0

FltEnlistInTransaction behaviour

Posted by Satya Das
at January 13, 2010

FltEnlistInTransaction is a filter manager function that file system mini-filters can use in Vista+ platforms to subscribe to relevant transaction notifications. It is declared in fltkernel.h as follows

The idea is when a transaction is committed for example, mini-filter transaction callback is called
Read the rest of this entry »

Programming, Vista, Windows 7
0

Memory dumping on Windows 7

Posted by Satya Das
at January 1, 2010

It seems collecting memory dumps on Windows 7 has its own challenges.

First things first – engineers always get the best information from a full memory dump but Windows 7 defaults dump type to Kernel Memory Dump. One of the first things to prepare machines for testing or development is changing the dump type to full memory dump.  One can do this change via Control Panel->System and Security->System->Advanced System Settings->Startup and Recovery->Settings->Write Debugging Information->Complete Memory Dump.
Read the rest of this entry »

64 Bit, Debugging, Programming, Windows 7
0

Computing on GPU – DirectCompute

Posted by Satya Das
at December 7, 2009

A while back, I blogged about offloading computation traditionally done on CPU to GPU. Here is an excellent presentation from Chas Boyd at PDC 2009 about DirectCompute, which enables a DirectX 11 application to use GPU for computing tasks. The presentation not only gives an overview of a typical GPU, but also shows among other things High Level Shader Language (HLSL) sample code demonstrating how to dispatch a simple task to GPU and get the results back into main memory from GPU memory. HLSL compilation can be done with fxc or D3DX11CompileFromFile.

Read the rest of this entry »

Hardware, Programming
1

Physical Memory Imaging

Posted by Satya Das
at November 28, 2009

I came across this interesting 2007 paper on Live Memory Acquisition for Windows Operating Systems by Naja Davis that shows some of the tools and techniques used by forensics analysts1 to get at the physical memory and analyze memory contents to get list of processes, threads, files, passwords and other data in memory.
Read the rest of this entry »

Etc, Hardware, Security
0

A tale of two asserts

Posted by Satya Das
at October 1, 2009

There are two popular ways to assert in drivers. One can use the the regular ASSERT macro (int 3) or the relatively newer NT_ASSERT macro (int 2C). Since ASSERT calls RtlAssert, when the debugger breaks in, code would be several frames off of where the ASSERT was. If you use NT_ASSERT however, the debugger would stop right where  NT_ASSERT was called in the code.  That is a nice convenience since you do not have to issue several
Read the rest of this entry »

Debugging, Programming, Windows 7
0

Deleting a file/directory

Posted by Satya Das
at September 14, 2009

How do you delete a file or directory1 in Win32/64 ? You have primarily three options -

  1. DeleteFile, RemoveDirectory
  2. MoveFileEx (…, MOVEFILE_DELAY_UNTIL_REBOOT…)
  3. CreateFile (…, FILE_FLAG_DELETE_ON_CLOSE…)  followed by CloseHandle

First of all DeleteFile cannot be used to delete a directory, you are supposed to use RemoveDirectory instead. If you pass a directory path to DeleteFile, the call fails and GetLastError returns error 5 (ERROR_ACCESS_DENIED) which is rather befuddling when you hit it for the first time. This happens even if the logged on user has  DELETE access permissions for the directory. So what gives ?
Read the rest of this entry »

Programming, Vista, Windows 7
Next Page