Desktop Heap Overview

  Desktop heap is probably not something that you spend a lot of time thinking about, which is a good thing.  However, from time to time you may run into an issue that is caused by desktop heap exhaustion, and then it helps to know about this resource.  Let me state up front that things…

101

Debug Fundamentals Exercise 2: Some reverse engineering for Thanksgiving

  Continuing our series on “Fundamentals Exercises”, we have some more reverse engineering for you!  Again, these exercises are designed more as learning experiences rather than simply puzzlers.  We hope you find them interesting and educational!  Feel free to post your responses here, but we won’t put them on the site until after we post…

42

Understanding Pool Consumption and Event ID: 2020 or 2019

  Hi!  My name is Tate.  I’m an Escalation Engineer on the Microsoft Critical Problem Resolution Platforms Team.  I wanted to share one of the most common errors we troubleshoot here on the CPR team, its root cause being pool consumption, and the methods by which we can remedy it quickly!   This issue is…

41

Debug Fundamentals Exercise 1: Reverse engineer a function

  Hello ntdebuggers!  We’ve seen a lot of interest in our Puzzlers, and we’ve also seen requests and interest in topics covering debugging fundamentals.  So we’ve decided to combine the two topics and post a series of “Fundamentals Exercises”.  These exercises will be designed more as learning experiences rather than simply puzzlers.  We hope you…

38

NTDebugging Puzzler 0x00000003 (Matrix Edition) Some assembly required.

Hello NTdebuggers, I’m very impressed with the depth of the answers we are seeing from our readers.  As I stated in last week’s response, this week’s puzzler is going to be harder.  With that said let’s take it up a notch.  One of the things that is really cool about be an Escalation Engineer in…

37

Too Much Cache?

Cache is used to reduce the performance impact when accessing data that resides on slower storage media.  Without it your PC would crawl along and become nearly unusable.  If data or code pages for a file reside on the hard disk, it can take the system 10 milliseconds to access the page.  If that same…

31

Interpreting Event 153 Errors

Hello my name is Bob Golding and I would like to share with you a new event that you may see in the system event log.  Event ID 153 is an error associated with the storage subsystem. This event was new in Windows 8 and Windows Server 2012 and was added to Windows 7 and…

22

Desktop Heap, part 2

  Matthew here again – I want to provide some follow-up information on desktop heap.   In the first post I didn’t discuss the size of desktop heap related memory ranges on 64-bit Windows, 3GB, or Vista.   So without further ado, here are the relevant sizes on various platforms…     Windows XP (32-bit)   ·        …

21

Debug Fundamentals Exercise 3: Calling conventions

  Today’s exercise will focus on x86 function calling conventions.  The calling convention of a function describes the following:   ·         The order in which parameters are passed ·         Where parameters are placed (pushed on the stack or placed in registers) ·         Whether the caller or the callee is responsible for unwinding the stack on return…

19

NTDebugging Puzzler 0x00000007: Interlocked functions

  Today, we will have some fun with interlocked functions.   The following section of code is reentrant.  A “well meaning” developer used interlocked functions to avoid serializing on a global table lock.   Initial smoke testing shows that the code works fine.  Sometimes things are not as they appear when doing initial code review. …

19