Explore the full ebook collection and download it now at textbookfull.

com

Windows Security Internals 1 / converted Edition

James Forshaw

https://textbookfull.com/product/windows-security-
internals-1-converted-edition-james-forshaw/

OR CLICK HERE

DOWLOAD EBOOK

Browse and Get More Ebook Downloads Instantly at https://textbookfull.com

Click here to visit textbookfull.com and download textbook now
 Your digital treasures (PDF, ePub, MOBI) await
Download instantly and pick your perfect format...

Read anywhere, anytime, on any device!

Windows Security Internals: A Deep Dive into Windows

Authentication, Authorization, and Auditing 1 / converted
Edition James Forshaw
https://textbookfull.com/product/windows-security-internals-a-deep-
dive-into-windows-authentication-authorization-and-
auditing-1-converted-edition-james-forshaw/
textbookfull.com

Windows Security Internals - A Deep Dive into Windows

Authentication, Authorization, and Auditing (for True
Epub) 1st Edition James Forshaw
https://textbookfull.com/product/windows-security-internals-a-deep-
dive-into-windows-authentication-authorization-and-auditing-for-true-
epub-1st-edition-james-forshaw/
textbookfull.com

Windows Internals Part 1 7th Edition Pavel Yosifovich

https://textbookfull.com/product/windows-internals-part-1-7th-edition-
pavel-yosifovich/

textbookfull.com

Windows Internals Part 2 Developer Reference 7th Edition

Russinovich

https://textbookfull.com/product/windows-internals-part-2-developer-
reference-7th-edition-russinovich/

textbookfull.com
Mastering Cloud Security Posture Management (CSPM) 1 /
converted Edition Qamar Nomani

https://textbookfull.com/product/mastering-cloud-security-posture-
management-cspm-1-converted-edition-qamar-nomani/

textbookfull.com

Attacking Network Protocols A Hacker s Guide to Capture

Analysis and Exploitation 1st Edition James Forshaw
[Forshaw
https://textbookfull.com/product/attacking-network-protocols-a-hacker-
s-guide-to-capture-analysis-and-exploitation-1st-edition-james-
forshaw-forshaw/
textbookfull.com

Learning OpenTelemetry 1 / converted Edition Ted Young

https://textbookfull.com/product/learning-opentelemetry-1-converted-
edition-ted-young/

textbookfull.com

Android Software Internals Quick Reference: A Field Manual

and Security Reference Guide to Java-based Android
Components 1st Edition James Stevenson
https://textbookfull.com/product/android-software-internals-quick-
reference-a-field-manual-and-security-reference-guide-to-java-based-
android-components-1st-edition-james-stevenson/
textbookfull.com

PowerShell 7 Workshop 1 / converted Edition Nick Parlow

https://textbookfull.com/product/powershell-7-workshop-1-converted-
edition-nick-parlow/

textbookfull.com
 CONTENTS IN DETAIL

TITLE PAGE
COPYRIGHT
DEDICATION
ABOUT THE AUTHOR AND TECHNICAL REVIEWER
FOREWORD
ACKNOWLEDGMENTS
INTRODUCTION
Who Is This Book For?
What Is in This Book?
PowerShell Conventions Used in This Book
Getting in Touch

PART I: AN OVERVIEW OF THE WINDOWS

OPERATING SYSTEM
1
SETTING UP A POWERSHELL TESTING ENVIRONMENT
Choosing a PowerShell Version
Configuring PowerShell
An Overview of the PowerShell Language
Understanding Types, Variables, and Expressions
Executing Commands
Discovering Commands and Getting Help
Defining Functions
Displaying and Manipulating Objects
 Filtering, Ordering, and Grouping Objects
Exporting Data
Wrapping Up

2
THE WINDOWS KERNEL
The Windows Kernel Executive
The Security Reference Monitor
The Object Manager
Object Types
The Object Manager Namespace
System Calls
NTSTATUS Codes
Object Handles
Query and Set Information System Calls
The Input/Output Manager
The Process and Thread Manager
The Memory Manager
NtVirtualMemory Commands
Section Objects
Code Integrity
Advanced Local Procedure Call
The Configuration Manager
Worked Examples
Finding Open Handles by Name
Finding Shared Objects
Modifying a Mapped Section
Finding Writable and Executable Memory
Wrapping Up

3
USER-MODE APPLICATIONS
Win32 and the User-Mode Windows APIs
Loading a New Library
Viewing Imported APIs
Searching for DLLs
The Win32 GUI
GUI Kernel Resources
Window Messages
Console Sessions
Comparing Win32 APIs and System Calls
Win32 Registry Paths
Opening Keys
Listing the Registry’s Contents
DOS Device Paths
Path Types
 Maximum Path Lengths
Process Creation
Command Line Parsing
Shell APIs
System Processes
The Session Manager
The Windows Logon Process
The Local Security Authority Subsystem
The Service Control Manager
Worked Examples
Finding Executables That Import Specific APIs
Finding Hidden Registry Keys or Values
Wrapping Up

PART II: THE WINDOWS SECURITY

REFERENCE MONITOR
4
SECURITY ACCESS TOKENS
Primary Tokens
Impersonation Tokens
Security Quality of Service
Explicit Token Impersonation
Converting Between Token Types
Pseudo Token Handles
Token Groups
Enabled, EnabledByDefault, and Mandatory
LogonId
Owner
UseForDenyOnly
Integrity and IntegrityEnabled
Resource
Device Groups
Privileges
Sandbox Tokens
Restricted Tokens
Write-Restricted Tokens
AppContainer and Lowbox Tokens
What Makes an Administrator User?
User Account Control
Linked Tokens and Elevation Type
UI Access
Virtualization
Security Attributes
Creating Tokens
Token Assignment
Assigning a Primary Token
Assigning an Impersonation Token
Worked Examples
Finding UI Access Processes
Finding Token Handles to Impersonate
Removing Administrator Privileges
Wrapping Up

5
SECURITY DESCRIPTORS
The Structure of a Security Descriptor
The Structure of a SID
Absolute and Relative Security Descriptors
Access Control List Headers and Entries
The Header
The ACE List
Constructing and Manipulating Security Descriptors
Creating a New Security Descriptor
Ordering the ACEs
Formatting Security Descriptors
Converting to and from a Relative Security Descriptor
The Security Descriptor Definition Language
Worked Examples
Manually Parsing a Binary SID
Enumerating SIDs
Wrapping Up

6
READING AND ASSIGNING SECURITY DESCRIPTORS
Reading Security Descriptors
Assigning Security Descriptors
Assigning a Security Descriptor During Resource Creation
Assigning a Security Descriptor to an Existing Resource
Win32 Security APIs
Server Security Descriptors and Compound ACEs
A Summary of Inheritance Behavior
Worked Examples
Finding Object Manager Resource Owners
Changing the Ownership of a Resource
Wrapping Up

7
THE ACCESS CHECK PROCESS
Running an Access Check
Kernel-Mode Access Checks
 User-Mode Access Checks
The Get-NtGrantedAccess PowerShell Command
The Access Check Process in PowerShell
Defining the Access Check Function
Performing the Mandatory Access Check
Performing the Token Access Check
Performing the Discretionary Access Check
Sandboxing
Restricted Tokens
Lowbox Tokens
Enterprise Access Checks
The Object Type Access Check
The Central Access Policy
Worked Examples
Using the Get-PSGrantedAccess Command
Calculating Granted Access for Resources
Wrapping Up

8
OTHER ACCESS CHECKING USE CASES
Traversal Checking
The SeChangeNotifyPrivilege Privilege
Limited Checks
Handle Duplication Access Checks
Sandbox Token Checks
Automating Access Checks
Worked Examples
Simplifying an Access Check for an Object
Finding Writable Section Objects
Wrapping Up

9
SECURITY AUDITING
The Security Event Log
Configuring the System Audit Policy
Configuring the Per-User Audit Policy
Audit Policy Security
Configuring the Resource SACL
Configuring the Global SACL
Worked Examples
Verifying Audit Access Security
Finding Resources with Audit ACEs
Wrapping Up

PART III: THE LOCAL SECURITY AUTHORITY

AND AUTHENTICATION
10
WINDOWS AUTHENTICATION
Domain Authentication
Local Authentication
Enterprise Network Domains
Domain Forests
Local Domain Configuration
The User Database
The LSA Policy Database
Remote LSA Services
The SAM Remote Service
The Domain Policy Remote Service
The SAM and SECURITY Databases
Accessing the SAM Database Through the Registry
Inspecting the SECURITY Database
Worked Examples
RID Cycling
Forcing a User‘s Password Change
Extracting All Local User Hashes
Wrapping Up

11
ACTIVE DIRECTORY
A Brief History of Active Directory
Exploring an Active Directory Domain with PowerShell
The Remote Server Administration Tools
Basic Forest and Domain Information
The Users
The Groups
The Computers
Objects and Distinguished Names
Enumerating Directory Objects
Accessing Objects in Other Domains
The Schema
Inspecting the Schema
Accessing the Security Attributes
Security Descriptors
Querying Security Descriptors of Directory Objects
Assigning Security Descriptors to New Directory Objects
Assigning Security Descriptors to Existing Objects
Inspecting a Security Descriptor’s Inherited Security
Access Checks
Creating Objects
Deleting Objects
 Listing Objects
Reading and Writing Attributes
Checking Multiple Attributes
Analyzing Property Sets
Inspecting Control Access Rights
Analyzing Write-Validated Access Rights
Accessing the SELF SID
Performing Additional Security Checks
Claims and Central Access Policies
Group Policies
Worked Example
Building the Authorization Context
Gathering Object Information
Running the Access Check
Wrapping Up

12
INTERACTIVE AUTHENTICATION
Creating a User’s Desktop
The LsaLogonUser API
Local Authentication
Domain Authentication
Logon and Console Sessions
Token Creation
Using the LsaLogonUser API from PowerShell
Creating a New Process with a Token
The Service Logon Type
Worked Examples
Testing Privileges and Logon Account Rights
Creating a Process in a Different Console Session
Authenticating Virtual Accounts
Wrapping Up

13
NETWORK AUTHENTICATION
NTLM Network Authentication
NTLM Authentication Using PowerShell
The Cryptographic Derivation Process
Pass-Through Authentication
Local Loopback Authentication
Alternative Client Credentials
The NTLM Relay Attack
Attack Overview
Active Server Challenges
Signing and Sealing
Target Names
 Channel Binding
Worked Example
Overview
The Code Module
The Server Implementation
The Client Implementation
The NTLM Authentication Test
Wrapping Up

