Write Sign in

OS internals

Operating systems from the low-level engineer viewpoint

Kernel/user boundary, executable loading, memory, security, drivers, and platform differences across Windows, Linux, and macOS.

Core internals

Windows / Linux / macOS

Kernel and User Mode Boundary

How CPU privilege, syscalls, traps, exceptions, address spaces, handles, descriptors, and schedulers separate application code from kernel authority.

Privilege levelsSystem callsInterrupts and exceptionsContext switchingProcess and thread objectsVirtual memory mapsKernel/user address splitABI entry stubs
Windows PE loader / Linux ELF loader / macOS dyld

Memory, Loaders, and Executable Startup

Program startup from executable mapping through dynamic linker work, relocations, TLS, runtime initialization, and entry-point transfer.

Virtual memoryPage permissionsImage mappingRelocationsDynamic linkingTLSCRT startupASLR and PIEImport/export binding
Windows / Linux / macOS

Low-Level Security Models

Security from the low-level engineer viewpoint: permissions, tokens, capabilities, sandboxing, code signing, exploit mitigations, and kernel hardening.

Access tokens and usersCapabilities and privilegesCode signingSandboxingDEP/NXASLRCFG/CET/PACSyscall filteringKernel attack surface
Windows Driver Model / Linux kernel modules / macOS IOKit/DriverKit

Drivers, IO, and Device Boundaries

Device access, IO queues, kernel modules, driver models, DMA risk, user/kernel buffers, and practical debugging boundaries.

Driver modelDevice files and handlesIOCTLDMA and memory safetyInterrupt handlingKernel loggingDriver signingDebug symbols

Windows

Win64 ABI, PE/COFF, SEH, PDB, ETW, WinDbg, NT boundary, drivers later.

Read PE headersUnderstand shadow spaceTrace a crash in WinDbgCall MASM from C++

Linux

ELF, System V ABI, syscalls, signals, ptrace, perf, kernel entry, eBPF edges.

Write syscall assemblyRead ELF relocationsProfile a loop with perfTrace syscalls with strace

macOS

Mach-O, dyld, LLDB, Apple ARM64/x86-64 ABI, universal binaries, Instruments.

Read Mach-O load commandsDebug with LLDBInspect dyld symbolsBuild universal objects