Os
When entering S3/S4, GFX receives D0 request
What is the D0? Set BP on our handler, and filter by cond BP for set power state 12: kd> bl 0 e Disable Clear fffff802`7b359020 000
read moreSelf-Signed WHQL Certificate for Testing
Root Certificate $params = @{ Type = 'Custom' SerialNumber = '28cc3a25bfba44ac449a9b586b4339aa' KeyAlgorithm = 'RSA' HashAlgo
read moreNT Wait Times
NT Wait Time OS store shared data as nt!_KUSER_SHARED_DATA . It is always mapped to 0xfffff78000000000 in all process. It is done through page t
read moreWinDbg System Uptime
Trace print code of “System Uptime” unicode string. 0:007> !for_each_module s-u @#Base @#End "System Uptime" 00007ffe`d8ec8e30 0053 0079 0073
read moreRundown Protection
Acquire with nt!ExAcquireRundownProtection. 0: kd> uf fffff802`148c8d80 nt!ExAcquireRundownProtection [minkernel\ntos\ex\rundown.c @ 333]: 3
read moreRecursively Debug User-Mode Child Process
When you enable “debug child process” in WinDbg, it only attempts to debug the children. 0:000> sxe -c ".childdbg 1;bu wlanapi!WlanQueryInterfac
read more!pte "Levels not implemented for this platform"
!pte command comes from extension kdexts.dll, which is bundled with debuggers for Windows package. The command performs machine type check with t
read morePower IRP Source
All Windows drivers / component / internally dispatch Power IRP with the routine. 0: kd> dt nt!PoRequestPowerIrp PoRequestPowerIrp long ( _D
read moreBlock Linux driver with PCI Device ID
1. Find the device ID to blacklist nick@swae-ws:~$ lspci | grep VGA 43:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI]
read moreSession Space
When debugging Windows kernels, sometimes you see addresses that “looks” like kernel space memory. It begins with 0xffff, resides within module presen
read more