Monthly Archives: October 2013

Debugging Stop 0x4A – User-Mode and IRQL Levels

Okay, here’s another debugging example which has quite a simple methodology, a driver has returned to User-Mode while the IRQL Level was above PASSIVE_LEVEL or Level 0. The first parameter indicates the IRQL Level of the processor, in which in … Continue reading

Posted in Uncategorized | Leave a comment

Process Explorer – Looking at Open Handles

This is going to be my first little post on about how to use some of the features of Process Explorer, which is a very useful tool to have if you understand how to use it properly. If you understand … Continue reading

Posted in Debugging | Leave a comment

Linked Lists – Flink and Blink

Okay, linked lists are used often in Windows and are usually part of larger data structures. They are typically seen with the Windows Debugger (WinDbg) with the name of _LIST_ENTRY. This indicates a linked list data structure, or more specifically … Continue reading

Posted in Windows Internals | Leave a comment

Debugging Stop 0x124 – Calculating Clockspeed (Without !sysinfo cpuspeed)

We all know that Stop 0x124 contain very little practical information to work with, the stack consists of WHEA reporting routines and many commands have no significance to a Stop 0x124. The first thing to look at with a Stop … Continue reading

Posted in Stop 0x124 | Leave a comment

Interrupt Dispatch Table – !idt

In a previous blog post, I explained some of the exception codes which are stored within a data structure called the Interrupt Dispatch Table, we can be viewed with WinDbg using the !idt extension. Here I would like to breifly … Continue reading

Posted in Windows Internals | Leave a comment

Kernel Data Structures – dt nt!_* and dt nt!_ -r

It’s Monday morning, and my week is going to be very busy, so I thought I’ll write a small and simple blog post today. Kernel Data Structures contain lots of useful information when debugging, but it’s understanding which data structures … Continue reading

Posted in WinDbg | 1 Comment

BSODs and Cracked Games – It’s the Game

I think this may be the one example of the a user-mode program, actually being the sole cause of a BSOD. While it’s technically impossible for a user-mode program to cause a BSOD directly, it can be possible for a … Continue reading

Posted in Miscellaneous | Leave a comment