Summary
If you need to know what Microsoft changed between Windows builds,new syscalls, mitigation flags, kernel callbacks, ETW providers,this skill runs WinDiff's CLI to diff the binaries and then actually interprets the results. It doesn't just dump symbol lists. It explains what new MitigationFlags2Values bits do, which EtwTi channels appeared, whether ci.dll or win32k got new lockdown surface. The workflow generates databases for both versions, diffs ntoskrnl/ntdll/win32k/ci.dll, and frames findings for EDR developers (new telemetry hooks), anti-cheat teams (PPL changes), and vuln researchers (attack surface deltas). The scripts handle the noisy parts like anonymous struct renaming and syscall renumbering so you can focus on what the changes mean for security posture.
Install to Claude Code
npx -y skills add ergrelet/windiff --skill windiff-version-diff-analysis --agent claude-codeInstalls into .claude/skills of the current project.
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →Files
SKILL.md
Select a file.
Featured
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →
