64 Bit
Atomic bit test and set
Drivers sometimes need to use atomic bit test and set operations in code. Drivers may be calling other functions that rely on bit testing and setting1 but more often than not calls are made to one of those InterlockedCompareExchangeXXX functions or the shorter InterlockedXXX functions if comparing current value is inessential.
x64 calling convention
Many of you are probably already familiar with the x64 calling convention1 2 in 64-bit Windows – where generally speaking first four parameters3 are passed in registers RCX, RDX, R8 and R9 with 32 bytes of spill area reserved
Memory dumping on Windows 7
It seems collecting memory dumps on Windows 7 has its own challenges. First things first – engineers always get the best information from a full memory dump but Windows 7 defaults dump type to Kernel Memory Dump. One of the first things to prepare machines for testing or development is changing the dump type to [...]
Windows kernel mode driver signing certificates
A question that is often raised in the windows driver community, is which vendor’s certificate works for signing kernel mode drivers in 64-bit Vista/2008. Many times certificate vendor websites and their support personnel are unaware of the windows kernel mode code signing requirements and may misguide companies into buying wrong type of certificate. If it [...]
Launching a non-child process
When a process launches a child process, it becomes the parent of the child process. That is the default behaviour. In Vista however, a process can launch a process as a child of yet another process. This facility is used by User Account Control (UAC) when elevated processes are launched by AppInfo service to look [...]
Layered Service Providers in Vista/64-bit
Layered Service Providers (LSPs) are user mode dlls that allow one (most usefully) to be in network packet chain and thus can change (think encryption/compression) or inspect (think sniffing) buffers from winsock applications. They are chained along with base providers by registering in LSP System Configuration Database (aka catalog). On 64-bit Windows, there are 2 catalogs, one [...]
Loading ...