I recently bumped into an interesting case when dealing with a web page blocked by BitDefender antivirus. If page is unsafe or blocked by system administrator, your browser will show a page like this: As shown on the screenshot, the page being blocked is a Ukrainian version of Google search: https://www.google.com.ua. Since I am not [...]
Archive of posts filed under the windows category.
Mac OS X vs Windows kernel development: from hell to paradise (Part # 2)
This post is a continuation of the compulsive thoughts about OSX vs Windows kernel development started here: Part # 1 So, it’s being a while since I was writing about OSX. My project has grown up a little and it’s time to release a first alpha. The kernel extention (kext) behaves as a socket level [...]
Smart Auto Replier reborn
I hate throwing away good things. Lately I was doing backup of my hard drive and I noticed a bunch of code I wrote in 2004 known as Smart Auto Replier plugin for Miranda. To my surprise it was quite big amount of code and it was pity to let it just fade away. Given [...]
Mac OS X vs Windows kernel development
I always thought that Mac OS is something poorly documented and developing kernel modules under “Mac” will be hard & complex. Until I actually tried it. It turns out, many things under Mac are actually more simple than under Windows. Just to give you some thoughts: On Mac OS X: 1. If you are going [...]
Mystery of RuntimeExceptionHelperModules in WerRegisterRuntimeExceptionModule(…) function
I guess this happens to everyone: you need to write a test project to see if some features work and you’re stuck in poor documentation and google has no examples for you … Recently I was trying to call WerRegisterRuntimeExceptionModule(…) to register my custom exception filtering module and I was stuck in registering module as [...]
Windows Update is using icons from WinDbg? :)
Notice WinDbg icon in left top corner
bsod offset search tool (bos) version 1.0.0.1 released
Some time ago I was writing a post about how to find a cause of bsod without having a memory dump file. I decided to implement a tool for myself which is automating these steps. If you by any chance require such a tool, it is available for download for free. All you have to [...]
Modifying EIP in WinDbg on fly in order to test different branches of code
Sometimes during debugging it happens that you just got some function failed and you want to re-try it again. After this function fails you might have a BSOD, for example, ntRetVal = FileOpen(&hFile, szPath); if (!NT_SUCCESS(ntRetVal)) { #ifdef DBG KeBugCheckEx(0×0, 0, 0, 0, id_of_the_problem); #endif } Now, as you can see in above code it [...]
How to find cause of BSOD without dump file
Sometimes it happens that BSOD occures without any dump file generated. It could take some time to figure out why there is no dump file generated and what to do. If this happens on customer side, sometimes it is really problematic due to different policies, restrictions, etc. On the other hand, it is possible to [...]
Why calling WTSEnumerateSessions in NT service initialization routine is a bad idea
Recently in tests I noticed that my NT service stopped working in Windows Vista machine. There were no crashes, just entry in Event Log saying: “Error 1053: The service did not respond to the start or control request in a timely fashion“. These type of things are slightly more difficult to debug than usual crashes [...]
How to BSOD Trend Micro Internet Security in 10 minutes
(Prequel: Hot to BSOD Norton Antivirus in 10 minutes) Recently I have noticed that some of the well known brands like Norton, VmWare, Juniper, Trend Micro and some others have stability issues with their drivers. It seems like these brands neglect to pass Driver Verifier tests, thus releasing quite unstable code. It is worth mentioning [...]
Network printer disappears after reboot in Windows 7
Recently I’ve discovered an interesting problem related to my printer Epson BX300F. Initially, the printer does not support printing via the remote print server. It works only via USB. But you can change the printer settings by changing its transport from USB to TCP / IP and specify the address of the router to which [...]
WDK 7.x is not compatible with Windows 2000 anymore …
A new version of Windows Driver Kit was released recently, the 7600.16385.0 and probably some of you’ve noticed that it does not support Windows 2000 Build Environment. This is a bad news for me, as I still need to support Windows 2000 in some of my projects. Before, with WDK 6.x versions you had a [...]
Norton’s quality of code in drivers
http://www.youtube.com/watch?v=k5wzFY88Wiw
Life of every driver developer is complicated by the fact that the code you write should be stable (read: bugs free) and compatible with any other third party drivers. It is very important for any driver to be bugs free, as any error in kernel leads (directly or indirectly) to a blue screen of death [...]
Phishing on Saturday …
It’s quite often to happen with average user on the Internet – to recieve spam. Sometimes it advertises some junk, but sometimes it asks user to run some executable which does some magic, for example, it allows to send sms to any mobile operator for free . As every human being is a little bit naive, [...]
SMB traffic not captured in TDI filter driver
Recently I met a problem in one of my TDI filters when filtering SMB traffic. The filter driver was able to see outgoing TDI_CONNECT requests to 139 and 445 ports, but during the heavy file upload there was no TDI_SEND requests issued. Usually in such cases you start to googlize for a solution, and I [...]
A case of mysterious BSOD at tcpip!TcpIndicateData+22b
1. The causes Recently I was observing strange BSODs on my Vista machine quite periodically when dealing with network applications: 2. Investigations As you can see the BSOD happens because the tcpip.sys is trying to access some wrong address. Luckily, I was able to access the dump file generated during this BSOD. When I try [...]
Mysterious ExUuidCreate function
I was inspired to write this post after being confused by behaviour of ExUuidCreate function in Windows Vista. This function is used to generate GUIDs at kernel mode. According to documentation: “ExUuidCreate returns STATUS_SUCCESS if successful; otherwise, if the system is not ready to generate a new UUID, it returns STATUS_RETRY.” Practically, if you call [...]
A change for SoftIce
As SoftIce is officially dead, you might want to find its substitution. There is one product which aims to fully substitute SoftIce – Syser debugger, which proposes pretty close user interface, and “live” debugging of kernel on a host machine: According to documentation, all command line commands are fully softice compatible (you can check [...]
Bug in MSDN: TDI_EVENT_RECEIVE_DATAGRAM & it’s handler
If you ever wanted to handle TDI_EVENT_RECEIVE_DATAGRAM (http://msdn2.microsoft.com/en-us/library/ms801156.aspx) event handler in TDI, you would notice that it’s declaration is a bit strange(http://msdn2.microsoft.com/en-us/library/ms801622.aspx): NTSTATUS ClientEventReceive( IN PVOID TdiEventContext, IN CONNECTION_CONTEXT ConnectionContext, IN ULONG ReceiveFlags, IN ULONG BytesIndicated, IN ULONG BytesAvailable, OUT ULONG *BytesTaken, IN PVOID Tsdu, OUT PIRP *IoRequestPacket ); Guess what? It’s declaration is the [...]
