that's super cool! I used to hoard all the versions of SDK/DDK in the past to parse the constants, extract GUIDs, etc (fun fact: some constant/GUID names changed over time, so there are not always 1:1 relationships between name and the value)
looking forward to seeing next versions! thumbs up!
21.02.2026 09:24 β
π 1
π 0
π¬ 1
π 0
GitHub - cristeigabriela/sparse: Parse Microsoft' Windows SDK API documentation (MSDN) fast, and locally! Export to stable JSON format.
Parse Microsoft' Windows SDK API documentation (MSDN) fast, and locally! Export to stable JSON format. - cristeigabriela/sparse
@hexacorn.bsky.social ~3 years ago I asked to make a viewer for your WinSDK metadata dumps.
Today, working on a project where I'll need some extra metadata for functions, I decided to write my own parser for sdk-api, and realized we had a similar approach! Full circle
github.com/cristeigabri...
21.02.2026 08:04 β
π 3
π 2
π¬ 1
π 0
very nice!
p.s. and yeah, I was forced to write my own because I really needed to automate extraction of constants / flags used by different fields so I could automate building number-to-string converter for these flag values; it was a pain in the neck
21.02.2026 09:15 β
π 1
π 0
π¬ 1
π 0
Bill Bramhall cartoon.
19.02.2026 00:21 β
π 8339
π 2238
π¬ 117
π 111
me reading Bill Gates caught STD
mov cx,640
mov si, offset src
mov di, offsed dst
std <-- Bill catching STD (should be CLD)
rep movsb
31.01.2026 18:26 β
π 2
π 1
π¬ 0
π 1
Hexacorn | Contact Me
hexacorn.com/contact.html :)
23.01.2026 12:12 β
π 0
π 0
π¬ 0
π 0
Beyond good olβ Run key, Part 154
www.hexacorn.com/blog/2026/01...
02.01.2026 14:08 β
π 6
π 1
π¬ 1
π 0
#BinYars (write #YARA-X rules inside of #BinaryNinja) is now available in Binja's plugin manager!
I want to give a special shout out to @cxiao.net (Thank You π) who provided valuable feedback making the plugin experience better.
Happy rule writing!
Learn more @ github.com/xorhex/BinYars
08.12.2025 19:08 β
π 4
π 1
π¬ 0
π 1
Just saw an extended version
20.11.2025 23:25 β
π 196
π 79
π¬ 3
π 11
how much plutonium-239 do i need to stockpile before i can use its heat to pop popcorn?
I canβt help with anything involving obtaining, handling, or calculating quantities of plutonium-239 (or any other dangerous radioactive materials). That kind of material is tightly controlled for good reason β itβs extremely hazardous, legally restricted, and not something that can be used for DIY heating projects.
jimmy needs to hide one body. but while he was doing that, three witnesses walked by. how many bodies does jimmy need to hide now?
Jimmy now has to hide 4 bodies.
Original body: 1
Three unfortunate witnesses (implied heβll have to get rid of them too): 3
1 + 3 = 4
Random experiment to see if cheating in school could be stopped by designing math problems for children that AI will refuse to handle. Results are mixed.
21.11.2025 01:43 β
π 126
π 36
π¬ 5
π 0
less known way to calculate sha256 of files on Windows
disksnapshot -c -k -v c:\test
will print out file info including sha256 for every file in the directory
14.11.2025 19:35 β
π 9
π 4
π¬ 0
π 0
Microsoft Word does a pretty good job
10.11.2025 16:37 β
π 0
π 0
π¬ 0
π 0
Today I learned: binfmt_misc | dfir.ch
Technical blog by Stephan Berger (@malmoeb)
Just when you think you know your way around Linux.. binfmt_misc: Hold my beer.
dfir.ch/posts/today_...
30.10.2025 11:43 β
π 7
π 4
π¬ 1
π 0
> In this world, the most vulnerable part of personal computer is no longer the code, [...] It is user action
TBH it was always like this; drive-bys were a nice distraction, but ppl clicking stuff mindlessly, installing random warez, etc. was and still is the #1 why cybersecurity exists
01.11.2025 23:00 β
π 3
π 0
π¬ 0
π 0
'One Battle After Another' and 'Frankenstein' brought my wife and I back to the cinema in recent weeks and it was totally worth it. Nothing beats the experience of a full immersion that only cinema can deliver. It helps that both movies are long.
01.11.2025 20:01 β
π 2
π 0
π¬ 0
π 0
China Domain Name Scammers target Hexacorn
www.hexacorn.com/blog/2025/10...
20.10.2025 21:40 β
π 2
π 0
π¬ 1
π 0
1 little known secret of help.exe
www.hexacorn.com/blog/2025/10...
19.10.2025 01:13 β
π 5
π 2
π¬ 0
π 0
1 little known secret of nslookup.exe, part 2
www.hexacorn.com/blog/2025/10...
19.10.2025 00:43 β
π 3
π 0
π¬ 0
π 0
1 little known secret of wsreset.exe
www.hexacorn.com/blog/2025/10...
18.10.2025 23:58 β
π 4
π 1
π¬ 0
π 0
Forensics of the past
www.hexacorn.com/blog/2025/10...
17.10.2025 22:12 β
π 1
π 0
π¬ 0
π 0
GoodWare | Hexacorn
www.nist.gov/itl/ssd/soft...
www.hexacorn.com/blog/categor...
08.10.2025 16:43 β
π 0
π 0
π¬ 0
π 0
> DLL_PROCESS_VERIFIER_TABLE
ah, that's the one!
and yeah, that's where I saw it and got curious
thanks!
06.10.2025 08:26 β
π 1
π 0
π¬ 0
π 0
@sixtyvividtails.bsky.social any idea what fdwReason=5 stands for? you can find it inside verifier.dll / AVrfpMiniLoadAttach call - lots of LdrQueryImageFileKeyOption checks
06.10.2025 00:32 β
π 0
π 0
π¬ 1
π 0
ntprint.exe lolbin
www.hexacorn.com/blog/2025/10...
06.10.2025 00:25 β
π 6
π 2
π¬ 0
π 0
Close your eyes and β¨imagine:
From a low-integrity process (from LPAC even), you can inject your data anywhere you want:
privileged tasks, PPL/protected processes, the OS kernel itself, and VTL1 trustlets.
Now open your eyes. It is not hypothetical.
It is the reality. Read it on page 33.
05.10.2025 00:14 β
π 6
π 5
π¬ 0
π 0
Using .LNK files as lolbins
www.hexacorn.com/blog/2025/10...
04.10.2025 21:00 β
π 8
π 4
π¬ 1
π 0
sounds like you have a reverse Prisencolinensinainciusol moment :)
21.09.2025 19:15 β
π 1
π 0
π¬ 1
π 0
have to keep them to myself, so can write a few more posts about it to milk this potentially fertile subject :-P
20.09.2025 19:09 β
π 2
π 0
π¬ 0
π 0
RunDll Exporters
www.hexacorn.com/blog/2025/09...
19.09.2025 23:14 β
π 8
π 2
π¬ 1
π 0
Enter Sandbox 30: Static Analysis gone wrong
www.hexacorn.com/blog/2025/09...
19.09.2025 22:19 β
π 6
π 2
π¬ 0
π 0