14
KERBEROS
Interactive Authentication with Kerberos
Initial User Authentication
Network Service Authentication
Performing Kerberos Authentication in PowerShell
Decrypting the AP-REQ Message
Decrypting the AP-REP Message
Cross-Domain Authentication
Kerberos Delegation
Unconstrained Delegation
Constrained Delegation
User-to-User Kerberos Authentication
Worked Examples
Querying the Kerberos Ticket Cache
Simple Kerberoasting
Wrapping Up

15
NEGOTIATE AUTHENTICATION AND OTHER SECURITY
PACKAGES
Security Buffers
Using Buffers with an Authentication Context
Using Buffers with Signing and Sealing
The Negotiate Protocol
Less Common Security Packages
Secure Channel
CredSSP
Remote Credential Guard and Restricted Admin Mode
The Credential Manager
Additional Request Attribute Flags
Anonymous Sessions
Identity Tokens
Network Authentication with a Lowbox Token
Authentication with the Enterprise Authentication Capability
Authentication to a Known Web Proxy
Authentication with Explicit Credentials
The Authentication Audit Event Log
Worked Examples
Identifying the Reason for an Authentication Failure
Using a Secure Channel to Extract a Server’s TLS Certificate
Wrapping Up
Final Thoughts

A
BUILDING A WINDOWS DOMAIN NETWORK FOR TESTING
The Domain Network
Installing and Configuring Windows Hyper-V
Creating the Virtual Machines
The PRIMARYDC Server
The GRAPHITE Workstation
The SALESDC Server

B
SDDL SID ALIAS MAPPING
INDEX
 WINDOWS SECURITY
INTERNALS
A Deep Dive into Windows
Authentication, Authorization, and
Auditing

by James Forshaw

San Francisco
WINDOWS SECURITY INTERNALS. Copyright © 2024 by James Forshaw.
All rights reserved. No part of this work may be reproduced or transmitted in any form or by any
means, electronic or mechanical, including photocopying, recording, or by any information storage or
retrieval system, without the prior written permission of the copyright owner and the publisher.
First printing
ISBN-13: 978-1-7185-0198-0 (print)
ISBN-13: 978-1-7185-0199-7 (ebook)
Published by No Starch Press®, Inc.
245 8th Street, San Francisco, CA 94103
phone: +1.415.863.9900
www.nostarch.com; info@nostarch.com
Publisher: William Pollock
Managing Editor: Jill Franklin
Production Manager: Sabrina Plomitallo-González
Production Editor: Sydney Cromwell
Developmental Editors: Alex Freed and Frances Saux
Cover Illustrator: Garry Booth
Interior Design: Octopod Studios
Technical Reviewer: Lee Holmes
Copyeditor: Rachel Head
Proofreader: Audrey Doyle
Indexer: BIM Creatives, LLC
Library of Congress Cataloging-in-Publication Data
Name: Forshaw, James, author.
Title: Windows security internals / James Forshaw.
Description: San Francisco : No Starch Press, [2024] | Includes index. | Identifiers:
LCCN 2023040842 (print) | LCCN 2023040843 (ebook) | ISBN 9781718501980 (print) |
ISBN 9781718501997 (ebook)
Subjects: LCSH: Computer security. | Microsoft Windows (Computer file) | Computer
networks—Security measures.
Classification: LCC QA76.9.A25 F65655 2024 (print) | LCC QA76.9.A25 (ebook) | DDC
005.8—dc23/eng/20231208
LC record available at https://lccn.loc.gov/2023040842
LC ebook record available at https://lccn.loc.gov/2023040843

For customer service inquiries, please contact info@nostarch.com. For information on distribution,
bulk sales, corporate sales, or translations: sales@nostarch.com. For permission to translate this work:
rights@nostarch.com. To report counterfeit copies or piracy: counterfeit@nostarch.com.
No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other
product and company names mentioned herein may be the trademarks of their respective owners.
Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the
names only in an editorial fashion and to the benefit of the trademark owner, with no intention of
infringement of the trademark.
The information in this book is distributed on an “As Is” basis, without warranty. While every
precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc.
shall have any liability to any person or entity with respect to any loss or damage caused or alleged to
be caused directly or indirectly by the information contained in it.
Dedicated to my amazing wife, Huayi, and my little Jacob, without whom I
would never get anything done.
About the Author
James Forshaw is a renowned computer security expert on Google’s Project
Zero team. In his more than 20 years of experience analyzing and exploiting
security issues in Microsoft Windows and other products, he has discovered
hundreds of publicly disclosed vulnerabilities in Microsoft platforms. Others
frequently cite his research, which he presents in blogs, on the world stage, or
through novel tooling, and he has inspired numerous researchers in the
industry. When not breaking the security of other products, James works as a
defender, advising teams on their security design and improving the
Chromium Windows sandbox to secure billions of users worldwide.

About the Technical Reviewer

Lee Holmes is a security architect in Azure security, an original developer on
the PowerShell team, a fanatical hobbyist, and the author of The PowerShell
Cookbook (O’Reilly Media, 2010). You can find him on Mastodon
(@Lee_Holmes@infosec.exchange), as well as on his personal website
(https://leeholmes.com).
 FOREWORD

A Microsoft Technical Fellow once told me he had never met someone who
understood how the security of the Windows operating system actually
worked. While I don’t think he was right (and plan to send him a copy of this
book to prove it), he had a point. Though critical, there is no doubt that
Windows security is complex.
One of the reasons for this is related to the core architectural difference
between Linux and Windows. Linux is a file-oriented operating system,
while Windows is API oriented, and though APIs can provide a much richer
set of capabilities, they come at the expense of simplicity. So, exploring an
API-oriented operating system is more difficult. You need to read the API
documentation, write code, compile and run it, and debug the results.
This is a very time-consuming loop, and it’s why so few people have a
deep understanding of how Windows security works—it’s just too hard to
explore.
It was because of these problems that I invented PowerShell. I wanted
administrators to automate Windows and had originally tried to do so by
distributing Unix tools for free. (Remember Windows Services for Unix?)
This failed because Unix tools work on files, while everything important in
Windows lives behind an API. Thus, awk didn’t work against the registry,
grep didn’t work against Windows Management Instrumentation (WMI), sed
didn’t work against Active Directory, and so on. What we needed was an
API-oriented command line interface and scripting tool. So, I created
PowerShell.
Today, James is using PowerShell to address the difficulty of acquiring
Windows security expertise; he has made the system explorable. Step one:
install his PowerShell module, NTObjectManager, which provides over 550
cmdlets to experiment with all aspects of Windows security. This hands-on
exploration will allow you to understand how things really work.
This book belongs on the desk of every security professional and
developer working with Windows security. Part I provides an overview of
Windows security’s architecture, Part II covers the details of the operating
system’s security mechanisms and services, and Part III explores the various
aspects of Windows authentication. Each chapter includes a set of
PowerShell examples.
I strongly encourage you to follow the examples provided; exploration
turns words into experience, and experience is the foundation of competence.
Run the commands, make intentional mistakes, and see what errors you get.
In doing so, you’ll acquire a deep understanding of the system.
And trust me: it will be fun.
Jeffrey Snover
Inventor of PowerShell, former chief architect for Windows Server, and
former Microsoft Technical Fellow
 ACKNOWLEDGMENTS

Few books are written in complete isolation, and this one certainly doesn’t
break that mold. I’d like to take the opportunity to thank some of the many
people who have contributed to making this tome a reality. I apologize to
anyone I’ve forgotten.
I must start by acknowledging the contribution of my wife, Huayi, who
cheers me up when I’m down and kicks me (metaphorically) when I’m being
lazy. Without her by my side, the past few years would have been much less
agreeable. The rest of my family are just as important; without them, my life
would be so very different.
Next, I’d like to thank my technical reviewer, Lee Holmes, who has
made the review a valuable experience, teaching me many PowerShell tricks
I didn’t know existed and providing important feedback on the structure and
content.
I’m not the only person doing significant research on Windows. While
there are far too many to list here, I’d like to acknowledge the following
people who have made important contributions to my work. First is Alex
Ionescu, well-known Windows internals guru and my sometimes collaborator
(or competitor), who always seems to know some weird bit of operating
system esoterica. Then there are the many practitioners of Windows
enterprise security research and testing, such as Lee Christensen, Will
Schroeder, and Nick Landers. They’ve been important sounding boards for
my understanding of software like Active Directory and Kerberos and have
actively tested and contributed to my tooling projects.
I’d be remiss not to mention the amazing researchers from my more
formative years, especially Pete and Rich; you know who you are. Also, I’d
like to thank Rob and his team for looking at early drafts of my book’s
chapters and providing valuable feedback.
My relationship with Microsoft has had its ups and downs. That said, I’d
like to thank many of its current and former employees who have helped me
along the way. This includes Katie Moussouris, who was instrumental in
convincing me that it pays to find bugs in Microsoft products. Without her
friendship and contributions, I doubt I’d be as successful as I am today. Then
there’s Nate Warfield, who for many years was my point of contact at the
Microsoft Security Response Center (MSRC), where he shielded me from
much of the company’s party politics and ensured the bugs I reported got
fixed in a timely manner. Finally, I’d like to thank current MSRC
representatives, including Nic Fillingham and Stephanie Calabrese, for
helping me when I need to contact someone deep inside the beast, and for
providing me with swag.
Special thanks to my Google colleagues, who support me in making and
breaking things on Windows. This includes the entirety of the current Google
Project Zero team and its alumni: the best set of security researchers you’ll
likely ever find in a single room, or even two. Then there’s Will Harris, my
friend and colleague on the Chromium Windows sandbox team, who asked
me many of the questions about Windows security on which this book is
based. Finally, thanks to Heather Adkins, who was instrumental in my being
allowed to write a book of this nature while keeping a job at Google.
I’d also like to thank everyone at No Starch Press who has worked on
this book and been patient with me: especially Alex Freed, my longtime
editor, who unfortunately left before this book was published, and Frances
Saux, who became my new editor after Alex’s departure and pulled this
book, kicking and screaming, to completion. Finally, I must thank Bill
Pollock, who is a good friend and always has amazing advice on the book
writing process, as well as the latest recommendations for incredible
restaurants.
I don’t have the space here to name everyone, but to wrap up I’d like to
express my gratitude to all the friends and colleagues who contribute
massively every day to my life and success. Thanks also to you, for picking
up my book. I hope you find the information about Windows security
contained herein to be useful.
 INTRODUCTION

