Kicking off a 4-part deep dive into AFD.sys on Windows 11: crafting a raw TCP socket, performing the TCP handshake, sending & receiving TCP packets - everything without Winsock.
Part 1: https://leftarcode.com/posts/afd-reverse-engineering-part1/
Part 2: https://leftarcode.com/posts/afd-reverse-engineering-part2/
Part 3: https://leftarcode.com/posts/afd-reverse-engineering-part3/
Part 4: https://leftarcode.com/posts/afd-reverse-engineering-part4/
