Linked List Performance Issues? Skip List to the Rescue!

A Traditional Linked List At some point in every developer’s life, you’ll have to write some code that works with a Linked List. You’ll start by making a structure like this: typedef struct {   ULONG64 ulStartAddress;   ULONG64 ulEndAddress;   MemoryNode* pNext; } MemoryNode; And you’ll populate it… (In this example, I’m using the DbgEng…


IDebugDataSpaces2::QueryVirtual doesn’t act the same as VirtualQuery

One of my debugger extensions commands uses IDebugDataSpaces2::QueryVirtual to iterate through the target’s address space to find particular size allocations (regions that are used for the TEB if you must know).  The code was working fine but on x64 dumps, I found that it was running quite slow. Looking in to it, I found out…


StackBase and StackLimit offsets

To save a symbol lookup in a debugger extension, here are the hardcodes to use for StackBase and StackLimit. User Mode 32bit 0:000> dt nt!_TEB.Stack* ntdll!_TEB +0x000 NtTib :   +0x004 StackBase : Ptr Void   +0x008 StackLimit : Ptr Void User Mode 64bit 0:000> dt nt!_TEB NtTib.Stack* ntdll!_TEB +0x000 NtTib :   +0x008 StackBase…