Hundreds of millions of devices use the

Microsoft Windows platform. Many of
the world’s largest companies rely on its security to
protect their data and communications, as does anyone
hosting their code in the Azure cloud. But because
Windows is so important to the security of the modern
internet, it’s also a popular target for attack.
The Windows NT operating system began including security in its
design in 1993, when it introduced user accounts, control over resources, and
remote access from a network. In the more than 20 years since then, much
has changed in Windows security. Microsoft has replaced its original
authentication process with modern technology, granted the access control
mechanism additional capabilities, and significantly hardened the platform
against attack.
Today, the security of the Windows platform is surprisingly complex,
and many attacks rely on abusing this complexity. Unfortunately, Microsoft’s
documentation in this area can be lacking. As Windows is not open source,
sometimes the only way to understand its security is through deep research
and analysis.
This is where I come in. I’ve spent more than 20 years as a developer
and security researcher on Windows platforms, cultivating an understanding
of the operating system’s undocumented corners. In this book, I share some
of my extensive expertise in an easy-to-understand form. By mastering the
principles of Windows security, you’ll be able to kick-start your own
research project or improve your software product.
Who Is This Book For?
I wrote this book for people who work with Windows security. Perhaps
you’re a developer of Windows software and want to ensure that your
product is secure. Or maybe you’re a system administrator tasked with
securing Windows across an enterprise and don’t fully understand how
various security features combine to protect the platform. Or you might want
to poke holes in the operating system to find security vulnerabilities as a
researcher.
This book assumes reasonable familiarity with the Windows user
interface and its basic operations, such as manipulating files. That said, you
don’t need to be a low-level Windows expert: for those who need a little
more grounding, Chapters 2 and 3 provide an overview of the operating
system and how it’s put together.
I rely heavily on the use of PowerShell scripting, so you’ll find it helpful
to have some experience with the language, as well as with the .NET
framework on which it’s based. To get you up to speed, Chapter 1 gives a
very quick overview of some of PowerShell’s features. Elsewhere, I’ll do my
best to avoid using esoteric features of the language, to keep the code
accessible to readers with knowledge of other scripting languages or shell
environments (such as bash).

What Is in This Book?

In each chapter, we’ll cover core security features implemented in modern
versions of Windows. We’ll also walk through several worked examples
written in PowerShell, which should give you a better understanding of the
commands introduced in the chapter. Here’s a brief summary of what each
chapter covers.
Part I surveys the Windows operating system from a programming
perspective. It should provide you with the foundation needed to understand
the material in the rest of the book.
Chapter 1: Setting Up a PowerShell Testing Environment In this
chapter, you’ll set up PowerShell to run the examples included in the
subsequent chapters. This includes installing a PowerShell module I’ve
 written to interact with Windows and its security features. The chapter
also provides an overview of the PowerShell scripting language.
Chapter 2: The Windows Kernel This chapter covers the basics of
the Windows kernel and its system call interface, a topic crucial to
developing a solid understanding of Windows security. I also describe
the object manager, used to manage resources.
Chapter 3: User-Mode Applications Most applications don’t directly
use the system call interface from the kernel; instead, they use a set of
higher-level programming interfaces. This chapter covers Windows
features such as file handling and the registry.
Part II covers the most important component of the Windows kernel for
security, the Security Reference Monitor. We’ll look at all aspects of access
control, from constructing the user’s identity to securing an individual
resource, such as a file.
Chapter 4: Security Access Tokens Windows assigns every running
process an access token, which represents the user’s identity to the
system. This chapter describes the various components stored in the
token that are used to check access.
Chapter 5: Security Descriptors Each securable resource needs a
description of who is allowed to access it and what type of access they
are granted. This is the purpose of security descriptors. In this chapter,
we’ll cover their internal structure and how you can create and
manipulate them.
Chapter 6: Reading and Assigning Security Descriptors To inspect
the security of the system, you need to be able to query the security
descriptor of a resource. This chapter explains how this querying
happens for different types of resources. It also covers the many complex
ways that Windows assigns security descriptors to resources.
Chapter 7: The Access Check Process Windows uses the access
check to determine what access to grant a user to a resource. This
operation takes the token and the security descriptor and follows an
algorithm to determine the granted access. This chapter works through a
PowerShell implementation of the algorithm to explore its design in
depth.
 Chapter 8: Other Access Checking Use Cases Although Windows
primarily uses access checks to grant access to resources, it sometimes
uses them to determine other security properties, such as the visibility of
resources and whether a process is running with a low level of privilege.
This chapter covers these alternative use cases for the access check.
Chapter 9: Security Auditing The access check process can also
create logs of the resources a user has accessed, and with what level of
access. This chapter covers these system auditing policies.
Part III contains details of Windows authentication, the mechanisms that
verify a user’s identity for the purposes of access control.
Chapter 10: Windows Authentication As the topic of authentication
is quite complex, this chapter summarizes the authentication structure
and services on which the rest of the authentication mechanisms depend.
Chapter 11: Active Directory Windows 2000 introduced a new
model for networking Windows systems in an enterprise, with all
authentication information stored in a network directory that users and
administrators could query and modify. This chapter covers how Active
Directory stores information and secures it from malicious modification.
Chapter 12: Interactive Authentication The most common
authentication scenario on Windows occurs when a user enters their
username and password into their computer and gains access to the
desktop. This chapter covers how the operating system implements this
authentication process.
Chapter 13: Network Authentication When a user wants to access a
network service in a Windows enterprise network, they typically must
authenticate to it. Windows provides special network protocols to
implement this authentication without disclosing the user’s credentials to
a potentially hostile network. This chapter explains the network
authentication process, focusing on the New Technology LAN Manager
(NTLM) authentication protocol.
Chapter 14: Kerberos Along with Active Directory, Windows 2000
also introduced the use of the open Kerberos authentication protocol for
enterprise network authentication. This chapter explains how Kerberos
works in Windows to authenticate a user interactively and over a
 network.
Chapter 15: Negotiate Authentication and Other Security
Packages Over the years, Windows has added other types of network
authentication protocols. This chapter covers these new types, including
Negotiate, to supplement those discussed in Chapters 13 and 14.
Finally, the two appendices provide configuration details and further
resources.
Appendix A: Building a Windows Domain Network for Testing To
run some of the examples in the book, you’ll need a Windows domain
network. This appendix provides some steps for using PowerShell to
configure a network for testing.
Appendix B: SDDL SID Alias Mapping This appendix provides a
table of constants referenced in Chapter 5.

PowerShell Conventions Used in This Book

The PowerShell scripting language, which is included with all versions of
Windows, is one of the best ways to flexibly experiment with the internals of
the operating system without needing to install much additional software. As
PowerShell is based on the .NET runtime, this book will use a .NET library
I’ve written for interacting with Windows, making it easy to develop
complex scripts. All example scripts in the book will be available to
download from https://github.com/tyranid/windows-security-internals.
The PowerShell examples in each chapter follow a common set of style
conventions that should help you understand how to use them. Each example
is provided as a listing, of which there are two types: interactive and non-
interactive. Interactive PowerShell listings are those you should enter on the
command line to observe the results. Here is an example of an interactive
listing:

❶ PS> ls C:\
❷ Directory: C:\
Mode LastWriteTime Length Name
---- ------------- ------ ----
d-r--- 4/17 11:45 AM Program Files
❸ --snip--
 An interactive listing precedes each command to enter with a
PowerShell- style prompt (PS>) and shows the command in bold ❶. You’ll
see the resulting output below the command ❷. Sometimes the output can be
quite long, so to save space, I use --snip-- to indicate that the output has
been truncated ❸. Also note that in some examples the output is indicative; it
might be subtly different depending on your operating system or network
configuration.
Most of the interactive listings are designed to be executed from a
normal user account. However, some must run under an administrator
account to access certain protected features. If you don’t run the commands
as an administrator, the results won’t be correct. The text preceding each
listing will clarify whether you must run the command as an administrator.
A non-interactive listing contains PowerShell code that you can copy
into a script file for reuse, like this:

function Get-Hello {
"Hello"
}

Non-interactive listings don’t include the PowerShell prompt and aren’t in

bold.
If you’ve written any scripts in PowerShell, you’ll know that the
language is notorious for verbose command and parameter names. This
makes it difficult to fit certain commands on a single line in the book. Here is
an example of a long PowerShell line and a few ways the book might split it
to make it fit on the page:

PS> Get-ChildItem -LiteralPath "C:\" -Filter "*.exe" -Recurse

-Hidden
❶ -System -Depth 5 | Where-Object {
❷ $_.Name -eq "Hello"
}

The first line, using the Get-ChildItem command, is too long to fit on
the page, so it wraps onto a subsequent line ❶. You can’t just add a newline
in the middle of such a command, so when you’re entering it into the shell or
a file, you should treat it as a single line. The key indicator that the line
continues, instead of being part of the output, is that there’s a bold character
in the first column.
PowerShell can break long lines on certain characters, such as the pipe
(|), the comma (,), or braces ({}). In this listing, I’ve added a newline
following the opening brace ({) and placed the subsequent commands in the
braced block, indented one level ❷. In this case, the shell will handle the
introduction of the new line. Note that the closing brace (}) is in the first
column, so you might assume it needs to be placed on the previous line.
While moving the brace to the previous line will still work in this specific
case, it’s unnecessary.
Note that the Windows operating system is still under active
development. While all the PowerShell examples have been tested on the
latest versions of Windows available at the time of writing, there is a chance
that new security features will have been introduced, or older ones
deprecated, by the time you come to read this book. The following is a list of
the versions on which the examples were tested, along with the major OS
build number:
Windows 11 (OS build 22631)
Windows 10 (OS build 19045)
Windows Server 2022 (OS build 20384)
Windows Server 2019 (OS build 17763)
Any mentions of “the latest versions” in the text refer to these versions.

