Upcoming blog posts and articles

I just thought I’d post a quick comment on a time table for upcoming site content.  I only have a few hours a week to work on this project, so it will be a while before I’m able to capture all of my current research notes (as well as published papers and slide deck) in a form suitable for this medium.  But to give you an idea, in addition to the information covered in my papers, here are some topics for upcoming blog posts:

  • How to disable and abuse the crash dump stack
  • Source Boston CTF challenge which will reveal several neat tricks
  • File format of DumpStack.log.tmp and related information about logging in the crash dump path, including the concept of Dump Capsules and error simulation
  • All about writing your own crash dump filter
    • What each of your callbacks can/can’t do – and other things MS doesn’t tell you
    • Walking the filter list from within your own filter driver
    • How to modify the dump file contents on-the-fly in your DumpWrite callback
    • Why your filter driver’s DriverEntry() is called twice on system startup
  • A Windbg extension to dump crash dump stack information, including filters
Advertisements
Posted in blog, callbacks, conference, filters, Source Boston, Windbg extensions

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: