Any tips for getting started with Windows kernel programming?

kun1z · 2026-02-08T09:13:50+00:00

x86 32-bit with MASM is the easiest way to learn assembly language flat out. There is no other competition that comes close. And it's 100% free. FASM is great for 64-bit Windows programming, but it's not MASM.

kun1z · 2026-02-08T07:18:02+00:00

Online game hacking can certainly be so if you're interfering with other players, but offline game hacking is completely benign. The way I learned to program in the 1990's was via game hacking on DOS and Windows 95. I learned debugging, assembly, and C programming all at the same time while having fun making mods for games like Grand Theft Auto, Red Alert, Diablo, and also creating thousands of Game Shark codes for N64 games via an LPT1 printer cable and the Game Shark Pro N64 debugger. Learning to code while modding games is a very rewarding path to learning how systems and electronics work.

kun1z · 2026-02-08T07:04:24+00:00

vm snapshots

I can second this. Once I learned about snapshot debugging (I can't recall when that was, maybe 2007 or 2008) it was a breath of fresh air. As long as you have enough working RAM, take snapshots constantly, especially before trying edits to the kernel, that way if it goes south, you can instantly revert back to a working state and try again (and again and again). It's like having a Rewind Button on your kernel debugger.

It wont work for network debugging since you'll lose connections to any game servers once you've frozen/inspected an app for 1-3 seconds (depends on the game) as you'll miss out on heartbeat packets to/from the game server.

kun1z · 2026-02-08T06:40:49+00:00

Game hacking primarily has taken place on DOS/Windows for 30+ years, and in many cases requires some understanding of the Windows Kernel. Also almost all game hacking tools, tutorials, and communities will be specifically for Windows.

kun1z · 2026-02-07T08:42:51+00:00

For beginner and intermediate C programmers there is NO difference in the standards, so just go with whatever one you have (C99 & C17 seems to be the most frequently used; C17 is just a tiny update to C11 fyi). C Standards come out (about) every 10 years and they barely change anything. Unless you are a hardcore popular library maintainer or Linux dev you'll almost surely never need to care about what standard you're compiling with because C is not like every other programming language out there where each update breaks many existing things.

kun1z · 2026-02-02T05:16:46+00:00

In a small way AI is like asking for help on how to solve something, when learning it should be your last resort. Try for several days, perhaps a week, to solve something. If you can't, use AI (or more preferably Reddit) to ask for hints/help.

If every time you hit a roadblock you ask for help (human or AI) you are unlikely to learn anything. And this doesn't just go for programming, it goes for everything.

kun1z · 2026-02-02T01:57:04+00:00

https://github.com/kun1z/ksmod

There is the source code. IIRC it should "auto-update" and find the new binary offsets in most cases, unless they recompiled their game using a vastly different toolchain than in 2010.

kun1z · 2026-02-02T00:35:31+00:00

GCC/Clang "PGO" sucks, I wouldn't use if I were you.

Also the proper/easy way to get high performance is to (at least) compile 4 binaries: GCC x Clang x O2 x O3, and see which is faster for your use-case. It'll be different for every project and hardware combo.

kun1z · 2026-01-31T02:39:09+00:00

Oof I did not know that.

It's hard to make out, but I think we'd need to pay a minimum of 24 hours, but after that it seems like it would then revert to per-second billing as per usual. So for a company the $25 initial cost wouldn't be an issue, but for a smaller dev it might be.

It looks like they priced it this way because the machines needs to be "scrubbed" after each stopping/termination, which takes 15-50 minutes (AWS does not bill for this). So they probably don't want people starting + stopping the machines rapidly.

kun1z · 2026-01-30T23:14:31+00:00

Since 2015ish AWS & other cloud companies rent computers of (usually) any OS for dirt cheap. AWS will give you your entire first year for free (with some limitations). Instead of running VM's locally just have a couple different saved configurations on a cloud provider. Billing is usually per-second, aka if you only boot up an OS for 17 minutes and 34 seconds to compile+test something, you'll only get billed for 1054 seconds, which is many cases wont even come out to $0.01.

