WARNING: Stack unwind information not available. Following frames may be wrong.

I’m sure if you have ever used the WinDbg family of debuggers sometime, you must have seen the above message. What does it really mean? How does it affect you? Quick Background on stack operation In x86, the way the stack is built up, the entry point of the function (a.k.a. prolog) generated by the…

0

YADCU – Yet another dump capture utility

The plethora of dump capture tools is amazing and sometimes confusing. But here is one from Mark Russinovich which looks interesting: ProcDump. Some unique capabilities I can see in this tool are things like CPU threshold based triggers, the ability to clone a process so that it is suspended for minimum time when dump is…

0

Low Fragmentation heap details

Quick post here: I recently came across a great presentation by Richard Johnson which among other things talks about the implementation details behind ntdll’s Low Fragmentation Heap. While officially not much documentation is available on this subject, I believe Richard’s presentation offers pretty much the most accurate publicly available details on the same.

0