Getting in Touch
I’m always interested in receiving feedback, both positive and negative, on
my work, and this book is no exception. You can email me at
winsecinternals.book@gmail.com. You can also subscribe to my blog at
https://www.tiraniddo.dev, where I post some of my latest advanced security
research.
 PART I
AN OVERVIEW OF THE WINDOWS
OPERATING SYSTEM
 1
SETTING UP A POWERSHELL TESTING
ENVIRONMENT

In this chapter, you’ll configure

PowerShell so you can work through the
code examples presented in the rest of the book. Then,
we’ll walk through a very quick overview of the
PowerShell language, including its types, variables,
and expressions. We’ll also cover how to execute its
commands, how to get help, and how to export data for
later use.
Choosing a PowerShell Version
The most important tool you’ll need to use this book effectively is
PowerShell, which has been installed on the Windows operating system by
default since Windows 7. However, there are many different versions of this
tool. The version installed by default on currently supported versions of
Windows is 5.1, which is suitable for our purposes, even though Microsoft no
longer fully supports it. More recent versions of PowerShell are cross
platform and open source but must be installed separately on Windows.
All the code presented in this book will run in both PowerShell 5.1 and
the latest open source version, so it doesn’t matter which you choose. If you
Random documents with unrelated
content Scribd suggests to you:
both is and is not, or is becoming. This predicate of becoming
appears in its turn vague and abstract, and it becomes necessary to
determine reality as quality, then as quantity, measure, essence,
existence, mechanism, teleology, life, reflexion, will, idea, in short
with all the predicates that exhaust the concept of reality.
But we know that this order, this supposed
succession, is illusory and is simply the product of Illusion as to the
logical reality of
abstract analysis. In the predicate to which verbal this order.
prominence is given, there is concentrated or
understood every predicate, because in every judgment complete
reality[2] is predicated of the subject. Moreover this is shown just by
the observation, which reveals the insufficiency of an isolated and
abstract predicate, and requires for sufficiency nothing less than the
totality of the predicates, the full concept of the Real, of the Spirit or
of the Idea. The concept of Reality, of Spirit or the Idea, can without
doubt be developed, in its unity and in its distinctions; but (let us yet
again repeat) logical Science has for its object, not the effective
unity and distinction of the Real, but the concept of unity and
distinction..
The ordering of the variety of the predicates, their
gradation according to their greater or less The necessity of
the order of the
adequacy to reality, arises from the fact that predicates, not
disputes as to reality show themselves as one- founded in Logic
sided affirmations of this or that predicate or group in particular, but
in the whole of
of predicates, coupled with the neglect or negation Philosophy.
of others, which are not less indispensable. When,
therefore, we attack such one-sidedness and affirm the complete
indivisibility of the predicates, the single predicates, the objects of
the one-sided affirmations, are scrutinized one after the other, in
order to demonstrate their insufficiency, and for this very reason a
certain order is given to them. This order is, without doubt,
necessary, because the possibility of errors, or of one-sided
thoughts, is a consequence of the distinctions, in which the unity of
the Real lives, and which are necessary to it. But for this very reason
the order must be sought, not in logical Science, but in the total
conception of Reality. For instance, in researches concerning the
ethical concept, only he who thinks, not the concept of the concept
(logical science), but the concept of ethical activity (ethical science),
will be able to determine what one-sided concepts are there possible
and what is their order. Only he who thinks a whole philosophy will
be able to determine how many and what and how connected are
the one-sided and erroneous modes of philosophy. This cannot be
found in the concept of the concept; or rather only those erroneous
modes are there found which derive from a one-sided thinking of the
concept of the concept. This we shall see in its place. The order of
the categories in the sense indicated is certainly not subjective and
arbitrary, as a didactic ordering of them would be, a πρότερον prὸs
ἡμᾶς; it is a πρότερον φύσει. But since this first by nature is identical
with the whole concept of Reality, it is not wholly contained in the
concept of Logic.
If the confusion between Logic and the Doctrine of
the Categories, or between the thinking of the False distinction
of philosophy into
logical category and the thinking of the other two spheres,
categories, had produced no other effect than that Metaphysic and
of introducing into books of Logic a method of Philosophy,
rational
treatment that exceeds their bounds, the evil philosophy and
would not be great. It would chiefly affect literary real philosophy,
harmony and clarity of didactic exposition. But from etc., due to the
confusion
that confusion there has sometimes as rational between Logic
Philosophy and real Philosophy, sometimes as and doctrine of
Gnoseology and Anthropology (or Cosmology), the categories.
sometimes as Logic and System of Philosophy, and
so on. The conception of Reality is thus twice described: once as
part of Logic (the Doctrine of the Categories, Ontology, etc.); and
again as effective or applied Philosophy. Philosophy is divided into a
Prologue to Philosophy and Philosophy, or into Philosophy and a
Conclusion to Philosophy. But Philosophy, although it is
distinguishable into philosophies (for example, Æsthetic, Logic,
Economic and Ethic), is this distinction itself, or the unity immanent
in it. It never gives rise to a duality of grades. It is never prologue,
development and conclusion, being, at its every point, prologue,
development and conclusion. As from empirical and formalist Logic
arose the idea of a Logic which should not be philosophy, but an
organ or instrument or rule or law for the rest of philosophy; so from
the confusion of Logic with the Doctrine of the Categories has arisen
the idea of a Logic, or Metaphysic, or general Philosophy, or
whatever else it may be called, which should be opposed to or above
the rest of philosophy. But the Science of thought, Logic, is at once
thought and effective philosophy; it is thought itself which in
thinking the Real, thinks itself and places itself, as logical Science, in
the place which belongs to it in the system of the Real.
It may seem that in this way thought and reality
are again divided and a metaphysical dualism Philosophy and
pure logic:
created. But the exact opposite is the truth. When overcoming of the
Philosophy is distinguished into general and duality.
particular, into rational and real, into pure and
applied, into Logic-metaphysic and into Philosophy of nature and of
man, an irreparable breach is made, which can only be concealed or
attenuated in a more or less ingenious manner. But when that
doubleness of degree is destroyed (and thought thinking the real
thereby thinks itself), and in the construction of Philosophy, the
Philosophy of philosophy, namely Logic, is constructed, the dualism
is for ever overcome. This thought is the thinking of the distinctions,
which the real presents; but to think distinctions and to think unity
is, as has been already demonstrated, the same thing.

[1] Logik, pp. 532-3.

[2] See above Sect. II. Chap. V.

