Its an effort to learn and document windbg extensions.. So here is the first one !cpuid lkd> !cpuid CP F/M/S Manufacturer MHz 0 6,23,6 GenuineIntel 2394 1 6,23,6 GenuineIntel 2393 the first lkd> means the current debug session is a local kernal debugging. How do we do that ? Open Windgb; Select File -> Kernal Debug and [...]
Archive of posts filed under the debugging category.
IRP Function codes and procmon
Hi guys… Our team use Procmon a lot for troubleshooting issues.. I always get confused on different IRP messages that I see in the traces. The effort here is to map the common IRP messages and what it exactly means in a normal sense.. It will take an edit or two to take this document [...]
System Management Mode
Hello there.. Today while reading through the Intel Architecture Software Developer’s Manual Volume 1: Basic Architecture under section 3.1 I found something really interesting . The section was around modes of processor operation Viz The Protected Mode, Real mode and System Management mode. I did hear about first two modes earlier, however the third one was completely new to me. I decided to google a bit [...]