Author Archive
Verifier shutdown watchdog
If Windows 7 is taking a long time to shutdown, and you are running with driver verifier turned on, you may come across the following message in kernel debugger to your rescue – Driver Verifier detected that this system didn’t finish shutting down in more than 20 minutes. To display information about the thread that [...]
Atomic bit test and set
Drivers sometimes need to use atomic bit test and set operations in code. Drivers may be calling other functions that rely on bit testing and setting1 but more often than not calls are made to one of those InterlockedCompareExchangeXXX functions or the shorter InterlockedXXX functions if comparing current value is inessential.
x64 calling convention
Many of you are probably already familiar with the x64 calling convention1 2 in 64-bit Windows – where generally speaking first four parameters3 are passed in registers RCX, RDX, R8 and R9 with 32 bytes of spill area reserved
Kernel Debugging on ESXi 4.0
I got a new Dell T5500 desktop machine a while back and the first thing to do was to open it up and see what was in there of course. And looking at the dual quad-core Xeons and the 6GB memory, I quickly realized I had to find something daunting enough for this machine. It [...]
FltEnlistInTransaction behaviour
FltEnlistInTransaction is a filter manager function that file system mini-filters can use in Vista+ platforms to subscribe to relevant transaction notifications. It is declared in fltkernel.h as follows The idea is when a transaction is committed for example, mini-filter transaction callback is called
Memory dumping on Windows 7
It seems collecting memory dumps on Windows 7 has its own challenges. First things first – engineers always get the best information from a full memory dump but Windows 7 defaults dump type to Kernel Memory Dump. One of the first things to prepare machines for testing or development is changing the dump type to [...]
Loading ...