Most Viewed in March 2021

This site had 21,706 visits in March 2021 from 15,217 unique visitors.

As explained in the general notes on What’s Hot? my presentation of statistics stopped in 2017, having got complicated when the site’s hosting service enabled HTTPS and separated the statistics according to whether pages were accessed with HTTPS or plain old HTTP. As a side-effect of revising the site’s scripts and style sheets in early 2021, I noticed that the hosting service now provides for automated redirection of HTTP to HTTPS such that all access shows in the HTTPS logs. Collection of a statistical summary is relatively easy again—and so here it is.

Especially gratifying is that very nearly at the top is a page from 1999 (and much lower down is one from so long ago that it was originally a Word document). Sometimes, readers tell me that some page I wrote in 2009 for 32-bit Windows Vista needs “correction” for 64-bit Windows (perhaps fair enough) or for all the changes in the many years since. Often, the topic still has so little written about it on the Internet that my old write-up is all the reader finds, and I can only disappoint them that I haven’t looked at the page in all that time and don’t plan to ever again, mostly for having spent the decade wondering why I ever did this work that seems to have done no good for anyone. Here, by contrast, is a much older page that I’m always happy to be reminded of.

Also gratifying is that my two laboured write-ups on driver signing are both comfortably above the arbitrary cut-off of 100 views per month. That both were slow to get there is in large part why one is still a bit rough and the other is still nowhere near to finished. Even in this state, both are chock-full of driver-signing details that I believe were individually new to the Internet at the time and certainly were new as a collection in one place. Yet for many months after I wrote them in 2018, quick peeks through the logs showed dismayingly few readers. Back then, asking Google about pages that name CustomKernelSigners turned up only very few matches. Curiously, asking now gets many more references, but more to a hacker’s repository on GitHub than to my write-up. The hack does cite me for very much older, different work and since it seems to have been developed with little sign of the detail in mine, I can’t say it wasn’t arrived at independently. Still, I really am doing this research and writing all wrong, aren’t I?

The list below is of document pages that were each viewed at least 100 times in the month. The faded titles are just index pages which I presume are viewed only or mainly on the way to others, especially while moving from one Table of Contents (TOC) to another. One of those index pages is just the skimpiest of placeholders, pending my writing an introduction, which I likely never will get round to. The TOCs are omitted entirely, as is the banner page, since none of these are meant to be seen independently of a document page.

Rank Page Visits
1 Geoff Chappell, Software Analyst 4,432
2 Kernel32 Functions 985
3 Kernel-Mode Windows 974
4 AOL Exploits Bug in Own Software (AIM) 820
5 Licensed Memory in 32-Bit Windows Vista 809
6 NTDLL Exports 672
7 The Windows Explorer Command Line 588
8 PEB 495
9 Win32 Programming 485
10 The Kernel-Power Event Provider 483
11 ZwQuerySystemInformation 448
14 Native API Functions 338
15 Back Doors for Cross-Signed Drivers 337
17 Windows Kernel Exports 331
18 NTDLL 328
19 BCD Elements 297
20 ADVAPI32 Functions 295
21 Microsoft Visual C++ 291
22 Notes 290
24 TEB 288
25 Kernel Versions 275
26 Boot Options: nx 270
26 Shell 270
28 Netwtw06 Driver Spams System Event Log 256
30 Boot Configuration Data (BCD) 238
31 Edit Boot Options in Windows Vista 236
33 SHELL32 Functions 224
34 About This Site 208
35 What’s New? 207
36 WND 206
37 The Boot Status Data Log 201
38 HAL Versions 198
39 NtTraceControl 186
40 Licensed Driver Signing in Windows 10 180
42 KERNELBASE Functions 174
43 The Service Control Manager Event Provider 173
44 Internet Explorer 172
44 BCD Objects 172
46 Boot Options: detecthal 170
47 Advanced Boot Options Menu in Windows Vista 163
48 The API Set Schema 162
49 RtlInitUnicodeString 158
50 SVCHOST 151
51 NTDLL Versions 145
52 KERNEL32 Versions 139
53 KPCR 137
55 Consultation 134
56 The Microsoft Visual C++ Linker 133
58 Feedback 129
59 Windows Diagnostics Infrastructure 128
60 KTHREAD 125
60 The AARD Code 125
62 URLMON Functions 124
62 Feature Control in Internet Explorer 124
62 Predefined C++ Types 124
65 The First Run Page in Internet Explorer 120
65 Strange Things LINK Knows About 80x86 Processors 120
67 Windows API Sets 119
69 ADVAPI32 117
70 API Sets Added for Windows 10 116
71 Software Analysis by Reverse Engineering 114
72 Boot Options: numproc 112
72 The Shell Core Provider 112
74 KPRCB (amd64) 109
75 Event Tracing for Windows 108
77 Disable Global Hot Keys 106
77 The Kernel Shim Engine 106
79 The CPUID Instruction 102
80 Terms of Use 101
80 RtlGetNtVersionNumbers 101