Windows 8 Internals

This page is dedicated to hacking, breaking, reversing, exploiting, and fixing Windows 8.

Disclaimer: The content in this website could be malicous. By no means is this a page dedicated to the destruction and disruption of other people's time or systems. This website is educational only, and the findings (if a risk to Windows 8 users) WILL be reported to Microsoft to improve security in Windows 8 and future versions of Windows.

Contact info:


The good stuff:

Windows 8 internal headers extracted from PDB files:

(pdb->header converter lacks custom variable and union support [coming very soon])

Last updated: 18/01/2012

Windows 8 KiServiceTable:

One interesting difference is that on Windows 8, the symbol is KiServiceTable and not _KiServiceTable.


Interesting 'New' Functions in ntoskrnl (x64):

Two new KiSystemCall() functions have come up, namely KiSystemCall32() and KiSystemCall64().

Also, there is no longer a _KiSystemService(), but a 'suite' of KiSystemServiceXXX() routines. Where XXX is one of the following: Handler, Start, Repeat, GdiTebAccess, CopyStart, CopyEnd, or Exit.