Browse by Tags


  • Blog Post: It’s not my fault! – A case of remote code injection gone bad

    Today we’ll examine a case where a crash is occurring in a Microsoft process, in core Windows code, but the culprit isn’t the crashing code. In fact, the culprit isn’t even running in the process that crashed! But before I get ahead of myself, let’s start by examining a crash dump that shows the problem...
  • Blog Post: Debug Fundamentals Exercise 3: Calling conventions

    Today’s exercise will focus on x86 function calling conventions. The calling convention of a function describes the following: · The order in which parameters are passed · Where parameters are placed (pushed on the stack or placed in registers) · Whether the caller or the callee is responsible...
  • Blog Post: Debug Fundamentals Exercise 2: Some reverse engineering for Thanksgiving

    Continuing our series on “ Fundamentals Exercises ”, we have some more reverse engineering for you! Again, these exercises are designed more as learning experiences rather than simply puzzlers . We hope you find them interesting and educational! Feel free to post your responses here, but we won’t put...
  • Blog Post: Debug Fundamentals Exercise 1: Reverse engineer a function

    Hello ntdebuggers! We’ve seen a lot of interest in our Puzzlers , and we’ve also seen requests and interest in topics covering debugging fundamentals . So we’ve decided to combine the two topics and post a series of “Fundamentals Exercises”. These exercises will be designed more as learning experiences...
  • Blog Post: Some of our favorite debugging-related links

    Today we’re posting links to some of our favorite debugging - related content on the web . Post your own favorites as a comment to share them with everyone! Reverse Engineering and Debugging Blogs DumpAnalysis MetaSploit Nynaeve Mark Russinovich's Blog Steve’s Techspot John...
  • Blog Post: The default interactive desktop heap size has been increased on 32-bit Vista SP1

    This is going to be a short blog post, but considering the amount of feedback we’ve received on the our two previous desktop heap posts , I think this is worth blogging about. 32-bit Vista SP1 and 32-bit Windows Server 2008 both have a new value for the default size of interactive desktop heaps. Previously...
  • Blog Post: Talkback video: Desktop Heap

    Hello, Matthew here again. Starting today, my team will be bringing you content in the form of videos, as well blog posts. We’ll be hosting these videos on Channel 9 , and we’ll link them from the ntdebugging blog. One way that we’ll be using video is as a means of highlighting topics...
  • Blog Post: Desktop Heap, part 2

    Matthew here again – I want to provide some follow-up information on desktop heap . In the first post I didn’t discuss the size of desktop heap related memory ranges on 64-bit Windows, 3GB, or Vista. So without further ado, here are the relevant sizes on various platforms... Windows XP (32-bit...
  • Blog Post: This button doesn’t do anything!

    Hello - Matthew here again. Today I'll be discussing in detail hang scenario #1 that Tate first mentioned a few blogs posts ago . From a debugging perspective, in an ideal world an application would always provide some kind of feedback when a failure occurs. The reality is that sometimes an application...
  • Blog Post: Desktop Heap Overview

    Desktop heap is probably not something that you spend a lot of time thinking about, which is a good thing. However, from time to time you may run into an issue that is caused by desktop heap exhaustion, and then it helps to know about this resource. Let me state up front that things have changed significantly...
  • Blog Post: Getting Ready for Windows Debugging

    Welcome to the Microsoft NTDebugging blog! I’m Matthew Justice, an Escalation Engineer on Microsoft’s Platforms Critical Problem Resolution (CPR) team. Our team will be blogging about troubleshooting Windows problems at a low level, often by using the Debugging Tools for Windows. For more information...
Page 1 of 1 (11 items)