am writing this in a comment section
maybe beacuse i just want to talk about it with like minded people
If you think OpenGL is nice, you might want to look into Vulkan. It's a bit more verbose but a lot more powerful.
I've been meaning to learn graphics programming for a while. I think im going to start with WGPU though
This is my experience when learning everything
Try something -> quit because it’s hard -> try again and it’s so much easier because I’ve already learned so much
@@commander3494 thats a great choice
and learning web gpu will also be useful in case you want to learn vulkan in the future because the concepts translate well from web gpu to vulkan
@@qvindicator haha
can relate for sure
This is something I've been interested in since the win98 days, though it's a lot more fancy these days.
Some stellar content 👌.
Clear, concise and very interesting.
Wonder how long the reverse engineering session was to make it seem so simple 😃
Thanks for spending more time making the WinDBG commands memorable with mnemonics. One day they'll stick for me!
Not a Windows user anymore , but this was highly informative
Highly gifted programmer
Thank you for this! I like your style of presentation and explaining. Looking forward to another video
I don't know how yt recommended it. Awesome video
the sheer quantity of stuff ive learned from this video ... probably more than any youtube video ive ever seen
Perfect timing! Just when I search infos on this kind of technique! Thanks!
The best Israeli on the planet
I find it funny that they have a kernel-level concept of what a mouse pointer is
The mouse pointer functions over there come from the win32k driver which was part of the move Microsoft did in the second major release of NT - they moved part of the graphical subsystem to the kernel to improve performance, hence the name win32k (win32 kernel part)
I'm loving your videos! I've always thought of Windows internals as closed and impenetrable but you're proving me the opposite
Always informative.
Awesome video man,wish you luck!
Comments so the algo recommends me more of your stuff.
I'm not yet skilled wnough to be at the level of fully dollowing your vids, Its neat knowledge. But when I'll get there I want them.
Algods:
Great video. Very helpful. Loved it. Thank you you helped me so much.
Seriously, I had this problem for 3 months and I just fixed it with it. You can't imagine how much it helped me. I wish more people would see it.
It's criminal you don't have more subscribers.
Should be enough. Love your stuff for real. Cya
Jaw droppingly awesome!
another banger... he can't keep getting away with this
Very cool video! Makes me want to mess around in the windows kernel!
Very intelligent man
Awesome video!!!
Would this be a valid way to realize a desktop warp (and blend) to project the screen onto a curved canvas by reading the current pixel value and putting it somewhere else? or would you rather use a more high-level API? :)
Thanks! The trick I did in the video is very hacky, I wouldn't recommend to build something based on that :) I would start by looking to see if there is a clean existing solution (program/driver) and if not look into a clean solution using an API (for example looking into the available DWM API methods in the win32 docs), but since this is quite a unique use case there is a good chance no API exists (at least in user mode) to facilitate this, and then you could resort to trying to make a more hacky user mode solution (perhaps extending dwm or the user mode graphical driver), or perhaps making a driver to help with this in the kernel
Anyone ever heard about the "happy hacker"? This has the same vibes from my childhood in the 90's 😎
This is really cool low level stuff, where do you learn these things? I wanna know more and get in to doing some cool experiments like this, do you have any resources?
Check out the welcome link on my channel, I maintain a list of suggested learning resources over there
@@nirlichtman thanks 👌
Hey nice video!
i am wondering where the bytes you turned to grey are located, is it the ram or the graphic-ram?
Thanks a lot in advance, always nice to so where problems have their roots, since i had these kind of graphic bugs with my old pc and was wondering what was wrong.
Really interesting video, thank you! Is it possible to do the same regarding some popular display manager and desktop environment on linux just to get a better grasp of it?
who are you? this is good and amazing, we wanto more windbg stuff and windows topics. do you have some private channel or somethingfrom where we can learn, pay for this? Thank you.
Thanks! All my content is free, no private channel :)
Missed you!
This is very useful. Thank you so much.
Love the videos! I assume you have tried the Rust language, what are your opinions on it? Rust videos would be really cool.
actually havent tried Rust yet, but it looks interesting, one of the open source projects I like (ruffle) is written using Rust
@@nirlichtman cool! definitely try it :D
Oh I've encountered graphical bugs where the screen would be totally black unless i move my cursor, in which whatever is in the cursor's path somehow regenerates my wallpaper and other GUI elements. As if I'm 'magic brushing' in the correct colours on my screen.
....and now I have a bit of a deeper clue as to why! Perhaps, some memory space was just zero'd out and I guess it even zero'd out the ones responsible for storing the information of the frame buffer so everything went black, until it gets updated with new information such as having to render a cursor and the shadow effects around said cursor?
The truly impressive thing is how expertly you used WinDbg. That thing is *not* user-friendly. The few times I've had the misfortune of using it, it felt like the sort of thing meant to be used internally within Microsoft to aid in Windows development, and only later did they decide to release it.
Thanks :) right, it's highly geared for internal Microsoft Windows dev and in fact in the kernel debugging tutorial document that comes with the Windows SDK it can clearly be seen in the screenshots that Microsoft uses WinDbg to debug Windows on the source level. And indeed the learning curve is steep at first, but the debugger is very powerful.
Does something like OpenGl go through the same driver?
@@YmanTH-cam yes, that's what "3rd party graphics client" refers to in the graph :)
As far as I understand -it's- the directx kernel subsystem is similar to the "Direct rendering manager" on Linux, in that it manages per-process memory for the GPU and such.
@@leeroyjenkins0 I see, ty for the response.
i love framebuffers
Reminds me of when I was writing VxD for Windows 95 and 98.
