Yet another release of Windows 10 means yet another release of the WDK: https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit The big news with this release is that driver development is finally integrated with Visual Studio 2017. Also good news is that this kit continues to support development for Windows 7, meaning that there aren’t many reasons to NOT upgrade to […]
Tracking an NTSTATUS to its Source
I found myself in a situation this week where I really wanted to call the API SeTokenIsAdmin. I vaguely remembered some issues around this API, and Googling quickly brought up a couple of threads from NTDEV and NTFSD hinting at a security issue that was fixed in 2015: https://www.osronline.com/ShowThread.cfm?link=201029 https://www.osronline.com/showthread.cfm?link=264871 (Yes, I was on one […]
WinDbg, Debugger Objects, and JavaScript! Oh, My!
In case you’ve missed it, there are tons of changes going on under the covers in WinDbg. There is a fundamental paradigm shift going on in terms of how WinDbg grants access and presents data to the user and it can lead to some pretty cool results. Let’s take a concrete example of the old way […]
1394 Boot Debugging is Dead
TL;DR: Don’t waste your time like we did – 1394 boot debugging no longer works on the latest builds on Windows 10. As you might already be aware, native 1394 kernel debug support was pulled from the latest Windows 10 releases. An officially sanctioned workaround was provided by the kernel debugging team at Microsoft and we […]
Of Windows, Git, FUSE, and Moral Equivalence
It’s a known fact these days that Microsoft is feeling the Git love. As stated by Microsoft and reported by Ars Technica, the Windows operating system is even moving from its long lived centralized source control system to Git. Strange days indeed! However, in all of this there’s an interesting technical bit related to Windows file systems. As […]
Unexpected Case of Bugcheck IRQL_UNEXPECTED_VALUE (C8)
Yet another interesting case lands on our doorstep thanks to NTDEV (original post here). I firmly believe that you have zero chance in diagnosing a non-trivial crash if you don’t understand the bugcheck code. The bugcheck code is, in fact, THE definitive reason for the crash. Of course, just understanding the bugcheck code itself is […]
Careful With Your WDK Updates!
I can never help myself when it comes to updating to the latest WDK. It’s always exciting to diff the old contents with the new and see what’s really going on in the operating system. And not since the XP DDK have I ever had a problem jumping on the bandwagon early (except that one […]
WDK 14393 Code Analysis Enforces POOL_NX_OPTIN, Breaks POOL_NX_OPTIN
In an interesting twist, build 14393 of the WDK now enforces the use of NX non-paged pool: buffer = ExAllocatePoolWithTag(NonPagedPool, 4096, ‘ RSO’); nxoptinbreak.cpp(24): warning C30030: Warning: Allocating executable POOL_TYPE memory This is a good thing as it will force all of us lazy driver developers to finally embrace marking our allocations as NX. Now for the bad […]
Legacy File System Filters Blocked in Build 1607
Ever since the release of Filter Manager over 10 years ago, there have been rumblings about the fate of the existing legacy File System Filters (i.e. any FS filter that didn’t use Filter Manager)*. It was clear that they were going to be deprecated at some point, but when and how? The first nail in […]
!pool Broken for Windows 10 Build 10586 Targets
I’ll start by stating that the Debugging Tools team is aware of this problem and a fix the public PDBs is in the pipeline. It might take a while for that to show up, so I wanted to make sure everyone was aware of the issue. The !pool WinDbg command has been rendered useless when […]
OSR Open Systems Resources, Inc.