SECOND PART
 PHILOSOPHY, HISTORY AND THE NATURAL
AND MATHEMATICAL SCIENCES

THE FORMS OF KNOWLEDGE AND THE DIVISIONS OF KNOWLEDGE

The result of the preceding enquiries into the

constitution of the cognitive spirit can be resumed, Summary of
results as to the
for mnemonic purposes, by saying that there are forms of
two pure theoretic forms, the intuition and the acquaintance.
concept, the second of which is subdivided into
judgment of definition and individual judgment, and that there are
two modes of practical elaboration of knowledge, or of formation of
pseudoconcepts, the empirical concept and the abstract concept,
from which are derived the two subforms of judgment of
classification and of judgment of enumeration. If the methods in use
in the mediæval schools or in those of Port-Royal (which were not
without their utility) were still in vogue, we should be able to
embody these results in a few mnemonic verses, which would render
the distinctions we have made easy to impart.
Easy to impart, but not understood, or worse, ill understood;
because, as we know, both the scheme of classification here
adopted and the arithmetical determination of two or more forms
are not truly logical thoughts adequate to the representation of the
process of the real and of thought. Our grouping constructed to help
the memory must therefore be interpreted with the aid of the
developments offered above, and not only corrected, but altogether
resolved in them. In these developments, the intuition and the
concept have appeared as two forms, not capable of co-ordination,
but both distinct and united. The judgment of definition and the
individual judgment have appeared as logically identical, divisible
only from an external or literary point of view, that is to say, by the
greater or less importance attached either to the predicate or to the
subject. Further, the formation of the pseudoconcepts is outside
theory, although founded upon theoretic elements; it belongs
essentially, not to the cognitive spirit, but to the practical spirit. And
if their subdivision into empirical and abstract concepts is necessary,
the necessity is founded upon the fact, that only in these two modes
can the concept be practically developed, when its synthetic unity is
arbitrarily split up into two one-sided forms. Finally, the two
fundamental forms of the spirit themselves, the theoretic and the
practical, are not co-ordinate with one another, nor capable of
arithmetical enumeration. The one is in the other, the one is
correlative to the other, because the one presupposes the other.
No other cognitive or practical-cognitive forms, or
other subforms, beyond those which we have Non-existence of
technical forms,
defined, are conceivable. The technical knowledge, and of composite
which is discussed in some treatises on Logic, is forms.
nothing but knowledge itself, which is always and
entirely technical, preceding and conditioning the action and practice
of life. The same may be said of normative knowledge, by which, as
with technical, it is especially meant in ordinary language to
designate the whole of the pseudoconcepts. But this is erroneous,
when we consider that such knowledge constitutes the true
immediate precedent condition of action. The pseudoconcepts must
be retranslated into individual judgments, in order that they may be
able to form the basis of action, for which, as is justly remarked, we
require direct and concrete perceptions of actual situations. Formulæ
and abstractions aid perception only in an indirect and subsidiary
manner.
The so-called combined or composite forms in which two or more
original forms are brought together, must also be rejected, for the
reason already given, that composite concepts do not exist in pure
Logical thought, and consequently cannot exist in the Science of
Logic, which is the science of that thought. The composite form,
then, is an empirical and arbitrary determination, as may be
observed, for instance, in the case in which we speak of an
empirico-philosophic concept, that is, of the union (which is a
successive enunciation) of an empirical concept and a philosophic
concept.
The cognitive forms having thus been established,
we pass on to the question, what and how many Identity of
cognitive forms
and of what kind are the forms of knowledge. The and forms of
reply must be that the forms of knowledge (for knowledge.
example, History and the natural Sciences) cannot Objections to it.
be anything but identical with the cognitive forms,
and of the same kind and same number as they. The first of these
statements finds itself at once at issue with common thought, in
which a profound distinction is drawn between the ordinary and the
scientific man, the profane and the philosopher, the poet and the
non-poet, the ignorant and the learned, layman and clergy; and
again, between conversation and science, effusion of the soul and
art, collection of facts and history, good sense and philosophy. It is
thought that acquaintance belongs to all: every one communicates
his sentiments, narrates his experiences and those of others,
reasons, classifies and calculates. But art, philosophy, history and
science are believed to belong to the few. That alone deserves those
solemn names, which is the result of exceptional moments, when
man is more than man, or at least when he is no longer one of the
crowd, but belongs to an aristocracy.
And, certainly, these distinctions are useful, and
therefore necessary in practice. We all feel the Empirical
distinctions and
need of creating an aristocracy of men and things; their limits.
of distinguishing the word that a sergeant whispers
in the ear of a maid-servant from a sonnet or a symphony; the
proverbs of Sancho Panza from a treatise on Ethics; and the report
of a police-agent from the history of Rome or of England. We
distinguish the classification of the glasses and bowls in use at home
from that of Mineralogy or of Zoology; the reckoning of our daily
expenses from the calculation of the astronomer; and, finally, Tom,
Dick and Harry from Aeschylus, Plato, Thucydides, Hippocrates and
Euclid. The odi profanum vulgus is a motto that should be
appropriated by whosoever labours to promote the life of thought
and of art, yet not without adding to it Ariosto's post-script: "Nor do
I wish to absolve any from the name of vulgar, save the prudent."
But, admitting all this, we must recognize not less energetically that
these distinctions, imposed by the necessities of life, have in
philosophy no value at all, and that their introduction there, if it has
some excuse in professional custom, is nevertheless the way to shut
off from us for ever all understanding both of the forms of
knowledge and of those of acquaintance. Man is complete man at
every instant and in every man; the spirit is always whole in every
individuation of itself. The philosopher in the highest sense (in the
philosopher worthy of the name) could be defined as one who raises
doubts, collects difficulties, and formulates problems, intent upon
clearing up doubts, upon levelling difficulties, and upon solving
problems; the artist as a man who limits himself to looking and to
recording the significance of what he has seen. In this case, the
ordinary man would be he who encounters no theoretic difficulties
and is unaware of spectacles worthy of contemplation. But in reality
the ordinary man also sets himself problems and solves them,
contemplates and expresses the spectacle of the real. The distinction
has value, therefore, only in descriptive Psychology, which passes in
review types of reality and the perfected organs, so to speak, which
reality creates for itself in great philosophers and great poets. But
what empiricism always divides, philosophy must always unite. To be
scandalized when some one speaks of the poetry, philosophy,
science, mathematics, which are in every one's mouth; to mock
those who unify and identify; to appeal to good sense and to
threaten the madhouse, are things that reveal much pedantry but no
humanity, or, at most, very little. It is foolish to fear that such an
identification as we propose will lessen the importance of the forms
of knowledge and render trivial divine Poetry, lofty Philosophy,
severe History, serious Science and ingenious Mathematics. As the
hero is not outside humanity, but is he in whom the soul of the
people is concentrated and made powerful, so poetry, philosophy,
science and history, aristocratically circumscribed, are the most
conspicuous manifestations attained by the elementary forms of
acquaintance themselves. Such they could not be, were they not all
one with them, just as the mountains could not be, were it not for
the earth upon which they are raised and of which they are
constituted.
It might be said that the forms of knowledge are rich and complex
manifestations of the human spirit, if this statement did not open the
way to another common prejudice, to the belief that to each of
those forms (for instance, to Art, History and Philosophy) several
spiritual activities contribute. Were this so, we should have before us
a mixture, not a product of an unique and original character, such as
we find, as a matter of fact, in a work of Art, a philosophic theory, a
narrative, and a theorem. By the law of the unity of the spirit all the
forms of the spirit are implicit in one another; and the results,
previously obtained from the various forms, condition each one of
them. But each one of them is, explicitly, itself and not the others; it
absorbs and transforms the results of the others; it does not leave
them within itself as extraneous elements, and it therefore makes of
them its own results. The strength of each one of those forms of
knowledge lies precisely in this purity, which persists in the greatest
complexity. A great poem is as homogeneous as the shortest lyric or
as a verse; a philosophic system as homogeneous as a definition;
the most complicated calculations as the addition of "two and two
make four."
If the forms of acquaintance and the forms of
knowledge be identical, it is proved thereby that Enumeration and
determination of
the second are as many and of the same sort as the forms of
the first; and the existence of combined or knowing,
composite forms is also excluded from the forms of corresponding to
the forms of
knowledge. Thus we are henceforth freed from the acquaintance.
obligation of enquiring into the particular nature of
the various forms of knowledge, a task that we have already fulfilled
when enquiring into the forms of acquaintance. It is sufficient to
name them (in correspondence) with the names already given to the
forms of acquaintance, for thus they will be clearly distinguished and
completely enumerated. The method of denomination itself will not
be new and surprising, because it has been, as it were, anticipated,
and foreseen from the examples of which we have availed ourselves
above, and also from some terminological references. We have now
only to make it manifest, to declare it, so to speak, in clear tones.
Pure intuition is the theoretic form of Art (or of Poetry, if we wish to
extend to the whole of æsthetic production the name given to a
group of works of art); and art cannot be otherwise defined than as
pure intuition. The thinking of the pure concept, of the concept as
itself, of the universal that is truly universal and not mere generality
or abstraction, is Philosophy, and Philosophy cannot be otherwise
defined than as the thinking, or the conceiving of the pure concept.
And since the pure concept can be expressed either in the form of
definition or in that of individual judgment, there corresponds to this
duplication the distinction of the two forms of knowing, Philosophy in
the strict sense, and History. The method of treatment called
empirical Science or natural Science, or most commonly in our time,
Science, is composed of those pseudoconcepts known as
representative or empirical or classificatory. The mathematical
Sciences are composed of abstract, enumerative and mensurative
pseudoconcepts, and the application of the second of these, by
means of the first, to individual judgments, is nothing else than what
is called the mathematical Science of nature.
It is usual for the treatment of the forms of
knowledge to be presented in the majority of Critique of the
idea of a special
treatises as a special or applied Logic; following Logic as doctrine
general or pure Logic, which has for its object the of the forms of
specific forms of acquaintance alone, or as it is knowledge,
significantly expressed, the elementary forms of
acquaintance. But we cannot admit the existence of such a Logic, for
the reasons already given. The elementary or fundamental forms are
the only forms philosophically conceivable and really existing, and
the whole of logical Science is exhausted in them. There is no duality
of grades for logical Science any more than for Philosophy in
general. And as no special Æsthetic exists independent of general
Æsthetic, no special Ethic and Economic independent of general
Economic, so there is not a general Logic alongside of a special
Logic.
Special Logic is also inadmissible, when it is
presented as doctrine of methods, and especially of and as doctrine of
methods.
demonstrative or intrinsic methods. The method of
a form of knowledge and in general of a form of the spirit, is not
something different or even distinguishable from this form itself. The
method of poetry is poetry, the method of philosophy is philosophy,
the method of mathematics is mathematics, and so on. Only by
means of empirical abstraction is the method separated from the
activity itself; and when this duality has been created, we are led to
add to it a third term, which is called the object of that form. But
since the method is the form itself, so form and method are the
object itself. Certainly, all the forms of the spirit have a common
object, which is Reality; but this is not because reality is separated
from them, but because they are reality: they therefore have not,
but are this object. Thus the forms of knowledge have not a
theoretic object, but create it: they themselves are that object.
Philosophy has the pure concept for method and object; art has
intuition; science the empirical concept, and so on. If we wished to
treat of methods in a special Logic, we could not do otherwise than
repeat what we have already said in respect to the character of each
form.
All this amounts to saying that the things we shall
discuss concerning the various forms of knowledge Nature of our
treatise in respect
are not to be understood as a special Logic, to the forms of
although they are grouped in a second part for knowledge.
literary reasons. There we shall examine one by
one the various forms of knowledge, in order to confirm their
identity with the forms of awareness and to demonstrate how the
characters adopted by them are reducible to those already explained
for the others, and how the difficulties found in them are overcome
by means of the same principles that we employed to overcome the
difficulties presented by the others. In so doing, we shall also gain
the advantage of making more clear the doctrines already laid down
as to the elementary forms, by fixing our attention upon those
manifestations of them which are presented on a larger scale. To
those who forget or deny the existence of the pure concept or of the
abstract concept, it will be of assistance, in giving the speculative
deduction of those forms, to point out the masterpieces of Art, of
Philosophy, or of Mathematics, and to invite an examination of their
structure. It is true that in our day preference is given to another
method, which is not only antiphilosophical but also antipædagogic.
This method consists in altogether neglecting philosophic
demonstration in the attempt to divert the attention from notable
and luminous manifestations of the spirit, in order to devote it to
rude and uncertain manifestations. Inscriptions of savages are
preferred to the art of Michael Angelo, the philosophy that is still
crudely enveloped in religion and custom to that of civilized times,
something whose nature none can tell precisely, owing to lack of
documents and the elements of research, to what is evidently art
and philosophy. Such enquirers adopt precisely an opposite course to
that followed by the sciences of observation, which have made
telescopes and microscopes to enlarge the little and bring the distant
near. They seek for instruments which shall diminish the great and
make the near remote. Theirs is a strange empirical caricature of
philosophy, which substitutes the chronologically remote for the
fundamentally conceptual, and for the logically simple, the materially
small, which is not, on that account, simple and is far less
transparent. For our part (and we say it in passing), we believe that
to furnish examples of where to fix the attention in logical enquiry,
the minds of an Aristotle or of a Kant afford all we require, without
there being any necessity to have recourse to the psychology of
sucklings and idiots. But to study Aristotle and Kant does not suffice
for knowledge of the truth of the concept. We must find in all beings
of whatever grade and importance, the universal Spirit and its
eternal forms.
And since we have studied the first and most ingenuous form of
knowledge, Art, in a special volume, we shall here begin our
examination of the second of its forms, Philosophy; and first of all,
of Philosophy in the strict sense.