Man you so good. Thx for ur videos. Can u advice some books abt understanding windows from zero. Im understand smth in progrmming, but idk low level things in windows
I have learning resource recommendations in the welcome link on my channel
Great video as always!
amazing video
In case i'm running a game that's using Vulkan api instead of directx (i suppose the correct name should be direct3D), will everything be handled anyway by the directx kernel subsystem in the lower level?
This makes me want to try windbg too. Looks like an excellent debugger when my win32 code breaks
Kinda insane you can just write to the frame buffer directly. Would be fun if you could do that directly inside the OS
Hey Nir!
I feel like its a good intro for a video about WINE 👀
That's a good point! cool to see you in the comments section Tom :)
That's awesome. Has Windows always allowed you to debug it just willy-nilly like that? Maybe you could make a video on patching it, to either alter functionality or to legitimately fix bugs. It'd be cooler still if we had access to the source, but back when I was a kid we'd patch commercial applications when they had bugs and think nothing of it, so why not.
Can you make a video showing how to debug Linux using a serial port?
@@montyoso there is already check the video that explains how the printf function works on linux in the channel
How to acquire this much power?
like your videos, easy to understand!
can this be used to make gaming on linux a thing?
Very nice
Could you do something similar and trace how the graphics stack works on Linux? I think there's a huge value in seeing how to do this kernel debug tracing and how to set up all the tools to analyze that for Linux. Thanks!
Sorry - I just noticed that you already have something similar with the dynamically debugging linux kernel :P
it felt like i was freed from a cage of not knowing how to write directly to framebuffer after 20 years of confinement.
Amazing
Windows (3, NT 3.51, WIN2000, 95, 98, XP) sourcecodes are available, lots of stuff (info) in there too.
Yah the leaks are indeed a very interesting source of information, also ReactOS source is helpful at times
עוקב אחריך תקופה, אחלה סרטונים~!
@@Blue-bb9ro חייב להסכים
מעריך!
Very interesting stuff.
Microsoft documentation is broad to read through cause of other requirements needed for implementing software development.
just curious. why do you use windows as host OS and not a linux distro?
love you content by the way! premium quality
maybe because he wants to be able to run Premiere for video editing or doesnt want to have trouble with anti cheat in games. Or he had a bad experience with an Nvidia gpu in Wayland. But most likely because WinDbg is a windows program, and debugging a windows kernel is easier with a windows host. Anyhow let's leave the tribalism aside. He can use whatever he wants, even TempleOS.
I have 1 small question. Why didn't windows immediately refresh the screen with new content even after you wrote the fb with white and grey data. I thought that it followed the swap chain method, where the backbuffer gets switched and becomes the front buffer, erasing all the custom content you just wrote.
Windows UI code doesn't work in the same way as games do. It tries to only refresh parts of framebuffer which actually have some changes. For performance reasons. This approach does not work with 2 buffers.
@@rohitjacob803 A typical desktop application (including the desktop environment itself) doesn't change much if no user input is involved.
Think: An uncompressed screenshot of my computer's desktop (same aspect ratio) is open on your device. If you touch nothing, will you be able to distinguish it from a real running os? Now let's say that you moved your mouse, this invalidates the pixels that correspond with previous/next mouse positions. Nothing really changed beside those few pixels, so why bother rerendering the whole UI again.
This concept in graphics programming is called damage and is often used in event-driven desktop applications.
How does this work on macOS?
Where does the debug info come from?
From pdb files which are automatically fetched by WinDbg from Microsoft's public symbols server (the default WinDbg symbol path config has Microsoft's server as part of the search), the server contains symbols for many Windows components and versions to assist debugging.
Wow, that's awesome.
When you said "win d b g", I immediately get reminded of a video by MattKC about porting housands of apps to windows 95 and his awful struggle with windbg, which lead him to pronounce it as "win dbg" (not even "debug", just pronounced as "dbg" in the most awkward way possible)
It was so funny tho, and hope windbg isn't that bad today?
In my opinion windbg is a very good debugger, it is very powerful and rich :)
love your content
have you tried ghidra with windbg
Haven't tried it with windbg, but I have a little bit with Cutter (it's one of the decompiler options)
the kernel doing the graphics is a bit cursed in my opinion, but windows is a GUI only operating system anyway so idk if that's a actually a problem or not
interestingly on the first release of Windows NT they had a lot of the graphical handling in user mode as part of the win32 subsystem, on the next major release they pushed it down to the kernel for performance reasons and called the kernel part win32k - the kernel side of the win32 subsystem
You'd think that by now the driver would just run on the GPU directly.
Wow, didn't know there's debugging for windows itself
bro casually started debugging windows kernel 🥶
Based on this experiment it looks like the GUI isn’t redrawn completely each frame, only the “dirty” region.
not an expert on this by any means, but that method was very popular when windows was just starting to take hold in the days of ms-dos, since graphics were usually cpu driven on very slow (by modern standards at least) single core cpu's. the bandwidth to copy around entire windowfuls at a time just wasn't there to keep up a speedy pace, so only the changes were ever written to screen
@@RatcheT2497 it’s the difference between an immediate mode and retained mode graphical user interfaces
@@BudgiePanic i feel like boiling winapi down ti a retained mode user interface isn't quite enough given how weird using it can feel. it's event driven more than anything else, including repaints, though i'm nowhere near clear on the theory behind everything
we want more videos
🔥🔥🔥
Please try to debug windows on Rasbperry Pi 4 as it will be ARM64 flavour of windows
very cool
Nice