0

Verifier shutdown watchdog

Posted by Satya Das
at August 3, 2010

If Windows 7 is taking a long time to shutdown, and you are running with driver verifier turned on, you may come across the following message in kernel debugger to your rescue -

Driver Verifier detected that this system didn’t finish shutting
down in more than 20 minutes. To display information about the
thread that is responsible for shutting down, use these debugger
commands:

dp nt!VfShutdownThread l1;!thread @$p

This is a very helpful
Read the rest of this entry »

Debugging, Windows 7
0

Atomic bit test and set

Posted by Satya Das
at June 29, 2010

Drivers sometimes need to use atomic bit test and set operations in code.  Drivers may be calling other functions that rely on bit testing and setting1 but more often than not calls are made to one of those InterlockedCompareExchangeXXX functions or the shorter InterlockedXXX functions if comparing current value is inessential.
Read the rest of this entry »

64 Bit, Programming
2

x64 calling convention

Posted by Satya Das
at April 4, 2010

Many of you are probably already familiar with the x64 calling convention1 2 in 64-bit Windows – where generally speaking first four parameters3 are passed in registers RCX, RDX, R8 and R9 with 32 bytes of spill area reserved
Read the rest of this entry »

64 Bit, Debugging, Programming
1

Kernel Debugging on ESXi 4.0

Posted by Satya Das
at February 12, 2010

I got a new Dell T5500 desktop machine a while back and the first thing to do was to open it up and see what was in there of course. And looking at the dual quad-core Xeons and the 6GB memory, I quickly realized I had to find something daunting enough for this machine.

It did not take long to find such a task. How about running those Windows checked build virtual machines on this machine ? Anyone who has run checked builds in virtual machines knows how slow things get. And if you have to meet a deadline of some kind, it can get frustrating to get all testing done in all platforms. If this machine with 16 logical processors cannot take that load, then nothing else will.
Read the rest of this entry »

Debugging, Hardware
0

FltEnlistInTransaction behaviour

Posted by Satya Das
at January 13, 2010

FltEnlistInTransaction is a filter manager function that file system mini-filters can use in Vista+ platforms to subscribe to relevant transaction notifications. It is declared in fltkernel.h as follows

The idea is when a transaction is committed for example, mini-filter transaction callback is called
Read the rest of this entry »

Programming, Vista, Windows 7
2

Memory dumping on Windows 7

Posted by Satya Das
at January 1, 2010

It seems collecting memory dumps on Windows 7 has its own challenges.

First things first – engineers always get the best information from a full memory dump but Windows 7 defaults dump type to Kernel Memory Dump. One of the first things to prepare machines for testing or development is changing the dump type to full memory dump.  One can do this change via Control Panel->System and Security->System->Advanced System Settings->Startup and Recovery->Settings->Write Debugging Information->Complete Memory Dump.
Read the rest of this entry »

64 Bit, Debugging, Programming, Windows 7
Next Page