Browse by Tags

Today we’ll examine a case where a crash is occurring in a Microsoft process, in core Windows code, but the culprit isn’t the crashing code. In fact, the culprit isn’t even running in the process that crashed! But before I get ahead of myself, let’s start by examining a crash dump that shows the problem...

Today’s exercise will focus on x86 function calling conventions. The calling convention of a function describes the following: · The order in which parameters are passed · Where parameters are placed (pushed on the stack or placed in registers) · Whether the caller or the callee is responsible...

Continuing our series on “ Fundamentals Exercises ”, we have some more reverse engineering for you! Again, these exercises are designed more as learning experiences rather than simply puzzlers . We hope you find them interesting and educational! Feel free to post your responses here, but we won’t put...

Hello ntdebuggers! We’ve seen a lot of interest in our Puzzlers , and we’ve also seen requests and interest in topics covering debugging fundamentals . So we’ve decided to combine the two topics and post a series of “Fundamentals Exercises”. These exercises will be designed more as learning experiences...

Today we’re posting links to some of our favorite debugging - related content on the web . Post your own favorites as a comment to share them with everyone! Reverse Engineering and Debugging Blogs DumpAnalysis MetaSploit Nynaeve Mark Russinovich's Blog Steve’s Techspot John...

This is going to be a short blog post, but considering the amount of feedback we’ve received on the our two previous desktop heap posts , I think this is worth blogging about. 32-bit Vista SP1 and 32-bit Windows Server 2008 both have a new value for the default size of interactive desktop heaps. Previously...

Hello, Matthew here again. Starting today, my team will be bringing you content in the form of videos, as well blog posts. We’ll be hosting these videos on Channel 9 , and we’ll link them from the ntdebugging blog. One way that we’ll be using video is as a means of highlighting topics...

Matthew here again – I want to provide some follow-up information on desktop heap . In the first post I didn’t discuss the size of desktop heap related memory ranges on 64-bit Windows, 3GB, or Vista. So without further ado, here are the relevant sizes on various platforms... Windows XP (32-bit...

Hello - Matthew here again. Today I'll be discussing in detail hang scenario #1 that Tate first mentioned a few blogs posts ago . From a debugging perspective, in an ideal world an application would always provide some kind of feedback when a failure occurs. The reality is that sometimes an application...

Desktop heap is probably not something that you spend a lot of time thinking about, which is a good thing. However, from time to time you may run into an issue that is caused by desktop heap exhaustion, and then it helps to know about this resource. Let me state up front that things have changed significantly...

Welcome to the Microsoft NTDebugging blog! I’m Matthew Justice, an Escalation Engineer on Microsoft’s Platforms Critical Problem Resolution (CPR) team. Our team will be blogging about troubleshooting Windows problems at a low level, often by using the Debugging Tools for Windows. For more information...