a bit more on Spectre/Meltdown

January 23, 2018 ~ hucktech ~ Leave a comment

Agreed the fences, in a word, suck…The hope is that we can have faith in the QSpectre switch but it's going to be a hard thing to prove. Also if you're writing assembly you're on your own

— OSR (@OSRDrivers) January 23, 2018

Meltdown and Spectre: What about drivers?

https://github.com/iadgov/Spectre-and-Meltdown-Guidance

https://github.com/hannob/meltdownspectre-patches

https://github.com/hackingportal/meltdownattack-and-spectre

https://kb.netgear.com/000053240/Security-Advisory-for-Speculative-Code-Execution-Spectre-and-Meltdown-on-Some-ReadyNAS-and-ReadyDATA-Storage-Systems-and-Some-Connected-Home-Products-PSV-2018-0005

Windows 10 drops 1394 boot debugging

April 7, 2017 ~ hucktech ~ Leave a comment

KD1394 for boot debugging is dead! https://t.co/Dl8OuoP6q6 #WinDbg

— OSR (@OSRDrivers) April 7, 2017

1394 Boot Debugging is Dead

“1394 boot debugging no longer works on the latest builds on Windows 10.”

https://blogs.msdn.microsoft.com/windbg/2016/08/11/kd-1394-work-around/

OSR on debugging bad Windows drivers

February 24, 2017 ~ hucktech ~ Leave a comment

OSR has a nice blog post that shows how to debug bad drivers. OSR is a smart group of Windows-centric driver consultants, check out their NT Insider newsletter if you’re into NT. And their NTdev mailing list.

Blog Post: Unexpected Case of Bugcheck IRQL_UNEXPECTED_VALUE https://t.co/bLIEE8ROYc

— OSR (@OSRDrivers) February 17, 2017

[…]The bugcheck makes much more sense now. Someone’s stack expansion callback was called at DISPATCH_LEVEL (Arg2 == 2) and returned at PASSIVE_LEVEL (Arg1 == 0). That’s against the rules, thus you get a system crash. Personally I would call this a bug in KeExpandKernelStackAndCalloutEx seeing as how it is generating an IRQL_UNEXPECTED_VALUE using invalid (unexpected?) arguments. At a minimum the documentation is currently wrong though and I have filed a bug to try to get that addressed.

Unexpected Case of Bugcheck IRQL_UNEXPECTED_VALUE (C8)

http://www.osronline.com/showthread.cfm?link=281770

https://www.osr.com/developers-blog/

http://www.osronline.com/showlists.cfm?list=ntdev

http://www.osronline.com/index.cfm

Hmm, it looks like OSRonline.com is becoming ‘legacy’. If there’s not a future home for some of the tools listed there, you might want to grab a set of tools while you still can. The tools are somewhat like SysInternals-style of tools.

Microsoft WDK docs moved to Github

August 2, 2016 ~ hucktech ~ Leave a comment

The driver documentatoin Windows DDK (Driver Development Kit), these days called the WDK is now on Github.

The WDK Docs are moving to GitHub. Have a doc bug? Just fix it, submit a PR, and PRESTO! Updated on MSDN same day. https://t.co/QEBP3NG81D

— OSR (@OSRDrivers) August 2, 2016

https://github.com/Microsoft/windows-driver-docs

Fix WDK Doc Issues — Yourself. And Fast!

OSR on Windows IoT on Rasberry PI 3

April 24, 2016 ~ hucktech ~ Leave a comment

Peter at OSR has a new blog post about using Embedded Windows — now called Windows IoT — on a Rasberry PI3, with a lot of advice for embedded Windows developer using this beta platform.

Been playing with Win10 IoT Core on RPI 3. LOTS of fun but also lots of little issues. Tips to help you get started: https://t.co/ek8Z8Q2pct

— OSR (@OSRDrivers) April 18, 2016

[…] You can’t connect WinDbg to the RPI 3 via the network. You have to use the serial port. To be successful in this endeavor, you’ll need a super-secret TTL to USB Serial Port cable (this one from Adafruit works just dandy). […]

Secrets of Using Win10 IoT Core on the RPI 3 (and staying sane)

If you do Windows, and have not looked at OSR’s online resources, it is worth a look, they have some tools that beat SysInternals, and the NTDev mailing list is probably the best public source of NT experienced developers, and one of the few places outside MSDN blogs that Microsoft developers publicly post technically useful information:
http://www.osronline.com/section.cfm?section=27
http://www.osronline.com/cf.cfm?PageURL=showlists.cfm?list=NTDEV