Debugging
Verifier shutdown watchdog
If Windows 7 is taking a long time to shutdown, and you are running with driver verifier turned on, you may come across the following message in kernel debugger to your rescue – Driver Verifier detected that this system didn’t finish shutting down in more than 20 minutes. To display information about the thread that [...]
x64 calling convention
Many of you are probably already familiar with the x64 calling convention1 2 in 64-bit Windows – where generally speaking first four parameters3 are passed in registers RCX, RDX, R8 and R9 with 32 bytes of spill area reserved
Kernel Debugging on ESXi 4.0
I got a new Dell T5500 desktop machine a while back and the first thing to do was to open it up and see what was in there of course. And looking at the dual quad-core Xeons and the 6GB memory, I quickly realized I had to find something daunting enough for this machine. It [...]
Memory dumping on Windows 7
It seems collecting memory dumps on Windows 7 has its own challenges. First things first – engineers always get the best information from a full memory dump but Windows 7 defaults dump type to Kernel Memory Dump. One of the first things to prepare machines for testing or development is changing the dump type to [...]
A tale of two asserts
There are two popular ways to assert in drivers. One can use the the regular ASSERT macro (int 3) or the relatively newer NT_ASSERT macro (int 2C). Since ASSERT calls RtlAssert, when the debugger breaks in, code would be several frames off of where the ASSERT was. If you use NT_ASSERT however, the debugger would [...]
Conditional breakpoints in WinDbg
When tracking down a very specific issue in a driver (which typically means very low signal to noise ratio) conditional breakpoints in WinDbg tend to the the first thing to use before resorting to modifying driver source with additional tracing code and rebuilding driver. For example, one of the frequent challenges for file system filter [...]
Loading ...