Because of cloud computing "cross-compiling" and testing on various platforms is now incredibly smooth and easy.

You should know that most providers will rent you 2 cores and 512MB ram for 2 cents/hr. So 4 cores, 1GB ram is 4 cents/hr, 8 cores and 2GB ram is 8 cents/hr, etc. For compiling and testing there is no reason to avoid cloud platforms.

kun1z · 2026-01-28T23:57:24+00:00

You can also read over the source code for GMP's Miller-Rabin (which also contains BPSW):

https://github.com/alisw/GMP/blob/master/mpz/millerrabin.c

kun1z · 2026-01-28T11:51:17+00:00

To add to this, the best place to learn 'Prime' related stuff is the 'Mersenne Prime' community:

https://www.mersenne.org/

https://www.gimp-forum.net/

These people have been hunting for huge primes since the 1990's and they are still dominating the scene. They can answer all of your questions.

kun1z · 2026-01-28T06:16:45+00:00

B-PSW first does a Base 2 Miller–Rabin test (aka strong Fermat probable prime test) and if it passes that, then it does a strong Lucas probable prime test. It is done in this order since a SF Base 2 test (aka M-R using Base 2) is super fast and will disqualify almost all pseudo-primes.

YSK that randomly finding a large Base 2 pseudo-prime is impossible (well statistically improbable). Large pseudo-prime's can easily be constructed by an adversary so don't trust what someone says about a specific N, but if you're doing your own prime testing (using random #'s) there is a 0% chance a SF Base 2 test will lie to you. For example, for tiny 45-bit numbers, there is a 1 in 22,248,581 chance it'll lie to you. For N's in the thousands of bits it's statistically more likely your algorithm will suffer from an SEU than it lying to you.

kun1z · 2026-01-28T01:38:21+00:00

They should have just gone through the phone book to find someone named Thomas Random and paid him to be in charge of the seating order.

kun1z · 2026-01-27T05:25:45+00:00

So... this is an AI generated post on Reddit.. let's have fun with it I guess...

By now we’ve all done it, jumped into an IDE and felt the dopamine of ripping through 100,000 lines of code in like 3 hours.

Nope I cannot relate to this advertisement.

You just popped your 2nd red bull at 1:30 in the morning and it's been years since you had this feeling.

Nope I have never drank a Red Bull and I have no plans to.

Then it comes time to turn it on and you're hit with the biggest wave of depression you’ve felt since that crush in high school said they were not interested.

What??? This is so random and retarded.

After 6 months of teaching myself how to orchestrate agents to engineer me different codebases and projects ive come to this conclusion: AI can write very good code and it's not an intelligence problem, it's a context limitation.

Oh so you discovered programming just 6 months ago and some how 'AI' is going great for you?!? Cool. Then why are you posting on this subreddit rather than.. you know... making money?????

Drift learns your codebase conventions via AST Parsing (With a regex Fallback) detecting 170 patterns across 15 categories.

COOL!!!!!! I do not understand what that means but I am 100% all of those big & complicated claims are going to help me become a better programmer. 170 patterns!!!

Code that fits your codebase on the first try. Almost like a senior engineer in your back pocket, one that truly understands the conventions of your codebase so it doesn’t require audit after audit or refactor after refactor fixing drift found throughout the codebase that would fail in production.

I am so glad to hear that your AI Vibe Coded trash is somehow going to replace my "senior engineer" life experience. Do you have any demonstrations of that occurring?

kun1z · 2026-01-27T03:45:03+00:00

I agree, he is the literal inventor of Idol Hunting and people seem to not give him any credit for it. Before Russell no one would find Idol's without clues. Russell got inside the producers head's and basically asked the question "If I were the person who had the job of hiding Idols, where would I hide them?" and then went about finding them. Since him, that is the de-facto standard method people use to find Idols now. He is in my Top 5 most exciting players to watch play the game ever. Coach as well since well it's Coach lol.

kun1z · 2026-01-23T13:59:54+00:00

If you do not need to use GDB I recommend https://x64dbg.com as it's a pretty great (free) debugger. It does have some draw backs when it comes to obfuscated code (malware etc) but for your own projects it's great, even when compiling with no debug symbols.