II

PHILOSOPHY

All the definitions that have ever been given of

philosophy will be found to contain the thought Philosophy as
pure concept and
that philosophy is the pure concept (or to say the the various
same thing with more words and less precision), definitions of
that it has the pure concept as its directive philosophy. Those
which deny
criterion. All, be it well understood, save those philosophy.
which, in negating the pure concept, negate also
the peculiar nature of philosophy. But such are not, properly
speaking, definitions of philosophy, although even these, by
contradicting themselves, imply and assume the definition of
philosophy as an original form, and so as the pure concept. Such is
the case with the theories already examined, of æstheticism,
mysticism, and empiricism (and also of mathematicism), to which we
shall return. For them, philosophy is art, sentiment, the empirical (or
abstract) concept. But it is an art in some way differentiated from
the rest of art, a sentiment that acquires a peculiar value, an
empirical or abstract concept, which raises itself up and looks over
the heads of the others. Thus it is something peculiar, a mode of
reflecting sui generis, and so precisely the pure concept. Empiricism
especially reveals this intimate contradiction, when it advocates a
philosophy consisting of a systematization or synthesis of the results
of the empirical sciences. That is to say, it advocates something not
given by the empirical sciences, because, were they to give it, they
would already be systematized and synthesized of themselves, and
the further elaboration asked for would be altogether superfluous.
All the other definitions which presuppose the
peculiarity of philosophy are reducible, as is easily Those that define
it as the science
seen, to the single character of the pure concept. of supreme
Philosophy (they say) is the science of the supreme principles,
principles of the real, the science of ultimate ultimate causes,
etc.;
causes, of the origin of things, and the like. In contemplation of
these propositions, the supreme principles are death, etc.;
evidently not real things, or groups of real things,
or empty formulæ, but the ideal generators of the real. Ultimate
causes are not causes (for the cause is never ultimate, being always
the effect of an antecedent cause), but ideal principles. The origin in
question is not the historical origin of this or that single fact, but the
ideal deduction of the fact from facts or from omnipresent reality.
The same idea is expressed in the imaginative saying that
philosophy is the contemplation of death. For what but the individual
dies? And is not the contemplation of the death of the individual also
that of the immortality of the universal? Is it not contemplation of
the eternal? This remark supplies the motive for that other formula
which defines philosophy as "the vision of things sub specie aeterni."
The character of the pure concept is also indicated
in the definition of philosophy as the elaboration of as elaboration of
the concepts,
the concepts, which the other sciences leave criticism, science
imperfect and self-contradictory. Indeed, since no of norms;
human activity has the imperfect and contradictory
as its aim, if the other sciences are involved in imperfect and
contradictory concepts, this means that they do not aim at
constructing concepts and that philosophy alone elaborates true and
proper concepts. For this reason, philosophy has sometimes been
conceived, not as science, but as criticism, and criticism means
placing oneself above the object criticized, in virtue of a concept
superior to those criticized. For this reason, finally, philosophy has
been conceived as the science of norms and values: norms and
values, which, if they are to surpass singular things, cannot be
extraneous to them. Hence it is the same thing to speak of norms
and values, or of universal concepts, surpassing and containing in
themselves each single thing.
If philosophy is the pure concept, it is also the
distinctions of the pure concept; it is all the pure as doctrine of the
categories.
concepts capable of serving as predicates to
individual judgments and so of acting as categories. Here there is
another definition of philosophy: philosophy is the doctrine of the
categories. For this reason we have already refused to assign to
Logic the search for the categories: first because the doctrine of the
categories is the whole of Philosophy, whereas Logic is only one of
its links, and consequently seeks only one of the categories, that of
logicity. It could also be said that Philosophy is the doctrine of the
categories, and that Logic, as a part of Philosophy, is a Category of
categories, or a Philosophy of Philosophy. Hence its singular position
among philosophical sciences, so that it appears at the same time
within and without Philosophy, because it completes by surpassing
and surpasses by completing it. In reality, Logic, like every other
philosophic science, is within and not without Philosophy; like the
glassy water which reflects the landscape and is itself part of the
landscape.
These definitions which we have selected to record
and to interpret (and others which we leave to the Exclusion of
mathematical
reader to record and to interpret) are all formal, in definitions of
the legitimate sense of the word. They define the philosophy.
eternal nature of philosophy, they do not determine
actually any special solution of other philosophical problems,
although naturally they do potentially determine one solution, in that
they can agree only with one solution. Obedient to this formal
character, we have not taken and shall not take account of
definitions that imply the effective solution of all philosophical
problems, or of Philosophy in its totality. Such is, for instance, the
definition that Philosophy is knowledge of oneself, as was said at the
dawn of Hellenic thought; or that it is the return to the inward man
where dwells the truth, as St. Augustine said; or that it is the science
of Spirit, as we say. This definition offers something more than the
simply logical aspect of Philosophy. Looked at from the purely logical
standpoint, Philosophy will be the science of God or of the Devil, of
Spirit or Matter, of final cause or mechanism, or of anything else that
may be suggested as a hypothesis for enquiry, provided that this,
whatever it be, is thinkable as a pure concept or Idea. Whoever
should negate this condition, would not negate this or that
philosophy, but as we have seen, philosophy itself, in favour of art,
of action, or of something else.
But if Philosophy is by its logical nature pure
concept or idea, every philosophy, to whatever Idealism of every
philosophy.
results it may attain, and whatever may be its
errors, is in its essential character and deepest tendency, idealism.
This has been recognized by philosophers of the most different and
antagonistic views (for example, by Hegel and by Herbart). It should
be taught as truth to those who are ignorant of it and those who
have forgotten should be reminded of it. Determinism negates the
end and affirms the cause; but the cause which it posits as its
principle, is not this or that cause, but the idea of cause. Materialism
negates thought and affirms matter; but not this or that matter,
which composes this or that body, but the idea of matter. Naturalism
denies spirit and affirms nature; not this or that manifestation of
nature, but nature as idea. Finally, when a single natural fact seems
to be posited as the principle of explanation of reality, this fact is
idealized and stands as the idea of itself, generating itself and
everything else. Thus (it has been repeatedly remarked) the water of
Thales, by the very fact that it is taken as a principle, is no longer
any given empirical water, but metaphysical and ideal water. In like
manner, the numbers of Pythagoras are not those of the
Pythagorean table, but cosmic principles and ideas. Theism does not
believe it possible to obtain the sufficient reason of reality, without
positing a personal God, above and beyond the world. But this God
is always something non-representative, however much he may be
involved in sensible representation, and placed upon Sinai or
Olympus. He is the idea of personal divinity, the idea of Jehovah or
of Jove. The philosophy which is called idealist in the strict sense of
the word (it would be better called activist or finalist or absolute
spiritualism), strives to prove that, for instance, cause, matter,
nature, number, water, Jehovah, Jove and the like, are not thinkable
as pure concepts and as such imply contradictions, and that
therefore such philosophies are insufficient. This means that it holds
the idealism of those philosophies insufficient, that they are not
equal to themselves and are inadequate to the assumption on which
they rest; but it does not imply that this assumption is not idealistic.
Were it not idealistic, it would not be philosophical, and so it would
not be possible to submit it to criticism from the philosophical point
of view.
From the identity of philosophy with the pure
concept can be also deduced its necessarily Systematic
character of
systematic character. philosophy.
To think any pure concept means to think it in its
relation of unity and distinction with all the others. Thus, in reality,
what is thought is never a concept, but the concept, the system of
concepts. On the other hand, to think the concept in general is only
possible by arbitrary abstraction. To think it truly in general, means
to think it also as particular and singular, and so to think the whole
system of distinct concepts. Those who wish to think an isolated
concept philosophically without paying attention to the others, are
like doctors who wish to cure an organ without paying attention to
the organism. Such a mode of treatment may cure the organ, but
the organism dies and with it dies the healed organ a moment after.
The true philosopher, when he makes even the smallest modification
in a concept, has his eye on the whole system, for he knows that
this modification, however small it may seem, modifies to some
extent the whole.
The systematic character of philosophy, understood
logically, belongs to every single philosophical Philosophic and
literary
proposition which is always a philosophical cosmos,
as every drop of water is the ocean, indeed, the
whole world, contracted into that drop of water. It significance of
system.
is hardly necessary to distinguish from this the
literary sense of system, which is the name given to certain forms of
exposition, which embrace definite groups of problems, traditionally
held to be those in which philosophy is contained. When some or
many of those groups do not receive explicit literary treatment, it is
said that system is wanting. It is true that there is wanting the
fulfilment of a literary task (or what here amounts to the same thing,
of a pedagogic task); but the system is there, even in the case when
a very specialized problem is treated, provided it be approached with
philosophic and so with systematic energy. That the same thinker,
when he passes to another problem, should give a wrong solution
