Profile cover photo
Profile photo
Jared “Yoda” Herring
Windows Kernel debugging support
Windows Kernel debugging support
About
Jared's posts

Post has attachment
Device/Driver Objects and Stacks
Today I thought I'd write a bit about device stacks and driver stacks and how they implement IRPs. I'm not going into detail on how drivers function and the types of drivers as I would be here all day so I'll save that for another time. What is a device obj...

Post has attachment
0x133 DPC_WATCHDOG_VIOLATION
I've not posted in a while but I found an interesting case on a forum and managed to acquire a Kernel memory dump. I'm not going into detail about DPCs or interrupts as I have made blog posts on these in the past. DPC_WATCHDOG_VIOLATION (133) The DPC watchd...

Post has attachment

Post has attachment
DPCs and APCs
I got back off holiday yesterday and I feel it's time for a blog post, this might be a long one as I have spent some time reading Windows Internals and looking at various subjects of interrupts DPCs and APCs. So a DPC or Deferred Procedure Call is a way for...

Post has attachment

Post has attachment
Memory Management - Stacks
In this blog I'll talk about stacks, what they are and how they are used in Windows. We've come across the term before but we don't know that much about them unless you really look into them. So a stack is an abstract data type that is implemented as a LIFO...

Post has attachment
Interrupt dispatching and handling
In this post I'll talk about interrupt dispatching and thetype of
interrupts. Interrupts have always been interesting yet slightly
confusing at the same time so I'll try and explain what they are and the
different types they come in. So what is an interr...

Post has attachment
Instruction pointer misalignments
This time I'll talk about instruction pointer misalignment. So what is an instruction pointer misalignment? Well, when an object references memory it uses a pointer to (you guessed it) point to a certain memory address, once it references the data inside th...

Post has attachment
Hexadecimal and Binary
This blog will be a little different to my usual debugging blogs. I will be talking about hexadecimals and binary, it can be difficult to fully understand but we should be able to get through it. Now, at school, I was never really good at Maths, I struggled...

Post has attachment
0x7F (memory leak)
In this post, we will be looking at a memory leak caused by a program called NotMyFault which is supplied by Sysinternals, they have some excellent tools you should check out if interested. To download NotMyFault then here's the link. http://live.sysinterna...
Wait while more posts are being loaded