windows-kernel

I'm writing a logging service that may collect privileges of a process and I'm trying to understand attributes for each process privilege. Let me explain with this code: HANDLE hToken; if(OpenProcessToken(::GetCurrentProcess(), TOKEN_QUERY, &hToken)) { DWORD dwSize = 0; if(!GetTokenInformation(hToken, TokenPrivileges, NULL, dwSize, &dwSize) && ::GetLastError() == ERROR_INSUFFICIENT_BUFFER) { BYTE* pb = new (std::nothrow) BYTE[dwSize]; if(pb) { TOKEN_PRIVILEGES* pTPs = (TOKEN_PRIVILEGES*)pb; DWORD dwSize2; if(GetTokenInformation(hToken, TokenPrivileges, pTPs, dwSize, &dwSize2) && dwSize2 <=

Problem I am creating a Windows 7 based C# WPF application using .Net 4.5 , and one its major features is to call certain functions that interface with custom hardware with a set of user defined cycle times. For example the user might choose two functions to be called every 10 or 20 milliseconds and another every 500 milliseconds. The smallest cycle time the user can choose is 1 milliseconds. At first it seemed that the timings were accurate and the functions were called every 1 millisecond as required. But we later noticed that about 1-2% of the timings were not accurate, were some functions

My system is suffering from a high timer resolution ( NtQueryTimerResolution returns 0.5ms). Maximum timer interval: 15.600 ms Minimum timer interval: 0.500 ms Current timer interval: 0.500 ms Some process must be calling NtSetTimerResolution with a value of 5000 (0.5ms), but how can I determine which one? I saw Intel has a tool called Battery Life Analyzer that shows the current timer resolution per process, but that tool is only available to Intel partners. Is there another tool or a way to see it via WinDbg? Note: It seems to happen at boot time as setting a breakpoint isn't working (the

I used to debug the Windows Kernel using VirtualKD , WinDBG and a single Virtual Machine. Recently I got a Linux machine, and now I wonder- What's the easiest way to debug the Windows Kernel when your host is unable to run VirtualKD/WinDBG* ? I assume the solution will require two Virtual Machines, but I rather have two instances hosted on my actual machine rather than having an instance residing inside another virtual instance... Is there anyway to make that work? Thanks in advance! *Wine is the last resort for stability reasons... Solved! Basically, I ended up using two (VirtualBox) VMs

I'm trying to get a deeper understanding of how IIS works. http.sys i understand is one its major components. However, i have been having trouble finding easily digestible information about it. I couldn't get a good mental model going until i heard about the WSK, then i think it all fell into place. From a lot of random googling a little experimentation this is my current high level understanding of why it exists and how it does it's stuff. Why: Port sharing, and higher performance caching. How: User mode processes use the WinSock api to open a socket listening on a port to gain access to the