Kernel Pool Monitor – the GUI Version

Wednesday, September 14, 2016

The Windows Driver Kit (WDK) comes with a well known and pretty old tool called PoolMon. PoolMon shows kernel allocations done with ExAllocatePoolWithTag, where the pool type is typically Paged or NonPaged and each allocations is attached by a ‘tag’ – a four byte value that should indicate the component making the allocation. This is useful for finding memory leaks, since kernel memory is never automatically freed (as opposed to user mode processes). If a kernel component or driver sees its tag with increasing memory consumption – that would indicate a leak (unless it’s a transient burst of allocations...
one comment

Enhanced CPU Stress Tool

Saturday, June 11, 2016

The old (but still useful) tool called CPUSTRES (notice the 8-character name) allows simulating CPU activity with up to 4 threads, which can be controlled with activity level and priority. The tool can be downloaded from Here's a screenshot: Old timers may recognize the tool's icon as the default MFC icon used with Visual C++ 6. The tool still works, but its age is showing (the binary has been modified in 1999). It has no minimize button, no way to create more threads, no way to change settings for multiple threads at a time, and lacks some other features that...
no comments

Mandelbrot Set with C++ AMP

Sunday, March 23, 2014

C++ AMP (Accelerated Massive Parallelism) is a Microsoft C++ library that can be used for General Purpose (GP) computing on Graphic Processing Units (GPU), and theoretically at least, other future devices – all in mostly standard C++. “General Purpose” here means processing that is unrelated to graphic rendering, which is the basic capability of a GPU. AMP certainly has alternatives, such as Microsoft’s own High Level Shader Language (HLSL), used mostly for shader authoring, part of the GPU’s graphic pipeline; but shaders can be used for general purpose computing as well called DirectCompute; DirectCompute seems to no longer being...

Creating an Object Manager Browser Part 3 – Security Dialog

Wednesday, February 26, 2014

In the previous post we’ve managed to get most of WinObj’s functionality – browsing the folders and viewing object information. The last “major” missing piece is the security dialog that shows security related information for certain object types. I’m certainly not a security expert; on top of that the security API in Windows is one of the most dreadful APIs in all Windows. Fortunately, to get the standard security dialog to show we just need to call one function – EditSecurity or CreateSecurityPage. The former shows the basic security dialog box and returns when it’s dismissed, while the latter...

Creating an Object Manager Browser Part 2–Viewing Object Information

Sunday, February 9, 2014

In the previous post, I’ve shown how to use Native API functions to access information not available through the normal, documented, Windows API. In this post, I’d like to show how to take a look at specific objects, such as mutexes, events and semaphores. But first, a bug fix. In the code that was doing the directory object enumeration was a bug, manifested when the list of objects was too long – or rather, the buffer required to hold all object names and type names was insufficient. The code checked the returned number of bytes needs and compared with...
no comments