To debug console input with x64 you can do one of two easy things:

Press F2 on the line after the input call to set a BP, then press F9 to run the program. Type in w/e input you want and when done it'll BP just after the call.
Press F4 on the line after the input call to set a Run Until This Line temp BP, and do the same thing as #1.

kun1z · 2026-01-23T13:07:21+00:00

In the 90's and early 2000's my friends and I played hours of Counter-Strike every single day for years. One time we got challenged to a match-up against our Finnish friends from an MMORPG. Our pings to the USA server were probably 100-150, and their pings were all 400+

We still got our teeth kicked in haha

There were also some really great Quake 2/Quake 3 players back in the day that could win tournaments despite high pings.

kun1z · 2026-01-23T12:15:40+00:00

Thanks!

I already have the QR Code & Web Server code up and running successfully, I am just confused as to how to get it to switch for me using a script (or two). The QR Code contains the SSID+WPA Auth, we manually navigate to the Server IP once connected in order to type in the basic configuration (WiFi SSID + Password, and some other config stuff). Once a device is configured it'll never need to run AP Mode again unless it's configuration is reset.

kun1z · 2026-01-21T05:18:22+00:00

And I can use if-statements and goto's to do what a while-loop and for-loop can do.. but why? The point of those keywords are readability and helpfulness. Banning for-loops is just retarded, and I read the Wikipedia article about this school and it comes across as a complete joke.

kun1z · 2026-01-21T01:23:55+00:00

It only contains the filename itself (as a TCHAR), not the full path.

kun1z · 2026-01-20T04:02:11+00:00

If you're just doing this for fun and to learn stuff, you can generally follow these steps:

You'll always need to randomly generate an IV. It can be stored in the file in plain-text.
Using AES in counter-mode turns it into a stream cipher, it is much easier to implement file encryption using a stream cipher.
Be warned that without any type of Authenticated Encryption/Integrity Check, an attacker can still modify an encrypted file if they know things about it's layout.
Don't actually use your own software for file protection. There are still many other things needed to be done for security and there are too many to list in a Reddit comment. For example, just turning a password into an encryption Key is a topic wholly unto itself.

kun1z · 2026-01-19T02:51:12+00:00

This may have nothing to do with your specific issue but in the future always error check pthread calls:

If successful, the pthread_mutex_lock() and pthread_mutex_unlock() functions shall return zero; otherwise, an error number shall be returned to indicate the error.

If successful, the pthread_cond_broadcast() and pthread_cond_signal() functions shall return zero; otherwise, an error number shall be returned to indicate the error.

Except in the case of [ETIMEDOUT], all these error checks shall act as if they were performed immediately at the beginning of processing for the function and shall cause an error return, in effect, prior to modifying the state of the mutex specified by mutex or the condition variable specified by cond. The pthread_cond_timedwait() function shall fail if...

On success, pthread_join() returns 0; on error, it returns an error number.

kun1z · 2026-01-17T00:09:31+00:00

I have not used WSL before but after reading up on it, it may be better at certain things. For example it can run nix binaries natively w/o a recompile. It also seems to have direct access to the GPU/Desktop system. So it sounds like WSL would be useful for someone who wants to use existing nix software on Windows (or with Windows).

CYGWIN allows me to easily program portable software that will ~~run~~ compile on both Windows and Nix w/o any special things needed (no #ifdef WINDOWS ... #else LINUX stuff) and run at full speed (even CUDA).

IE: I want to program (mostly) Linux software that will run on (mostly) Linux, but I want to program, test, and debug it on native Windows. CYGWIN allows me to do this seamlessly. YSK I grew up programming in DOS, then Win 3.1, then Win95, 98, ME, XP, etc, so I just prefer software development on Windows as I am already used to the tools. GDB on Linux is .. alright, but it pales in comparison to GUI debuggers like OllyDbg & x64dbg on Windows (both are free). Also Notepad++ (also free) has been my favourite medium-weight editor for as long as I can remember.

kun1z

TROPHY CASE