Reading Notebook: 22-October-09
Comments in italics are mine and express my own views, thoughts and opinions
Windows Internals by M. Russinovich, D. Solomon and A. Ionescu:
REG_NONE and REG_QWORD (p. 251) - the former should have a purpose as a name switch
REG_LINK (pp. 251 - 252)
HKU\.DEFAULT as a local system profile (p. 253)
\Users location can be changed in HKLM\So\M\WNT\CV\ProfileList\ProfilesDirectory (p. 254)
BCDEdit is for HKLM\BCD, how to enable /DEBUG (pp. 255 - 257) - I also had to add more permissions to Administrators for Elements key to be able to add modifications. Before editing:
C:\Users\Administrator>bcdedit
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
resume No
Windows Boot Loader
-------------------
identifier {current}
After editing:
C:\Users\Administrator>bcdedit
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30
resume No
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Server 2008
locale en-US
inherit {bootloadersettings}
osdevice partition=C:
systemroot \Windows
resumeobject {cc03280e-0762-11de-b63a-af7e963a0201}
nx OptOut
debug Yes
Pdh.dll (p. 260) - Typical stack trace in TS environments:
[...]
winsta!WinStationQueryInformationW+0x2a
perfts!CollectTSObjectData+0x12f
advapi32!QueryExtensibleData+0x617
advapi32!PerfRegQueryValue+0x536
advapi32!LocalBaseRegQueryValue+0x306
advapi32!RegQueryValueExW+0x96
pdh!GetSystemPerfData+0x83
pdh!GetQueryPerfData+0x7f
pdh!PdhiCollectQueryData+0x40
pdh!PdhCollectQueryData+0x42
[...]
- Dmitry Vostokov @ SoftwareGeneralist.com -
_1125.png)
Coming Soon:
Fundamentals of Complete Crash and Hang Memory Dump Analysis
Management Bits: An Anthology from Reductionist Manager
Crash Dump Analysis for System Administrators and Support Engineers
New Magazines:
Debugged! MZ/PE: MagaZine for/from Practicing Engineers
New Books:
Introduction to Pattern-Driven Software Problem Solving
Memory Dump Analysis Anthology: Color Supplement for Volumes 4-5
Windows Debugging Notebook: Essential User Space WinDbg Commands
Memory Dump Analysis Anthology, Volume 5
Memory Dump Analysis Anthology, Volume 4
Memory Dump Analysis Anthology: Color Supplement for Volumes 1-3
Memory Dump Analysis Anthology, Volume 3
First Fault Software Problem Solving: A Guide for Engineers, Managers and Users
x64 Windows Debugging: Practical Foundations
Also available:
Windows Debugging: Practical Foundations
DLL List Landscape: The Art from Computer Memory Space
Dumps, Bugs and Debugging Forensics: The Adventures of Dr. Debugalov
WinDbg: A Reference Poster and Learning Cards
Memory Dump Analysis Anthology, Volume 2
Memory Dump Analysis Anthology, Volume 1
New Children's Book:
