ProcDump v3.04 has been released . The release just contains a tiny (edge case) sanity check I wrote in the MiniPlus stack traversal code. Specifically, it caters for the case where esp/rsp is not within the stack base and stack limit. In this highly unlikely scenario, ProcDump -mp now iterates between...

These David Solomon talks on Memory Management (circa 2005) used to be on TechNet Spotlight but got pulled last year. I've found a repost of them here: http://www.opsvault.com/david-solomon-technet-talks/

One of my debugger extensions commands uses IDebugDataSpaces2::QueryVirtual to iterate through the target’s address space to find particular size allocations (regions that are used for the TEB if you must know).  The code was working fine but on x64 dumps, I found that it was running quite slow...

To save a symbol lookup in a debugger extension, here are the hardcodes to use for StackBase and StackLimit. User Mode 32bit 0:000> dt nt!_TEB.Stack* ntdll!_TEB +0x000 NtTib : +0x004 StackBase : Ptr Void +0x008 StackLimit : Ptr Void User Mode 64bit 0:000> dt nt!_TEB NtTib...