Error and Exception Revisited

Unless suffering is the direct and immediate object of life, our existence must entirely fail of its aim. It is absurd to look upon the enormous amount of pain that abounds everywhere in the world, and originates in needs and necessities inseparable from life itself, as serving no purpose at all and the result of…

0

A Debugging Approach to Windows RT

Recently I got a Surface with Windows RT. Needless to mention, it’s wonderful! I’ve figured out some quick facts about Windows RT by looking at the C:\Windows\system32\ntdll.dll from Windows RT: A complete NT (instead of WINCE) kernel and almost a full stack of Windows operating system. Almost the same PE/COFF structure as x86. Using ARM’s “non classic RISC style”…

1

Postmortem Debugging – Better Late Than Never

If there is a consistent repro, I would definitely prefer Early Debugging. However in the real life postmortem debugging seems to be unavoidable.  There are three concepts I wish to clarify before digging into the details: AeDebug is a set of registry keys which specify the behavior when unhandled exception happened in an user mode application. \\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\AeDebug \\HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows…

0

Windows 8 and conhost.exe

While debugging a console application on Windows 8, I noticed the console application is trying to create a process in the very beginning: windbg.exe -xe ld:ntdll.dll -c “bm ntdll!*CreateProcess*; g; k” cmd.exe CommandLine: cmd.exeModLoad: 000007ff`01d60000 000007ff`01f1e000   ntdll.dllntdll!RtlUserThreadStart:000007ff`01d7c3d0 4883ec48        sub     rsp,48hProcessing initial command ‘bm ntdll!*CreateProcess*; g; k’0:000> bm ntdll!*CreateProcess*; g; k  1: 000007ff`01d90f60 @!”ntdll!RtlCreateProcessParametersEx”  2: 000007ff`01d63070…

1