Setting user mode break points from KD aka .process /i vs .process /r /p

debug When performing KD(Kernel Debugging) in Windows with Windbg if you have to set a break point in a user mode process we should always use .process /i address; g; .reload /user. Lot of good content is written on the internet on this command, but nothing seemed to explain why this command should be used instead of the familiar .process /r /p address. I would like to shed some light on this. Before reading any further I would strongly encourage you to read about it from above link. In this article I assume some basic knowledge on how kernel debugging is done with Windbg. Also, I would like to start with the following question.

If the debugger has read/write access to the user mode process via .process /r /p why cannot it insert int 3 in user mode process when performing KD? Why do we have to make the user mode process the current process context by running .process /i ?

Read on →

How does breakpoints work in debuggers?

debugIt’s been a while, I have got a chance to blog about low-level stuff. In this article, I am going to explain how breakpoints work in debuggers. I am assuming the reader is already familiar with “what a breakpoint is?” and how to set it in your debugger of choice. The goal of this post is to explain the interplay between Debugger, Debuggee, Operating System and the CPU.
Read on →

Git Talk

It is no surprise that Git took the world of source control management by storm since its inception in 2005. For people wondering about what I am talking here, Let me give some context first. Generally, Any reasonably sized source code project needs some sort of ‘change tracking software’ about all the changes/modifications made to it by its authors/programmers. This is where the concept of Source Control Management(SCM) comes in to picture. The idea is nothing new at all. Git is just one such SCM but with some radical ideas built from the grounds up. Ofcourse, These ideas sets it apart from its predecessors.
Read on →

How to get back classic start menu in Windows 8?

ClassicShellLogoWindows 8 onwards the classic start menu was replaced with Start Screen. Most of the functionality that was present in original start menu was missing in start screen and power users love to hate it. Fortunately ‘classic shell‘ from http://www.classicshell.net is an attempt to bring back the original classic start menu functionality to Windows 8+
Read on →

Where is Home Directory? Where is My Computer?

Post LogoI heard from many people who regularly use Linux/Mac naturally hating Windows and I find a similar response from first time Linux/Mac OS X users. Even though there are many other factors to this love/hate relationship, Here I would like to consider the most basic use case i.e., accessing files/folders in your new OS. For a newcomer to Windows the only gateway into their computer is My Computer (or the renamed “This PC”) which unfortunately does not quite resemble his/her Home Directory in the Linux/OS X Finder. This happens the other side as well. A newcomer to Linux/Mac will be surprised to see the Home Directory for the first time and finds his My Computer missing. But trust me the dissimilarities here are skin deep.
Read on →