Variable Argument Functions

Usually the functions defined in C/C++ take constant number of arguments which are decided while declaring the functions. Sometimes we do need the functions that can accept variable number of arguments, Printf() function is a great example of such functions.  Let’s see how these functions work in terms of stack building and how they are able to retrieve…

0

Debugging Windows Service

From Vista onwards all the services run in Session 0, and session 0 has no interaction with desktop, this is named as session isolation and was added for security reason to windows. This brings a problem when we try to debug a service start up from a user session, if the service is already running…

0

Switching between User and Kernel space

Revising the concept of switching from User to Kernel mode. The different modes processor run into on windows OS. that is kernel mode and user mode. We also say it ring0 and ring3 execution…So there are many places when the OS switches from User Mode to Kernel Mode or from Lower Privilege level to high privilege…

0

Thread’s Stack

Let’s talk about the thread’s stack today. Each thread has its own user mode and kernel mode stack which grows on demand. When a binary is built, linker inserts the default size for the stack into the PE header of binary. These default settings can be overridden by giving different values with /STACK option.  Below…

0

User Mode program access kernel mode address

What happens when a user mode program access the kernel mode address. The access fault happens, let’s see how does the flow go in such scenario.. Actually all pages have a protection attribute that tells whether the page is owned by kernel or user. !pte shows that as K or U flag. Now when CPU…

0

Network connectivity issues diagnosis step by step – Part II.

In the previous post, we discussed how to make sure if Windows Firewall really dropped incoming packets. If the machine is domain joined then group policies might not allow you to turn off firewall. In that case logging or creating inbound rules should be of help to determine the packet drop by WF. There is…

0

Where is my exception handler code in the function disassembly?

This post discusses how compiler actually stores the exception filters and exception handler in the stack required for exception handling mechanism provided by OS.  Have a look at the disassembly of following main function and observe that on issuing uf main in windbg,  the output doesn’t show the code under __except block. So where are my exception filter function and excpetion handler. int main(){ int i=5; __try { i = 5/(i-i); } __except(FilterFunction2(1)) {  printf(“__Except block\n”); }…

2

Windbg loops around First chance and Second chance exceptions

My program causes an exception and debugger catches it, but the debugger is stuck in loop of first chance and second chance exception. Why isn’t it get out of the loop and terminates the program if the exception is not handled? A snip from debugger output (2724.2708): Integer divide-by-zero – code c0000094 (first chance)First chance…

0

Network connectivity issues diagnosis step by step – Part I.

Many a time we run into network problems between computers in home, offices, labs etc.  which sometimes are easy to diagnose and sometimes they are not. I have heard from customers multiple times that they are not able to access some share on the other machine or not able to connect Telnet to other machines etc. But…

0