Winprogger

Windows 7 Service Pack 1 Changes

Satya Das — Wed, 23 Mar 2011 07:23:54 +0000

Windows 7 Service Pack 1 has been released by Microsoft for some time now. A cursory look at changes pushed in Windows 7 Service Pack 1 suggests that it is, for the most part – a new feature plus bunch of bug [...]

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Firewire debugging on 64-bit machines

Satya Das — Sat, 05 Feb 2011 16:00:38 +0000

If you are starting to kernel debug Windows for the first time on a 64-bit intel machine over Firewire or IEEE 1394, you may have some hurdles to leap over. When the debugging host is 32-bit, you run the debugger kd/windbg and configure it to connect over a 1394 channel that matches the channel on [...]

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Boot time bugcheck 0xc000021a on Sony Vaio

Satya Das — Sun, 19 Dec 2010 04:45:27 +0000

The other day, a colleague of mine hands me this Sony Vaio notebook that blue screens when booting up with a 0xc000021a. The bsod happened on every boot but you could boot the machine into safe mode. Curious about what it could be, my first guess was obviously malware. Symantec was installed on this 5+ [...]

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Windows 7 may crash in NtCreateUserProcess

Satya Das — Fri, 26 Nov 2010 06:18:56 +0000

It seems if a driver opens and closes a process early enough in Windows 7, it could trigger a destruction before process creation is even completed, leading to a blue screen of death. One of the ways this happens is, if a page fault happens during NtCreateUserProcess and in the paging path a driver or [...]

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Inside Stuxnet Worm

Satya Das — Tue, 16 Nov 2010 07:24:35 +0000

Eric Chien says Symantec has had a breakthrough in understanding the final legs of Stuxnet worm. The worm was known to Statement List (STL) rootkit1 Siemens Programmable Logic Controllers (PLCs) [...]

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

cpuc – a tool to control cpu scheduling

Satya Das — Sun, 24 Oct 2010 05:23:50 +0000

Every process and thread in Windows gets an affinity mask which defines which processors it can run on. Process Explorer 12.09 has an interface for changing process affinity mask, but does not allow one to manipulate the thread affinity. So I got an excuse to write cpuc1 to query and change affinity right down to [...]

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

About NtGetNextThread

Satya Das — Tue, 19 Oct 2010 04:51:32 +0000

On Windows Vista onwards, there is a new Native API function named NtGetNextThread for thread enumeration1. The prototype for NtGetNextThread is as follows NTSTATUS NTAPI NtGetNextThread( HANDLE ProcessHandle, HANDLE ThreadHandle, ACCESS_MASK DesiredAccess, ULONG HandleAttributes,//pass OBJ_XXX flags here ULONG Flags,//must be zero PHANDLE...

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Blackberry insecurity

Satya Das — Sat, 02 Oct 2010 02:18:49 +0000

You may have heard that there are going to be Blackberry servers in Saudi Arabia1 that would give Saudi government access to user data in clear. When this drama unfolded, we heard [...]

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Verifier shutdown watchdog

Satya Das — Wed, 04 Aug 2010 05:56:27 +0000

If Windows 7 is taking a long time to shutdown, and you are running with driver verifier turned on, you may come across the following message in kernel debugger to your rescue - Driver Verifier detected that this system didn’t finish shutting down in more than 20 minutes. To display information about the [...]

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]

Atomic bit test and set

Satya Das — Tue, 29 Jun 2010 18:48:58 +0000

Drivers sometimes need to use atomic bit test and set operations in code. Drivers may be calling other functions that rely on bit testing and setting1 but more often than not calls are made to one of those InterlockedCompareExchangeXXX functions or the shorter InterlockedXXX functions if comparing current value is inessential. So it did not [...]

[[ This is a content summary only. Visit my website for full links, other content, and more! ]]