Web filtering went wrong for BitDefender Endpoint Security

I recently bumped into an interesting case when dealing with a web page blocked by BitDefender antivirus. If page is unsafe or blocked by system administrator, your browser will show a page like this: As shown on the screenshot, the page being blocked is a Ukrainian version of Google search: https://www.google.com.ua. Since I am not …

Continue reading ‘Web filtering went wrong for BitDefender Endpoint Security’ »

Mac OS X vs Windows kernel development: from hell to paradise (Part # 2)

This post is a continuation of the compulsive thoughts about OSX vs Windows kernel development started here: Part # 1 So, it’s being a while since I was writing about OSX. My project has grown up a little and it’s time to release a first alpha. The kernel extention (kext) behaves as a socket level …

Continue reading ‘Mac OS X vs Windows kernel development: from hell to paradise (Part # 2)’ »

Mac OS X vs Windows kernel development

I always thought that Mac OS is something poorly documented and developing kernel modules under “Mac” will be hard & complex. Until I actually tried it. It turns out, many things under Mac are actually more simple than under Windows. Just to give you some thoughts: On Mac OS X: 1. If you are going …

Continue reading ‘Mac OS X vs Windows kernel development’ »

Mystery of RuntimeExceptionHelperModules in WerRegisterRuntimeExceptionModule(…) function

I guess this happens to everyone: you need to write a test project to see if some features work and you’re stuck in poor documentation and google has no examples for you … Recently I was trying to call WerRegisterRuntimeExceptionModule(…) to register my custom exception filtering module and I was stuck in registering module as …

Continue reading ‘Mystery of RuntimeExceptionHelperModules in WerRegisterRuntimeExceptionModule(…) function’ »

bsod offset search tool (bos) version 1.0.0.1 released

Some time ago I was writing a post about how to find a cause of bsod without having a memory dump file. I decided to implement a tool for myself which is automating these steps. If you by any chance require such a tool, it is available for download for free. All you have to …

Continue reading ‘bsod offset search tool (bos) version 1.0.0.1 released’ »

Modifying EIP in WinDbg on fly in order to test different branches of code

Sometimes during debugging it happens that you just got some function failed and you want to re-try it again. After this function fails you might have a BSOD, for example, ntRetVal = FileOpen(&hFile, szPath); if (!NT_SUCCESS(ntRetVal)) { #ifdef DBG KeBugCheckEx(0x0, 0, 0, 0, id_of_the_problem); #endif } Now, as you can see in above code it …

Continue reading ‘Modifying EIP in WinDbg on fly in order to test different branches of code’ »

How to find cause of BSOD without dump file

Sometimes it happens that BSOD occures without any dump file generated. It could take some time to figure out why there is no dump file generated and what to do. If this happens on customer side, sometimes it is really problematic due to different policies, restrictions, etc. On the other hand, it is possible to …

Continue reading ‘How to find cause of BSOD without dump file’ »

Why calling WTSEnumerateSessions in NT service initialization routine is a bad idea

Recently in tests I noticed that my NT service stopped working in Windows Vista machine. There were no crashes, just entry in Event Log saying: “Error 1053: The service did not respond to the start or control request in a timely fashion“. These type of things are slightly more difficult to debug than usual crashes …

Continue reading ‘Why calling WTSEnumerateSessions in NT service initialization routine is a bad idea’ »

How to BSOD Trend Micro Internet Security in 10 minutes

(Prequel: Hot to BSOD Norton Antivirus in 10 minutes) Recently I have noticed that some of the well known brands like Norton, VmWare, Juniper, Trend Micro and some others have stability issues with their drivers. It seems like these brands neglect to pass Driver Verifier tests, thus releasing quite unstable code. It is worth mentioning …

Continue reading ‘How to BSOD Trend Micro Internet Security in 10 minutes’ »

Network printer disappears after reboot in Windows 7

Recently I’ve discovered an interesting problem related to my printer Epson BX300F. Initially, the printer does not support printing via the remote print server. It works only via USB. But you can change the printer settings by changing its transport from USB to TCP / IP and specify the address of the router to which …

Continue reading ‘Network printer disappears after reboot in Windows 7’ »

WDK 7.x is not compatible with Windows 2000 anymore …

A new version of Windows Driver Kit was released recently, the 7600.16385.0 and probably some of you’ve noticed that it does not support Windows 2000 Build Environment. This is a bad news for me, as I still need to support Windows 2000 in some of my projects. Before, with WDK 6.x versions you had a …

Continue reading ‘WDK 7.x is not compatible with Windows 2000 anymore …’ »

Norton’s quality of code in drivers

http://www.youtube.com/watch?v=k5wzFY88Wiw

Life of every driver developer is complicated by the fact that the code you write should be stable (read: bugs free) and compatible with any other third party drivers. It is very important for any driver to be bugs free, as any error in kernel leads (directly or indirectly) to a blue screen of death …

Continue reading ‘Norton’s quality of code in drivers’ »

SMB traffic not captured in TDI filter driver

Recently I met a problem in one of my TDI filters when filtering SMB traffic. The filter driver was able to see outgoing TDI_CONNECT requests to 139 and 445 ports, but during the heavy file upload there was no TDI_SEND requests issued. Usually in such cases you start to googlize for a solution, and I …

Continue reading ‘SMB traffic not captured in TDI filter driver’ »

A case of mysterious BSOD at tcpip!TcpIndicateData+22b

1. The causes Recently I was observing strange BSODs on my Vista machine quite periodically when dealing with network applications: 2. Investigations As you can see the BSOD happens because the tcpip.sys is trying to access some wrong address. Luckily, I was able to access the dump file generated during this BSOD. When I try …

Continue reading ‘A case of mysterious BSOD at tcpip!TcpIndicateData+22b’ »

Mysterious ExUuidCreate function

I was inspired to write this post after being confused by behaviour of ExUuidCreate function in Windows Vista. This function is used to generate GUIDs at kernel mode. According to documentation: “ExUuidCreate returns STATUS_SUCCESS if successful; otherwise, if the system is not ready to generate a new UUID, it returns STATUS_RETRY.” Practically, if you call …

Continue reading ‘Mysterious ExUuidCreate function’ »

A change for SoftIce

As SoftIce is officially dead, you might want to find its substitution. There is one product which aims to fully substitute SoftIce – Syser debugger, which proposes pretty close user interface, and “live” debugging of kernel on a host machine: According to documentation, all command line commands are fully softice compatible (you can check all …

Continue reading ‘A change for SoftIce’ »

Bug in MSDN: TDI_EVENT_RECEIVE_DATAGRAM & it’s handler

If you ever wanted to handle TDI_EVENT_RECEIVE_DATAGRAM (http://msdn2.microsoft.com/en-us/library/ms801156.aspx) event handler in TDI, you would notice that it’s declaration is a bit strange(http://msdn2.microsoft.com/en-us/library/ms801622.aspx): NTSTATUS ClientEventReceive( IN PVOID TdiEventContext, IN CONNECTION_CONTEXT ConnectionContext, IN ULONG ReceiveFlags, IN ULONG BytesIndicated, IN ULONG BytesAvailable, OUT ULONG *BytesTaken, IN PVOID Tsdu, OUT PIRP *IoRequestPacket ); Guess what? It’s declaration is the …

Continue reading ‘Bug in MSDN: TDI_EVENT_RECEIVE_DATAGRAM & it’s handler’ »