Kernel Debugging on ESXi 4.0
I got a new Dell T5500 desktop machine a while back and the first thing to do was to open it up and see what was in there of course. And looking at the dual quad-core Xeons and the 6GB memory, I quickly realized I had to find something daunting enough for this machine.
It did not take long to find such a task. How about running those Windows checked build virtual machines on this machine ? Anyone who has run checked builds in virtual machines knows how slow things get. And if you have to meet a deadline of some kind, it can get frustrating to get all testing done in all platforms. If this machine with 16 logical processors cannot take that load, then nothing else will.
Read the rest of this entry »
FltEnlistInTransaction behaviour
FltEnlistInTransaction is a filter manager function that file system mini-filters can use in Vista+ platforms to subscribe to relevant transaction notifications. It is declared in fltkernel.h as follows
The idea is when a transaction is committed for example, mini-filter transaction callback is called
Read the rest of this entry »
Memory dumping on Windows 7
It seems collecting memory dumps on Windows 7 has its own challenges.
First things first – engineers always get the best information from a full memory dump but Windows 7 defaults dump type to Kernel Memory Dump. One of the first things to prepare machines for testing or development is changing the dump type to full memory dump. One can do this change via Control Panel->System and Security->System->Advanced System Settings->Startup and Recovery->Settings->Write Debugging Information->Complete Memory Dump.
Read the rest of this entry »
Computing on GPU – DirectCompute
A while back, I blogged about offloading computation traditionally done on CPU to GPU. Here is an excellent presentation from Chas Boyd at PDC 2009 about DirectCompute, which enables a DirectX 11 application to use GPU for computing tasks. The presentation not only gives an overview of a typical GPU, but also shows among other things High Level Shader Language (HLSL) sample code demonstrating how to dispatch a simple task to GPU and get the results back into main memory from GPU memory. HLSL compilation can be done with fxc or D3DX11CompileFromFile.
Read the rest of this entry »
Physical Memory Imaging
I came across this interesting 2007 paper on Live Memory Acquisition for Windows Operating Systems by Naja Davis that shows some of the tools and techniques used by forensics analysts1 to get at the physical memory and analyze memory contents to get list of processes, threads, files, passwords and other data in memory.
Read the rest of this entry »
A tale of two asserts
There are two popular ways to assert in drivers. One can use the the regular ASSERT macro (int 3) or the relatively newer NT_ASSERT macro (int 2C). Since ASSERT calls RtlAssert, when the debugger breaks in, code would be several frames off of where the ASSERT was. If you use NT_ASSERT however, the debugger would stop right where NT_ASSERT was called in the code. That is a nice convenience since you do not have to issue several
Read the rest of this entry »
Loading ...