Most Viewed in March 2021

This site had 21,706 visits in March 2021 from 15,217 unique visitors.

As explained in the general notes on What’s Hot? my presentation of statistics stopped in 2017, having got complicated when the site’s hosting service enabled HTTPS and separated the statistics according to whether pages were accessed with HTTPS or plain old HTTP. As a side-effect of revising the site’s scripts and stylesheets in early 2021, I noticed that the hosting service now provides for automated redirection of HTTP to HTTPS such that all access shows in the HTTPS logs. Collection of a statistical summary is relatively easy again—and so here it is.

Especially gratifying is that very nearly at the top is a page from 1999 (and much lower down is one from so long ago that it was originally a Word document). Sometimes, readers tell me that some page I wrote in 2009 for 32-bit Windows Vista needs “correction” for 64-bit Windows (perhaps fair enough) or for all the changes in the many years since. Often, the topic still has so little written about it on the Internet that my old write-up is all the reader finds, and I can only disappoint them that I haven’t looked at the page in all that time and don’t plan to ever again, mostly for having spent the decade wondering why I ever did this work that seems to have done no good for anyone. Here, by contrast, is a much older page that I’m always happy to be reminded of.

Also gratifying is that my two laboured and still unfinished write-ups on driver signing are both comfortably above the arbitrary cut-off of 100 views per month. That both were slow to get there is in large part why they are still unfinished. For many months after I wrote them in 2018, quick peeks through the logs showed dismayingly few readers. Both are chock-full of driver-signing details that I believe were individually new to the Internet at the time and certainly were new as a collection in one place. At the time, asking Google about pages that name CustomKernelSigners turned up only very few matches. Curiously, asking now gets many more references, but more to a hacker’s repository on GitHub than to my write-up. I really am doing this stuff all wrong, aren’t I?

The list below is of document pages that were each viewed at least 100 times in the month. The faded titles are just index pages which I presume are viewed only or mainly on the way to others, especially while moving from one Table of Contents (TOC) to another. One of those index pages is just the skimpiest of placeholders, pending my writing an introduction, which I likely never will get round to. The TOCs are omitted entirely, as is the banner page, since none of these are meant to be seen independently of a document page.

Rank Page Visits
1 Geoff Chappell, Software Analyst 4,432
2 Kernel32 Functions 985
3 Kernel-Mode Windows 974
4 AOL Exploits Bug in Own Software (AIM) 820
5 Licensed Memory in 32-Bit Windows Vista 809
6 NTDLL Exports 672
7 The Windows Explorer Command Line 588
8 PEB 495
9 Win32 Programming 485
10 The Kernel-Power Event Provider 483
11 ZwQuerySystemInformation 448
12 EPROCESS 425
13 SYSTEM_INFORMATION_CLASS 375
14 Native API Functions 338
15 Back Doors for Cross-Signed Drivers 337
15 SYSTEM_PROCESS_INFORMATION 337
17 Windows Kernel Exports 331
18 NTDLL 328
19 BCD Elements 297
20 Microsoft Visual C++ 291
21 Notes 290
21 KUSER_SHARED_DATA 290
23 TEB 288
24 Kernel Versions 275
25 Shell 270
25 Boot Options: nx 270
27 Netwtw06 Driver Spams System Event Log 256
28 SYSTEM_HANDLE_INFORMATION 240
29 Boot Configuration Data (BCD) 238
30 Edit Boot Options in Windows Vista 236
31 LDR_DATA_TABLE_ENTRY 227
32 SHELL32 Functions 224
33 About This Site 208
34 What’s New? 207
35 WND 206
36 The Boot Status Data Log 201
37 ADVAPI32 Functions 200
38 HAL Versions 198
39 NtTraceControl 186
40 Licensed Driver Signing in Windows 10 180
41 SYSTEM_HANDLE_TABLE_ENTRY_INFO 177
42 KERNELBASE Functions 174
43 The Service Control Manager Event Provider 173
44 BCD Objects 172
44 Internet Explorer 172
46 Boot Options: detecthal 170
47 Advanced Boot Options Menu in Windows Vista 163
48 The API Set Schema 162
49 RtlInitUnicodeString 158
50 SVCHOST 151
51 NTDLL Versions 145
52 KERNEL32 Versions 139
53 KPCR 137
54 PEB_LDR_DATA 136
55 Consultation 134
56 THREADINFOCLASS 133
56 The Microsoft Visual C++ Linker 133
58 Feedback 129
59 Windows Diagnostics Infrastructure 128
60 KTHREAD 125
60 The AARD Code 125
62 Feature Control in Internet Explorer 124
62 URLMON Functions 124
62 Predefined C++ Types 124
65 The First Run Page in Internet Explorer 120
65 Strange Things LINK Knows About 80x86 Processors 120
67 SYSTEM_THREAD_INFORMATION 119
67 Windows API Sets 119
69 ADVAPI32 117
70 API Sets Added for Windows 10 116
71 Software Analysis by Reverse Engineering 114
72 The Shell Core Provider 112
72 Boot Options: numproc 112
74 KPRCB (amd64) 109
75 Event Tracing for Windows 108
76 THREADINFO 107
77 Disable Global Hot Keys 106
77 The Kernel Shim Engine 106
79 The CPUID Instruction 102
80 RtlGetNtVersionNumbers 101
80 Terms of Use 101
82 KPROCESS 100