My first PluralSight course has been published!

Thursday, August 8, 2013

In the last few months, I’ve been working on a course for PluralSight. Creating a video course is not easy, as I found out first hand. In fact, it’s more difficult than writing a book. With a book, I can change a sentence or a paragraph, at any time and any place. A video course is different… changes are hard, and recording sessions cannot be done just anywhere. But I’ve learned a lot from the experience, which should make next courses a bit easier…My first course is about a favorite subject of mine, Windows Internals. This deals with the...

Extreme DevCon 2013

Monday, July 15, 2013

Next week, John Bryce Training, along with some of its partners, set up a two day conference named Extreme Dev Con 2013, on the 22nd and 23rd of July in Hertzliya (Israel). The conference consists mainly of full one-day seminars, several happening at the same time (naturally).I will be presenting a full day seminar, titled something like “.NET deep dive for performance”. The rough topics are listed in the above link, but basically I will cover various topics that somehow relate to that elusive thing called “performance”. From process and AppDomains, through the garbage collector and friends, threads and...

Kernel debugging with a Hyper-V virtual machine

Tuesday, June 25, 2013

One of the best ways of investigating the way Windows works is through a kernel debugger. Windows supports a local kernel debugging mode that can be activated in one of two ways:Setup windows to run in local debugging mode by running bcdedit /debug on from an elevated command prompt and then restart. Finally, run WinDbg and select File / Kernel Debug… from the menu and then select the Local tab and click OK:The main downside here is the need for restart, and more subtly – some apps behave strangely when the debug flag is on.2. Use the LiveKD tool...
no comments

PSSCOR4 Debugger Extension Released

Friday, April 29, 2011

A while back, Microsoft released the PSSCOR2 debugger extension for WinDbg, supporting more command than the classic SOS.DLL. This was for CLR v2 (.NET 2-3.5). Now a similar extension has been released for CLR 4 (.NET 4). You can download it here. There are versions for x86 and x64. The easiest way to use them is copy the relevant DLL to the .NET framework directory for the corresponding “bitness” (where SOS lives, something like C:\Windows\Microsoft.NET\Framework\v4.0.30319 (32bit) or C:\Windows\Microsoft.NET\Framework64\v4.0.30319 (64bit)) and then use .loadby psscor4 clr to load the extension. Then type !help to look at all the...
2 comments

Strange Bundle: WDK & Debugging Tools

Wednesday, March 3, 2010

Microsoft has released an update Windows Driver Kit (WDK) a few days ago, but with a new twist: The Debugging Tools for Windows are now bundled with the WDK and are no longer available as a free (and easy) download. The WDK is only available to MSDN subscribers and via the Microsoft Connect web site. This doesn’t make sense to me. Although WinDbg and friends are essential in the device driver world, they are just as important in the user mode world. I hope Microsoft reverts this decision and will once again allow free and easy download...

Windows Platform Developers UG Session

Wednesday, February 24, 2010

Last night I delivered a session entitled “Writing Software Device Drivers on Windows” in the Windows Platform Developers user group. I gave a “crash course” of 1.5 hours on writing a driver that allows me to execute code within the kernel to do things that are not possible from user mode. Thank you all for coming and for the great feedback! I’ve attached the presentation and the demo code, including the driver code, the installer and the client application. Note that to compile successfully with Visual Studio, the make command line in Project->Properties must point to the...

New Version of SOSEX published

Monday, March 9, 2009

For all those WinDbg + SOS/SOSEX lovers, a new version of SOSEX was published, which includes some new commands and enhancements to existing ones. Here’s a brief description of each command. More info can be found in the readme file and using !help <command> inside WinDbg. dlk       (no parameters)                                   Displays sync block deadlocks dumpgen   <GenNum>       Dumps the contents of the specified generation gcgen     <ObjectAddr>                                      Displays the GC generation of the specified object mbc       <Managed breakpoint ID | *>                       Clears the specified or all managed...
no comments