Most Viewed in September 2022

This site had 24,560 visits in September 2022 from 16,317 unique visitors.

The list below is of document pages that were each viewed at least 100 times in the month. Ranks in parentheses are from August 2022. Faded titles are just index pages which I presume are viewed only or mainly on the way to others, especially while moving from one Table of Contents (TOC) to another. One of those index pages is just the skimpiest of placeholders, pending my writing an introduction, which I likely never will get round to. The TOCs are omitted entirely, as is the banner page, since none of these are meant to be seen independently of a document page.

I never know what to make of an old, old page suddenly getting hundreds of readers. When my write-up of a kernel-mode driver from the Stuxnet worm was new in October 2010, it got only 224 views that month and 107 the next. This month, out of the blue, it gets 638! Of course I’m happy to be reminded of it. I’m even quite proud of the write-up. It was by my possibly misguided estimation easily the most detailed of any public write-up of anything about Stuxnet at the time. Do not miss the irony, though, that it would not even have helped get me employed as a security researcher.

Actual joy this month comes from seeing 542 visits to one of my 2018 write-ups about the remaining capability for using one’s own kernel-mode drivers on one’s own computers without having to get them signed by Microsoft. Again, this is easily the Internet’s most detailed analysis of its subject. The joy is that it finally overtakes the decades-old write-up about getting 32-bit Windows to use memory above 4GB. One has been creeping up in readership as the other’s has been falling (surprisingly slowly).

This month’s statistics have an example of a difficulty presented by moving a popular page. I make no secret of not much liking that catalogue pages and others of no distinction are among the site’s most read, but in no way do I regret the catalogue of what the kernel may write to the event log about power management. Even for my own purposes, even just as a computer user, I find this catalogue useful—enough that last month I gave it an updating and revision. But I also moved it. The 323 visits shown below are for its new location. There were also 319 visits to the old location, but how many of those got the old page (before the new was uploaded) and how many got redirected to the new?

Rank Page Visits
1 (1) Geoff Chappell, Software Analyst 3,713
2 (3) NTDLL Exports 1,254
3 (4) PEB 1,051
4 (2) Kernel32 Functions 1,046
5 (12) TEB 948
6 (5) Kernel-Mode Windows 886
7 (30) SYSTEM_HANDLE_INFORMATION 736
8 (18) EPROCESS 715
9 (34) SYSTEM_HANDLE_TABLE_ENTRY_INFO 685
10 (14) BitLocker Policy Settings 653
11 (9) The Windows Explorer Command Line 638
11   The MRXCLS.SYS Malware Loader 638
13 (21) BCD Elements 593
14 (7) ZwQuerySystemInformation 574
15 (17) Back Doors for Cross-Signed Drivers 542
16 (8) Win32 Programming 538
17 (6) NTDLL 530
18 (15) Licensed Memory in 32-Bit Windows Vista 518
19 (9) Native API Functions 459
20 (11) SYSTEM_INFORMATION_CLASS 458
21 (20) LDR_DATA_TABLE_ENTRY 409
22 (23) Kernel Versions 401
23 (16) SYSTEM_PROCESS_INFORMATION 391
24 (19) KUSER_SHARED_DATA 342
25 (32) ADVAPI32 Functions 324
26 (13) The Kernel-Power Event Provider 323
27 (28) Shell 282
28 (28) About This Site 265
29 (25) Notes 263
30 (24) Windows Kernel Exports 256
31 (31) PEB_LDR_DATA 255
32 (74) Disable Global Hot Keys 246
33 (27) Microsoft Visual C++ 243
34 (37) SVCHOST 238
35 (39) Edit Boot Options in Windows Vista 227
36 (25) Feedback 220
37 (22) THREADINFOCLASS 215
38 (40) KTHREAD 214
39 (38) SHELL32 Functions 206
40 (68) The Service Control Manager Event Provider 201
41 (49) KPROCESS 193
41 (47) Boot Configuration Data (BCD) 193
43 (42) BCD Objects 190
44 (33) What's New? 188
45   RtlSetProcessIsCritical 175
46 (36) The API Set Schema 172
47 (52) Boot Options: nx 169
48 (44) KPCR 168
49 (61) HAL Versions 163
50   HANDLEENTRY 162
51 (50) Internet Explorer 159
52 (40) Consultation 155
52 (56) Software Analysis by Reverse Engineering 155
54 (35) iPod Support Service 153
54 (46) RTL_PROCESS_MODULE_INFORMATION 153
56 (42) Bug Check Codes 150
57   NTDLL Versions 149
58 (53) ETHREAD 145
59 (75) Advanced Boot Options Menu in Windows Vista 141
60 (47) KPRCB (amd64) 136
61 (75) Boot Options: detecthal 135
62 (51) Licensed Driver Signing in Windows 10 134
63 (57) KERNEL32 Versions 133
64   RTL_USER_PROCESS_PARAMETERS 132
65 (63) Terms of Use 130
66   The Boot Status Data Log 128
67 (44) KERNELBASE Functions 125
68 (57) RtlInitUnicodeString 123
69 (70) SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX 118
70 (55) The Microsoft Visual C++ Linker 115
71   WND 114
72 (60) NtTraceControl 111
73 (65) Browsing Guide 109
74 (79) Boot Options: numproc 108
75 (75) SYSTEM_BASIC_INFORMATION 106
76   KPRCB 103
77 (69) RtlGetNtVersionNumbers 102