There are a number of text conventions used throughout this book.
CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "One of these techniques is by using NtGlobalFlag."
A block of code is set as follows:
mov qword ptr [rsp+8],rcx
mov qword ptr [rsp+10h],rdx
mov qword ptr [rsp+18h],r8
mov qword ptr [rsp+20h],r9
sub rsp,30h
mov rcx,qword ptr gs:[20h]
add rcx,120h
call nt!RtlCaptureContext
Any command-line input or output is written as follows:
.shell -ci "uf /c nt!IopLoadDriver" grep -B 1 -i "call.*ptr \[.*h"
Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "It can be restored by selecting the View | Graph Overview option."