Monthly Archives: January 2014

February: Blog Post List

This is hopefully going to be the upcoming blog posts for February: VTables and Virtual Functions Thread Storage Slots I/O Completion Ports IRP Queues PE Header Sections Registry Internals URBs and USB Internals I’m also going to explore the I/O … Continue reading

Posted in Miscellaneous | Leave a comment

Types of Page Faults

This blog post will expand upon the idea of Page Faults, which resolve problems with Virtual to Physical Address Translation, and take a look at the different kinds of Page Faults which can happen. Collided Page Faults Collided Page Faults … Continue reading

Posted in Windows Internals | Leave a comment

Rootkits: Direct Kernel Object Manipulation and Processes

DKOM is one of the methods commonly used and implemented by Rootkits, in order to remain undetected, since this the main purpose of a roottkit. To be able to access Kernel-Mode code and data structures without detection from security programs … Continue reading

Posted in Windows Internals | 3 Comments

List of WHEA Data Structures

I’ve listed other WHEA data structures in my other blog posts, and therefore will not be listing the same ones here. The purpose of this blog post is to list the WHEA data structures available with WinDbg, and Microsoft’s Public … Continue reading

Posted in Stop 0x124 | Leave a comment

Understanding PCI Configuration Space

I noticed in a dump file I was debugging for a user on Sysnative Forums, within the call stack there was a few references to PCI Configuration Space. The PCI Configuration Space can be accessed by device drivers and other … Continue reading

Posted in Windows Internals | Leave a comment

Algorithms and Data Structures – Calculating Insertion and Deletion Time Complexity of Singly Linked Lists

Prerequisites: – Knowledge of C/C++– Knowledge of Calculus/Algebra Time Complexity and O(n) You could consider this topic as a Computer Science/Programming topic. However, I always consider Computer Science and Programming to be two different topics rather than the same thing, even … Continue reading

Posted in Computer Science | Leave a comment

Internals of Direct Memory Access Part 2

This Part 2 of my tutorial about looking at how Direct Memory Access works on Windows, this part look at Bus Mastering which is the current and modern implementation of DMA. With Bus Mastering, there is no concept of a … Continue reading

Posted in Windows Internals | 1 Comment

Understanding Memory Barriers

Memory Barriers in Code Memory Barriers are used to enforce some kind of ordering on how the compiler or CPU execute memory ordering operations. Since most CPUs have some form of technology which is used to optimize the execution of … Continue reading

Posted in Computer Science, Windows Internals | 1 Comment

Debugging Stop 0xC4 – DDI Compliance Rules

Driver Verifier in Windows 8/8.1 has added more new debugging and testing procedures, the example in this blog post is going to be about DDI Compliance Rules, and how to debug such a bugcheck. I know this is a very … Continue reading

Posted in Stop 0xC4 | Leave a comment

Debugging Stop 0x1E – Finding the Exception Record Address in the Stack

This is going to be a very short blog post, just to demonstrate how to find the Exception Record address in the stack, and how many times it seems to appear within the call stack. Interestingly, but not unsurprisingly, the … Continue reading

Posted in Debugging, Windows Internals | Leave a comment