contradictory to that previously given, does not prove that he had
not at first a system, but that he has lost it when faced with the new
difficulty. He was at first a philosopher and so systematic;
afterwards, not philosopher enough, and so not sufficiently
systematic.
The traditional groupings of problems, and the
construction of system in the literary and Advantages and
disadvantages of
pedagogic sense, certainly have their utility (all the literary form
that exists has its proper function and value). They of system.
preserve and promote culture already acquired, by
obliging it to examine difficulties, which, were they neglected, might
unexpectedly become a great hindrance and loss. Hence the love for
system, or for the literary form of system, a love which the author of
these pages also nourishes in his soul and of which he has sought to
give some proof, by writing a system, although it is long since
systems have been written, in Italy at least (unless scholastic
manuals be thus called), and it is no slight merit to have braved the
ridicule of the enterprise. But systems have also the disadvantage of
sometimes leading to a tiresome re-exposition of problems that are
out of date and whose solutions have passed into the common
patrimony of culture. The treatment of these problems is better left
to be understood, that time and space may be gained for the
treatment of others more urgent. Hence the rebellion against
system, or against the pedantry which can adhere to that form of
exposition. This rebellion is similar at all points with that against the
pedantry of definition, which is a legitimate rebellion, yet cannot
eliminate the logical form of definition. Instead of systems, we write
monographs, essays, and aphorisms, but these, if philosophic, will
always be inwardly systematic.
But the rebellion against systems has another more
serious cause, less literary and more philosophical. Genesis of the
systematic
Sometimes the demand for a system becomes a prejudice and
systematic prejudice. This fact merits explanation, rebellion against
because thus stated it may reasonably appear to it.
be paradoxical. However could the demand
inherent in a function be changed into a prejudice, or into an
obstacle to that function? Stated in these terms, it certainly seems
inconceivable. But it becomes clear and admissible, when we
remember that philosophical enquiry is both induction and
deduction, the thinking of distinction and the thinking of unity in
distinction. Neither of the two processes, which are one single thing,
should be substituted for or dominate the other. If we think the
concept of morality, it should be placed in relation to and deduced
from the other forms of the spirit and thus from unity; but it must
also be thought in itself. The thinking of the peculiar nature of the
moral act cannot remain isolated and atomic, but unity in its turn
cannot give the character of the moral act, unless this act be present
to the spirit and make itself known for what it is. In the process of
research, it is possible to deduce the moral act from the
consideration of the other activities of the spirit, without thinking it
in itself. But here a heuristic process is adopted, a hypothesis is
made, and this hypothesis must afterwards be verified, in order to
become effective thought and concept. Now the systematic prejudice
consists precisely in thinking the unity without thinking the
distinctions, in deduction without induction, in changing the
hypothesis into a concept without having seriously verified it. Hence
analogical constructions (or falsely analogical, and so metaphysical
and fantastic), which take the place of philosophical distinctions, and
hence the systematic prejudice, which is a false idea of system.
Against this rebellion is justified. But the mistake is usually made of
discarding the true demand for system through horror of the false,
or of denying the utility of the analogical process, which is blameable
in the system, but useful in enquiry.
Another aspect of this same rebellion which has
become universal in most recent times, is the Sacred and
philosophical
distrust of or open hostility towards the search for numbers;
symmetry, the arrangement of philosophic meaning of the
concepts in dyads, triads, quatriads, or in other demand which
they express.
suchlike numbers, which precisely express
symmetry in the ordering of those concepts. And such distrust will
be judged reasonable by any one who recalls the excesses caused
by this love of symmetry and the puerilities to which some even of
the loftiest philosophers abandoned themselves, owing to their
excessive attachment to certain numbers. The pedantry of the
Kantian quatriads and triads is truly insupportable, nor are Hegel's
triads less artificial. These were very often reduced by his disciples
to conjuring tricks and almost to buffoonery. It was natural that
there should be a reaction towards the search for the asymmetrical
and towards the doctrine that the concepts attained cannot be
arranged in a beautiful order, for they change their order from one
sphere to another, but that nevertheless they and no others are the
concepts of reality—inelegant but honest; asymmetrical but true.
The reaction is comprehensible, the distrust justifiable; but the
hostility is certainly unjustifiable. If distinct concepts constitute a
unity, they must of necessity constitute an order or symmetry, of
which certain numbers, that can be called regular, are the expression
or symbol. The concepts of an empirical science may be thirty-seven,
eighty-three, a hundred and thirteen, or as many as you like
according as they are arranged. But the concepts of philosophy will
always be dyads, triads, quatriads and the like, that is to say, an
organic unity of distinctions and a correspondence of parts. For this
reason, the human race has always had sacred numbers in religion
and philosophic numbers in philosophy. Let him laugh who wills; but
we do not say that he laughs well. The criterion of symmetry must
not become a prejudice. It must, however, act as a control upon the
enquiry that has been accomplished, since it greatly aids, as a
heuristic process, the enquiry that is yet to be made. Astronomers
are praised, when, thanks to their calculations, supported by the
criterion of proportion and symmetry, they form a hypothesis that a
star, unseen at the time, but which the telescope eventually
discovers, must be at a certain place in the sky. Why should not a
philosopher be equally praised, who deduces that for reasons of
symmetry, there must be in the spirit a form, as yet unobserved, or
that for the same reasons, there should be eliminated a form which
does not seem to be eliminable, but which spoils the symmetry?
Why should the spirit be less rhythmical and less symmetrical than
the starry sky?
When the systematic character of philosophy is
conceived in this way, it is seen that the system is Impossibility of
dividing
not something superadded, like a thread used for philosophy into
binding together the various parts of philosophy general and
and quite external to the objects that it unites, so particular.
that we can consider separately the objects and
the thread, the parts and the system. In philosophy, none of the
parts are without the whole, and the whole does not exist without
the parts. Translated into other terms, this means chat there are not
particular philosophic sciences, just as there is not a general
philosophy. We have made use of this proposition, in order to
confute the usual conception of Logic as a prologue to philosophy,
and to show how this error (which in the case of Logic is supported
by special reasons) is the principal source of other like errors. Thus
Metaphysic or Ontology, or some other science, which is supposed to
give the unity of the real, of which the special philosophic sciences
give only the distinctions, is placed before or after the special
philosophic sciences like a prologue or an epilogue. The truth is that
general philosophy is nothing but the special philosophic sciences,
and vice versa. The plural and the singular cannot be separated in
the pure concept, where the plural is plural of the singular, and the
singular is singular of the plural.
The destruction of this erroneous idea of a general
philosophy has direct practical, importance. For, Evils of the
conception of a
once the so-called science has been constituted, by general
means of a group of arbitrarily isolated problems, philosophy,
which really belong to the various sciences called separated from
particular, we are led to believe that true particular
philosophies.
philosophy consists of a medley, in constant
agitation and shock, and that, thanks to this agitation and these
shocks, it becomes ever more worthy of itself, that is, of being a
medley. But the problems of God and of the world, of spirit and of
matter, of thought and of nature, of subject and of object, of the
individual and of the universal, of life and death, torn from Logic,
from Æsthetic, from the Philosophy of the practical, become
insoluble or are solved only in appearance (that is to say, verbally
and imaginatively). Many young men, ignorant of all particular
philosophical knowledge, attack them as if they were the first step in
philosophy, and many old professors find themselves at the end of
their lives in the same state of mental confusion as at the beginning,
indeed with their confusion increased and henceforth inextricable,
owing to the false path that they have followed for so many years.
They have not respected philosophy, in their first relations with it;
they resemble those men who will never really love a woman,
because they failed of respect to women in their youth. On the other
hand, the so-called particular philosophical sciences, deprived of
some of their organs and become blind or deaf or otherwise
maimed, fall into the power of psychologism and empiricism. Hence
the empirical and psychological treatment of Morality, of Æsthetic,
and of Logic itself. In regard to this evil, now more than ever
rampant in philosophic studies, it is necessary to remember, that the
history of philosophy teaches that no philosophic progress has ever
been achieved by so-called general philosophy, but always by
discoveries made in one or other of the so-called special
philosophies. The concept of Socrates and the dialectic of Hegel are
discoveries in Logic. Kant's concept of freedom is a discovery in
Ethics. The concept of intuition is a discovery in Æsthetic. The
critique of formalist logic is a discovery in the Philosophy of
language. The old idea of God has been dissolved by those most
modest, yet greatest of men, who contented themselves with
formulating a new proposition on the syllogism or on the will, on art
or history, or with defining the abstract intellect or with fixing the
limits of the fancy. Had we been obliged to await these solutions
from the cultivators of that anæmic general philosophy, the old idea
of God would now be more rife than before. And in truth it is still rife
among those philosophers of whom we have spoken, for it
reappears from the midst of the medley which they stir, either with
the name of the Unknowable, or with the old name that still is
reverenced.

