There’s an old saying that if you ask two developers a question you’ll get three answers. We decided to test that theory by posing a simple challenge: explain WDF Queues with Manual dispatch type. Check out Peter Viscarola’s response here: And then see what Scott Noone had to say:
WDK Visual Studio Integration: A Good or Bad Thing? (Video)
The WDK being integrated into Visual Studio is certainly a big change, but is a good one? Peter and I are asked our opinions on WDK Visual Studio integration all the time, so we decided that it was time to get together and discuss it. Sure, we could have come to a consensus and published an article […]
Kx Headers in the Windows 8.1 WDK
It’s commonly known that the Windows Kernel uses two standard function prefixes to differentiate externally callable functions (Ke) from private, or internal, functions (Ki). There is, however, a third prefix used in the Kernel that isn’t quite as common: Kx. This prefix is used for internal functions that are processor architecture specific. For example, KxFlushEntireTb […]
Is DMA Cache Coherent on ARM?
On NTDEV we had an interesting discussion about interlocked operations, which, being an NTDEV discussion, took many twists and turns along the way. Out of all the various tangents that occurred, one stuck out to me as it’s something that was worth highlighting: who is responsible for guaranteeing cache coherency of DMA operations on Windows? For example, imagine a […]
Turning a Breakpoint into a Busypoint
During dynamic analysis, I often want to prevent a code path from continuing to execute beyond a certain point. For example, maybe I suspect a race between the read and write paths in a driver. In this case, I may want to allow the write path to proceed up to a point before executing the […]
Using WinDbg to hunt for strings
Oftentimes it’s useful to search images for strings, they can provide clues as to where a module came from or what exactly was running on a machine. However, doing this typically requires extracting an image from a memory dump and running a standalone application. If you want to save yourself some time, you can instead […]
Spice Up Your Debug Output With DML
If you’ve been using WinDbg for any amount of time, you’ve surely come across the Debugger Markup Language (DML). DML is what provides the ability to create hyperlinks in the debugger’s output window. For example, this support is used beautifully within the NDIS debugging extensions. Try running !ndiskd.help and clicking around a bit, even if you’re not […]
OSR Open Systems Resources, Inc.