Behind the Code: An Interview with Pavel Yosifovich

Any low-level work requires a very good understanding of the platform you're developing for. Otherwise, your code would be inefficient at best, and buggy at worst. With kernel-mode work, this is even more important, since bad coding can crash the system. If there is a pattern, it is a deep understanding of computing fundamentals in general, and the specific platform in particular.

Once a significant change was made in 2012 (with Windows 8 coming out), Microsoft started supporting C++ to be used in kernel mode, and provided better tooling support by integrating kernel development into Visual Studio. C++ allows better handling of resources (especially the so-called RAII idiom), while Visual Studio provides a first-class development experience. Before 2012, the official way of working was with C only, using the command line to build, jumping from command window to editor, etc. - very unfriendly.

I think it's the required depth and computer organization understanding that many people just string out with software development. Many go with very high-level languages, like Python or JavaScript, that hide so much from the developer that they lose sight of what's actually going on underneath. This works well enough for most (but not all) of what Python or JS are used for, but it doesn't work for low-level development of any kind. The short attention span of younger people in this age of instant gratification makes it so much easier to go with the higher-level languages.

For kernel-mode development, even knowing C is not enough. It's important to understand how the OS works, how processes, caches, and memory work - the foundations of computing. When I teach, I always emphasize the foundations, without which nothing can be truly learned on a deep level.

There is a trend that's growing to move to "memory safe" languages, especially Rust. C is purely unsafe. C++ is better, but even C++ can be abused or misused. Most of the Windows and Linux kernels are still written in C - it should have been C++ to improve memory safety. Rust brings something totally new to the table - memory and threading safety at compile time! No other language can offer that, at least not one that has a garbage collector. I believe this trend will continue (there is already Rust in Windows and Linux kernels). Of course, this will only work well if Microsoft (for Windows) adds good tooling and library support to use Rust, because at the end of the day, CPUs are unsafe. To access actual hardware facilities, unsafe Rust is needed, and if there are no proper safe wrappers, we are back to square one.

Personally, I'm excited about Rust and its ecosystem and tooling that brings a breath of fresh air to the convoluted world which is C++.

I can't say for sure, I am not familiar with all developers :) I would say that Section objects (Memory Mapped Files) are underutilized, even though it's one of the best features in Windows. Also, the power of the Component Object Model (COM) is not used enough; I see lots of developers and researchers being "scared" of this technology. But just like with everything, once you understand it, it's no longer scary.

Focus on the foundations. Processes, threads, memory, DLLs, etc., should be the main initial focus. With good foundations, you can learn anything. Learn by doing - it's not enough to read a book or watch a video. Lastly, teach someone else what you have learned. If you can't do that in a simple-enough manner, you may not understand the material well enough.

Probably the founding of trainsec.net, allowing me to reach a broader audience for teaching compared to in-person training. I'm also proud of co-writing the "Windows Internals, 7th ed, Part 1", and making it (hopefully) more readable than earlier editions.

If you're looking to hire top-tier Windows Kernel talent, explore job opportunities, or participate in our Behind the Code series, we'd love to hear from you! Reach out via email alexf@oho.us or message him on LinkedIn @AlexFord .