Baby Steps in Windows Device Driver Development: Part 1, Install the Tools and Configure Kernel Debugging

May 30, 2011

As part of the Windows Internals course at SELA, I recently designed a set of exercises that serve as an introduction to Windows device driver development. Their purpose is to obtain a very cursory familiarity with what it means to build, deploy and load a driver, and consider some of the things available to kernel-mode components which make them way cooler than user-mode applications. Some of this work can be turned easily into a series of blog posts, which you can enjoy outside of the course’s context. However, if you’re looking for background on Windows subsystems and components,...
one comment

Sela Developer Days – June 26-30

May 20, 2011

During the last week of June Sela is going to host 25 one-day sessions in 5 days packed with the latest and greatest Microsoft technologies, agile and ALM tips, debugging and troubleshooting, cloud and web. This mini-conference, dubbed Sela Developer Days, is going to open for registration on Sunday and I encourage you to take a look at the conference website to see what sessions are going to be available. Yours truly is scheduled for four sessions. Instead of rehashing the abstracts from the conference website, here’s some more information on what I intend to...

Memory Corruption, GC, and Overlapping Objects

May 18, 2011

Dima has brought to my attention a nasty bug probably attributed to a memory corruption. The bug’s manifestation is usually an access violation in a completely unrelated piece of code, oftentimes causing an ExecutionEngineException. This is an example of an access violation of the above variety (some of the output was snipped for brevity): 0:004> .loadby sos clr 0:004> g (510.c88): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. ...
no comments

Debugging Windows Service Startup with Service Isolation

May 10, 2011

A year and a half ago I touched on the subject of debugging process startup, such as the startup of Windows Services, using the GFlags utility (the ImageFileExecutionOptions registry key). The general idea is to rely on the Windows loader to launch a debugger instead of the debugged process, and trace your way through the process startup code. Unfortunately, this relies on the debugged process to run in the same session as you—otherwise, you won’t be able to actually see the debugger. Starting from Windows Vista, Windows services are isolated into a separate session to which you...