DISCLAIMER: I like writing about stuff that I’m actively learning about. Unless I explicitly state so, I DO NOT claim any kind of expertise. I write because I want to deepen my knowledge and because I hope someone might find it useful. If you are looking for expert-level article, you will be dissapointed. There is […]
Reflecting on two years in Microsoft
“It will be like drinking from the fire hose”. This is the explanation that people of Reddit would use whenever someone would ask “How working in Microsoft looks like?”. And I couldn’t agree more. I’ve been thinking about writing this retrospective for a long time. Hell, even when I started, back in September 2022, I […]
Getting started with WinDbg
I’m anxious of unknowns. Seriously. Whenever I’m faced with something that is new and unknown, especially if it’s work related, my brain will try running away screaming in anxiety. Like so: Suffice to say, WinDbg was absolutely one of those things that I’ve never, ever in my life even considered opening. No sir. Nope. I’ll […]
Attach debugger when process starts
I wrote five articles (part 1, part 2, part 3, part 4 and part 5) where I explored various ways on how to attach the debugger the moment the (Windows) process starts. But then I got bunch of complaints that there’s simply too much info. People were asking for tl;dr. A brief version of a […]
What does GFlags do under the hood?
Ever wondered about it? There are like 100 knobs that you could turn and enable all kinds of cool things. But how does it work? What does it do? Is it some inner magic or does it rely on things that Windows provides out of the box? Time to find out 🙂 NOTE: If you’re […]
The Dark Hole of GetAddrInfo() – Part 2
In Part 1 I brought up all the weirdness of GetAddrInfo(). Things like the fact that it’s way more complex than I anticipated and that there are bunch of input parameters that I couldn’t decipher. I also mentioned that behavior of itself is a bit weird, to say at least. And that’s what I’m going […]
The Dark Hole of GetAddrInfo() – Part 1
I just can’t skip the theatricals, so I’ll open up this article with them as well. It all really started with a rather simple-stupid repair item I kept in a backlog. We have some network calls that occasionally fail and we agreed that it’d be useful to have the IP address along with the hostname […]
Attaching debugger immediately after process starts – Part 5
Last time we discussed DLL injection and using DLL code to suspend all threads in process for 20 secs, giving you enough time to attach with debugger. This time I’m going to share something different that I played with during the weekend – writing your own “debugger”. But that requires a bit of a backstory. […]
Attaching debugger immediately after process starts – Part 4
Last time we discussed possibility of using CDB and starting a Server so that other debugger can attach. This time I’m going to discuss something that I’d probably refer to as “flexing”, simply because it’s probably not something that you’d want to do if all you need is to attach to process immediately (as a […]
Attaching debugger immediately after process starts – Part 3
Part 1 discussed the simplest way of just using GFlags and Debugger path. And if you’re new to these series of articles, I’d advise you to start there. Part 2 touched a bit on the topic of debugging processes started under different account (e.g. SYSTEM), where I suggested to just increase the SUSPEND counter on […]