Archive for May, 2010

Process specific breakpoints

Thursday, May 20th, 2010

I’ve talked previously about thread specific breakpoints, which allow you to set a breakpoint that will only fire for a specific thread. Equally useful are process specific breakpoints, which will only fire for any thread within a given process.

To set a process specific breakpoint, you specify the /p switch to the bp command and supply a process object address:

bp /p 84996030 ntfs!ntfscommoncreate

The process address could, for example, be retrieved from the output of the !process 0 0 command or you can use the handy $proc pseudo register to specify the current process:

bp /p @$proc ntfs!ntfscommoncreate

Posted in WinDBG | 1 Comment »

Driver Speak: IRQL

Wednesday, May 12th, 2010

Interrupt request levels are a fundamental Windows concept. We all know what they are (and if not we should) and interact with them every day, but do we know how to pronounce their acronym “IRQLs”?

Much like most of these terms, you’ll find a few alternate pronounciations. The one that I use is:

Urk wull

With short u sounds.

An alternate pronounciation that you’ll sometimes hear is:

Urkel

(An homage to Steve?)

Lastly, there’s the obvious pronounciation of just sounding out the letters:

I R Q L

Though what fun is that?

Posted in Driver Speak | 1 Comment »