Monthly Archives: June 2013

Handling IRPs – Driver Stacks

This is going to be quite a brief blog post, I was reading up about some information about Stop 0x9F bugchecks, and noticed a few interesting calls highlighted by a another BSOD debugger, so I went and did some research, … Continue reading

Posted in Uncategorized | Leave a comment

Learning Debugging Resources

Right, I’m been reading some great resources on Windows Debugging, and the internals of the Windows operating system. Remember my 5 learning tips? I still feel it’s very important to understand the mechanics of the operating system when debugging, especially … Continue reading

Posted in Miscellaneous | Leave a comment

Stop 0x19 – Some Theory About Corrupt Pool Headers

A Stop 0x19 will typically mention that a pool header has become corrupt, so I wanted to explain a little abit about the theory behind what a pool header is and how it is used in the Windows memory allocation … Continue reading

Posted in Stop 0x19 | Leave a comment

Update: Linked Lists

Okay, you know that ongoing discussion about linked lists? There’s been some further input from other debuggers – “Just to clarify, linked lists that use both forward links and back links are called doubly linked lists. A regular linked list will … Continue reading

Posted in Uncategorized | Leave a comment

Learning BSOD Debugging – 5 Tips

Okay, most computers will get a BSOD at some point in their lifetime, much like we will almost certainly become ill at some point. A BSOD can be a scary and frustrating predicament for most users who may not have … Continue reading

Posted in Miscellaneous | Leave a comment

Understanding Memory Descriptor Lists

Originally, I was going to write up my own explanation of what MDLs are, but Vir Gnarus (excellent debugger on numerous forums) has written up a great tutorial for understanding what they are, and what they do: Fun with MDLs … Continue reading

Posted in Uncategorized | 1 Comment

Understanding Blink and Flink Lists (Stop 0x19)

Hey fellow BSOD Kernel Dump Analysts,I noticed in some dumps, there seems to be a listing of addresses related to something called a Flink and Blink Free-List. I was curious of what it meant, and how it was used by … Continue reading

Posted in Uncategorized | Leave a comment