III

HISTORY

Since all the characteristics assigned to Philosophy

are verbal variants of its unique character, which is History as
individual
the pure concept, so all the characteristics of judgment.
History can be reduced to the definition and
identification of History with the individual judgment.
History, being the individual judgment, is the synthesis of subject
and predicate, of representation and concept. The intuitive and the
logical elements are both indispensable to it and both are bound
together with an unseverable link.
Owing to the necessity for the subject or intuitive
element, history cannot be constructed by pure The individual
element and
reason. The vision of the thing done is necessary historical sources;
and is the sole source of history. In treatises upon relics and
historical method the sources are usually divided narratives.
into remains and narratives, meaning by remains
(Ueberreste) the things which remain as traces of an event (for
example, a contract, a letter, a triumphal arch), and by narratives
the accounts of the event as they have been communicated by those
who were more or less eye-witnesses, or by those who have
consulted the notes of eye-witnesses. But, in truth, narratives are
valuable just in so far as it is presumed that they place us in direct
contact with the thing that happened and make us live it again,
drawing it forth from the obscure depth of the memories that the
human race bears with it. Had they not this virtue, they would be
altogether useless, as are the narratives to which for one reason or
another credence is refused. A hundred or a thousand narratives
lacking authenticity are not equal to the poorest authentic
document. An authentic narrative is both a document and remains; it
is the reality of the fact as it was lived and as it vibrates in the spirit
of him who took part in it. The search for veracity and the criticism
of the value of sources are reducible in the ultimate analysis, to the
isolation of this genuine resonance of fact, by its liberation from
perturbing elements, such as the illusions, the false judgments, the
preoccupations and passions of the witness. Only in so far as this
can be successfully done, and in the measure in which it is
successful, do we have the first condition of history as act of
cognition—that something can be intuited and thereby transformable
into the subject of the individual judgment, that is to say, into
historical narrative.
On this necessity is based the importance which in
the examination of historians is attached to The intuitive
faculty in
intuition, or touch, or scent, or whatever else it historical
may be called, that is to say, to the capacity research.·
(derived in part from natural disposition and in part
from practical exercise) of directly intuiting what has occurred, of
passing beyond the obstacles of time and space and the alterations
produced by chance or human passion. An historian without intuitive
faculty, or more exactly (since no one is altogether without it), with
but slender intuitive faculty, is condemned to barrenness, however
learned and ingenious he may be in argument. He finds himself
inferior to others, less learned and less logical than he, inferior even
to the uncultured and to the illogical, when it is a question of feeling
what lies beneath words and signs, or of reproducing in himself what
actually happened. For the same reason, it sometimes happens that
an expert in a given trade is astonished to hear the learned arm-
chair historian describe certain orders of facts, of which he has no
experience and of which he talks as a blind man talks of colours. A
sergeant can intuite a march better than a Thiers, and laugh at the
millions of men that Xerxes had led into Greece by simply enquiring
how they were fed. A political schemer understands a court or
ministerial intrigue far better than an honest man like Muratori. A
craftsman can reconstruct the successive brush-strokes and the
traces of change of mind in a picture better than the erudite and
æsthetic historian of art. Historical works perhaps defective or even
failures from other points of view, sometimes fascinate by the proof
they give of freshness of impression: and this quality may serve to
increase our knowledge of facts and to rectify the errors into which
their authors have fallen in other respects. To a historian of the
French Revolution we can pardon even the mistaking of one
personage for another, of a river for a mountain, or the confusion of
months and years, when on the whole he has lived again better than
others the soul of the Jacobins, the spiritual conditions of the mob of
Paris, the attitude of the peasants of Burgundy or of La Vendée.
What is called an historical novel sometimes has in certain respects
greater value than a history, if the novel is inspired by the spirit of
the time and the history contains merely an inventory.
The intuitive faculty, indispensable in research, is
not less indispensable in historical exposition; since The intuitive
faculty in
it is necessary to intuite the actual fact, not in a historical
fugitive and sketchy manner, but so firmly as to be exposition.
able to express it and to fix it in words, in such a Similarity of
history and art.
way as to transmit its genuine life to others. Hence
the specially artistic character that must be possessed by true
historians. Here they resemble pure artists, painting pictures, as they
do, composing poems and writing tragic dialogues. Certainly, every
thought, even that of the most abstruse philosopher and
mathematician, becomes concrete in artistic form. But the historian
(in the somewhat empirical sense of the word) approximates much
more nearly to those who express pure intuitions, since he gives
literary preference to the subject over the predicate. This has been
generally recognized both by historians, who have freely presented
themselves as bards of their race invoking the Muse who represents
History upon Parnassus, while there is there no representative of
Philosophy, Mathematics, or Science; and by theorists, who have
constantly debated the question as to whether history is art. It
seems indeed to be art, when the predicate or logical element is so
well concealed that hardly any attention is paid to it.
I say hardly; because if no attention whatever be
paid to it, if literary emphasis become logical Difference
between history
mutilation, art will remain, but history will have and art. The
gone. A book of history will no longer merely predicate or
resemble a poem or romance, but will be a poem logical element in
history.
or a romance. What is it that, from the point of
view of intuition, distinguishes an imaginative vision and an historical
narrative? If we open the Divine Comedy or the Rime of Petrarch
and read: "In the middle pathway of our life, I found myself in a
dark forest ...," or, "I raised my thought to where she whom I seek
was and find not upon earth ..."; and if we open Livy's History, at
the place where he recounts the battle of Cannae, and read:
"Consules satis exploratis itineribus sequentes Poenum, ut ventum
ad Cannas est, ubi in conspecta Poenum habebant, bina, castra
communiunt," nothing at first seems changed; both are narratives.
Yet everything is changed. If we read Livy as we read Dante or
Petrarch, the battle of Cannae in the same way as the voyage of
Dante to the Inferno, or the passage of the spirit of Petrarch to the
third heaven, Livy is no longer Livy, but a story book. In like manner,
if we read a book of stories, as, for example, the Kings of France or
the Guerin Meschino, in the same way as they are read by the
uneducated man of the people, who seeks history in them, the story
book becomes transformed into a historical book, although of a kind
that must be criticized and refuted when a higher degree of culture
has been attained. This suffices to show the importance of that
predicate, which is sometimes left to be understood in the words,
but whose effective presence transforms the pure intuition into the
individual judgment and makes history of a poem.
The necessity of the logical element has been
several times denied, and it has been affirmed that Vain attempts to
eliminate it.
the historian must let things speak for themselves
and put into them nothing of his own. This fine phrase may have
some reference to a-certain truth, as we shall see. But if it is
understood as the exclusion of the logical element in favour of pure
intuition (and worse still, if it intends to exclude also the category of
intuition, for in that case we have simple muteness), it proclaims the
death of history. Without the logical element it is not possible to say
that even the smallest, the most ordinary fact, belonging to our
individual and everyday life, has occurred; as, for instance, that I
rose this morning at eight o'clock and took luncheon at twelve. For
(to give no other reasons) these historical propositions imply the
concept of existence or actuality and the correlative concept of non-
existence or possibility, since in affirming them I also deny that I
only dreamed of rising at eight or of taking luncheon at twelve. All
will agree that we cannot speak of a historical fact if we do not know
that it is a fact, that is to say, something that has happened; even
stories become the object of history, in so far as their existence as
stories is attributed to them. A story, told without knowing or
deciding whether it be or be not a story, is poetry; perceived and
told as a story, it is mythography, that is to say, history; the author
of the Iliad or the author of the Niebelungen is not Adalbert Kuhn,
Jacob Grimm or Max Müller.
But the criterion of existentiality does not itself
suffice, as some believe, for the effectual Extension of
historical
constitution of historical narrative. For what sort of predicates beyond
narrative should we have, if we merely said that that of mere
something had happened, without saying what had existence.
happened? That something has happened and
does happen at every instant, is not, as we know, the content of
historical narrative, because it is the affirmation that being is, or that
becoming is. What has been said of the individual judgment, namely,
that it is constituted by all the predicates together, that is, of the
whole concept, and not by the predicate of existence alone, torn
from the others, must also be said of historical narrative. It is truly
complete and therefore realized, when the intuition, which supplied
it with the rough material, is completely penetrated by the concept,
in its universality, particularity and singularity. That the consuls, after
having sufficiently explored the routes, followed the Carthaginian,
entered Cannae, and seeing themselves face to face with the army
of Hannibal, pitched and fortified their camp (as runs Livy's
narrative), implies a crowd of concepts, equal in number to the
historical affirmations collected in that sentence. No one ignorant as
to what is man, war, army, pursuit, route, camp, fortification, dream,
reality, love, hatred, fatherland, and so on, is capable of thinking
such a sentence as this. And the obscurity of one of those concepts
is sufficient to make it impossible to form the narrative as a whole,
just as any one who does not understand the meaning of the word
castra is not in a position to understand what forms the argument of
Livy's narrative. If the sources are changed, the historical narrative
changes; but this latter changes no less, if our convictions as to the
concepts are changed. The same matter is differently arranged and
gives rise to different histories, if it is narrated by a savage or a
cultured European, by an anarchist or a conservative, by a
protestant or a catholic, by the me of this moment or the same me
of ten years hence. Given that all have the same documents before
them, each one reads in them a different happening.
But the fact here stated seems to lead straight to
despair as to the fate of history, or at least as to its Alleged
insuperable
fate, so long as it is bound to the logical element, variation in
to convictions about the concepts. When it is judging and
observed that the same facts are narrated in the presenting
historical facts,
most different way; that what for some is the work and consequent
of God is for others the work of the Devil; that claim for a history
what for some is the manifestation of spiritual without
judgments.
forces is for others the product of material
movements of the brain, according as it is well or ill-nourished; that
to some the good of life lies in every explosion and revolt, while to
others it lies only in regular work under the tutelage of laws
rigorously observed and made to be observed,—we arrive at the
conclusion of historical scepticism, namely, that history as usually
narrated is nothing but a story woven from such a state of
degeneration seems to be a return to the pure and simple
reproduction of the document, or at least to the pure intuition, which
introduces no element of judgment, or of what is called subjective.
But this salvation is only a figure of speech, for pure intuition is
poetry and not history, and to return to it is equivalent to abolishing
history. This, however, is clearly impossible, for the human race has
always narrated its doings, and none of us can dispense with
establishing at every instant how things have happened, what has
really happened, and in what actual or historical conditions he finds
himself.
Historical scepticism is, however, as inexact and
one-sided in the observation of fact as it is puerile Restriction of
variations and
in the suggestion of a remedy. Certainly, there are exclusion of
divergences between the various accounts of the apparent
same fact; but (setting aside apparent divergences, variations.
derived from the different interest taken in a given
fact, owing to which verbal prominence is given to one or to another
aspect of it, and limiting ourselves here to real differences) we must,
for the sake of exactitude, take account of all the no less real
agreements, to be found side by side with these divergences. In
virtue of them, for instance, Protestant and Catholic are unanimous
in recognizing that Luther and Leo X. existed, that the one produced
a definite movement in Germany and that the other had recourse to
certain definite prohibitions; and, finally, both Protestant and
Catholic recognize (now at least) the corruption of the ecclesiastical
orders at the beginning of the sixteenth century, and the mundane
and political interests of the German princes in the wars of religion.
In like manner no one, however revolutionary or conservative he is,
will question the bad condition of French finances at the eve of the
Revolution; or that Louis XVI. convoked the States General; or that
he attempted flight and was stopped at Varennes; or that he was
guillotined on the 21st of January 1793; or that the French
Revolution was an event which profoundly changed the social and
moral life of the whole of Europe. Owing to this substantial
agreement between two historians in very many points, and indeed
in the greater part of the narrative, it happens that we can often
read and advise others to read histories that are tainted with the
passions of the partisan, while merely recommending the reader to
make a mental allowance for these passions. In like manner, we can
usefully employ a defective instrument of measurement, provided we
include in the calculation the coefficient of aberration.
As to the remedy, it is clear that if the divergences
as to the concepts arise from ignorance, prejudice, The overcoming
of variations by
negligence, illegitimate private or national means of
interests, and from other disturbing passions, that deepening the
is to say, from insufficient conceiving of the concepts.
concepts, or from inexact thought, the remedy is
certainly not to be sought in the abandonment of concepts and of
thought, but in correcting the former and making perfect the latter.
Abandonment would not only be cowardly, but impossible. Having
left the Eden of pure intuition and entered the field of history, it is
not given us to retrace our steps. There is no returning to blessed
and ingenuous ignorance; innocence is lost for ever, and we must no
longer aspire to it, but to virtue, which is neither innocent nor
ingenuous. Why does what seems good to the Protestant seem bad
to the Catholic? Evidently, owing to the different conception that
each forms as to this world and the world above us, death and life,
reason and revelation, criticism and authority, and so on. It is
necessary, then, to open the discussion with the enquiry as to
whether the truth is with the Protestants or with the Catholics, or
whether it be not found rather in a third view, which goes beyond
both. Once a definite result has been obtained, perplexity will be at
an end (at least for him who has attained it), and the narrative can
be constructed with as much security as the available historical
sources permit. The way indicated will seem hard; but it is the only
way. Whoever decides to retain his own opinions, received without
criticism, will perhaps provide for his own convenience, but he will
Welcome to our website – the ideal destination for book lovers and
knowledge seekers. With a mission to inspire endlessly, we offer a
vast collection of books, ranging from classic literary works to
specialized publications, self-development books, and children's
literature. Each book is a new journey of discovery, expanding
knowledge and enriching the soul of the reade

Our website is not just a platform for buying books, but a bridge
connecting readers to the timeless values of culture and wisdom. With
an elegant, user-friendly interface and an intelligent search system,
we are committed to providing a quick and convenient shopping
experience. Additionally, our special promotions and home delivery
services ensure that you save time and fully enjoy the joy of reading.

Let us accompany you on the journey of exploring knowledge and

personal growth!

textbookfull.com