Cloud IAP and its role in zero-trust

At Google Cloud, we run a series of Cloud Summits each year. A Cloud Summit is essentially a mini-version of Cloud NEXT – it lasts one day, features multiple tracks of technical sessions, and is usually held in a location where there is plenty of space for booths where customers can ask questions. One question that we frequently get at the Ask an Architect or Ask the Expert booth is about Cloud Identity-Aware Proxy - what is it for, how does it work, and how to use it?…

Read more »

Relaunching the blog

Posted on

A bit over 12 years ago I started this blog to write about Windows development. Back then, I spent the majority of both my free time and time at work developing Win32 and COM-based software and I was just starting to tip my toes into Kernel-mode development. One year later, in 2008, I begun working on my master’s thesis on function boundary tracing in the Windows kernel, which led to posts about runtime code modification on IA-32, Hotpatching, Detours, NTrace, and other fun stuff.…

Read more »

Articles I recently published on the Google Cloud website

Posted on

A key part of my job as Solutions Architect at Google Cloud is to work with customers to identify and capture best practices and to turn these into public documentation. Over the past six months, I have published the following guides: Federating Google Cloud Platform with Azure AD These articles describes how you can extend an existing Microsoft Azure Active Directory based identity management solution to Google Cloud Platform (GCP) to establish consistent authentication and authorization mechanisms in a hybrid computing environment.…

Read more »

Creating a PowerShell script that can install itself as module

Posted on

Powershell advanced functions are a lightweight, yet pretty powerful way to extend the set of commands available in a Powershell sessions. Advanced functions look and feel almost exactly like proper cmdlets, but they are written in Powershell and therefore quick to develop. By default, advanced functions are ephemeral though: If you run a script containing an advanced function, that function is going to be available for the rest of the Powershell session – after that, it is gone.…

Read more »

Articles I recently published on the Google Cloud website

Posted on

A key part of my job as Solutions Architect at Google Cloud is to work with customers to identify and capture best practices and to turn these into public documentation. Over the past six months, I have published the following guides: Federating Google Cloud Platform with Active Directory This three-part series discusses how to extend an existing Active Directory based identity management solution to Google Cloud Platform (GCP) to establish consistent authentication and authorization mechanisms in a hybrid computing environment.…

Read more »

Runtime Code Modification Explained, Part 4: Keeping Execution Flow Intact

Posted on

Concurrent Execution A typical user mode process on a Windows system can be expected to have more than one thread. In addition to user threads, the Windows kernel employs a number of system threads. Given the presence of multiple threads, it is likely that whenever a code modification is performed, more than one thread is affected, i.e. more than one thread is sooner or later going to execute the modified code sequence.…

Read more »

Runtime Code Modification Explained, Part 3: Cross-Modifying Code and Atomicity

Posted on

Performing modifications on existing code is a technique commonly encountered among instrumentation solutions such as DTrace. Assuming a multiprocessor machine, altering code brings up the challenge of properly synchronizing such activity among processors. As stated before, IA-32/Intel64 allows code to be modified in the same manner as data. Whether modifying data is an atomic operation or not, depends on the size of the operand. If the total number of bytes to be modified is less than 8 and the target address adheres to certain alignment requirements, current IA-32 processors guarantee atomicity of the write operation.…

Read more »

Runtime Code Modification Explained, Part 2: Cache Coherency Issues

Instrumentation of a routine may comprise multiple steps. As an example, a trampoline may need to be generated or updated, followed by a modification on the original routine, which may include updatating or replacing a branch instruction to point to the trampoline. In such cases, it is essential for maintaining consistency that the code changes take effect in a specific order. Otherwise, if the branch was written before the trampoline code has been stored, the branch would temporarily point to uninitialized memory.…

Read more »

Runtime Code Modification Explained, Part 1: Dealing With Memory

Runtime code modification, of self modifying code as it is often referred to, has been used for decades – to implement JITters, writing highly optimized algorithms, or to do all kinds of interesting stuff. Using runtime code modification code has never been really easy – it requires a solid understanding of machine code and it is straightforward to screw up. What’s not so well known, however, is that writing such code has actually become harder over the last years, at least on the IA-32 platform: Comparing the 486 and current Core architectures, it becomes obvious that Intel, in order to allow more advanced CPU-interal optimizations, has actually lessened certain gauarantees made by the CPU, which in turn requires the programmer to pay more attection to certain details.…

Read more »

Windows Hotpatching: A Walkthrough

Posted on

As discussed in the last post, Windows 2003 SP1 introduced a technology known as Hotpatching. An integral part of this technology is Hotpatching, which refers to the process of applying an updated on the fly by using runtime code modification techniques. Although Hotpatching has caught a bit of attention, suprisingly little information has been published about its inner workings. As the technology is patented, however, there is quite a bit of information that can be obtained by reading the patent description.…

Read more »