Covert Kernel/User Communication Channels on Windows: Rootkits, Game Cheats, and Detection

A modern Windows kernel-assisted threat is rarely a single user-mode module doing all the work. It is a stack: a user-mode controller, a kernel-mode component loaded through a vulnerable-driver cha...

Jun 10, 2026 Windows Internals, Anti-Cheat, Malware Analysis

About ETW Internals: Architecture, Hooking, Tampering, and Detection

Event Tracing for Windows is the telemetry fabric behind a large part of modern Windows security work. EDRs, anti-cheats, forensic tools, WPR, Sysmon-adjacent pipelines, and many Microsoft componen...

Jun 3, 2026 Windows Internals, Anti-Cheat

About Hiding on Windows: DKOM, Injection, BYOVD, and Cross-View Detection

Hiding on Windows is not a single technique. It is the practice of selectively erasing — or lying about — the existence of a process, thread, DLL, driver, callback registration, or executable memor...

May 24, 2026 Windows Internals, Anti-Cheat

About PCIe DMA Cheats: Protocol, IOMMU, Hardware, and Detection

External DMA cheats are the hardest game-cheating threat to defend against, because the cheat code does not live on the machine running the game. The “victim” PC sees only a passive-looking PCIe en...

May 21, 2026 Windows Internals, Anti-Cheat

About Kernel Segment Heap

Target audience: Windows kernel security researchers, anti-cheat developers, kernel driver developers Reference environment: Windows 10 19H1 (1903) ~ Windows 11 (x64) Sources: BlackHat USA 20...

May 19, 2026 Windows Internals, Kernel Security

Hello World

Welcome This is the first post on Kernullist’s Blog. I’ll be writing about security research, game engine internals, reverse engineering, and whatever else catches my attention. Stay tuned.

May 19, 2026 General