I am reproducing here some of the tools descriptions introduced in the previous post (*):
• Application Verifier is designed specifically to detect and help debug memory corruptions and critical security vulnerabilities.
This is achieved by monitoring a native application's interaction with the Windows operating system, profiling its use of objects, the registry, the file system, and Win32 APIs (including heaps, handles, locks, etc), and indicating issues when and where they are discovered.
Application Verifier also includes checks to predict how well an application may perform under various account privileges. These compatibility tests are used in Windows Logo program.
Print verification tests are also available to verify your usage of the print subsystem.
• Notmyfault: Use this executable and driver to crash your system in several different ways. Notmyfault can be used to demonstrate pool leak troubleshooting or for crash analysis examples. The download includes x86 (in the exe\release directory) and x64 versions (in the exe\relamd directory) as well as full source.
• Testlimit: Testlimit can be used to demonstrate the operating system's per-process limit on the number of concurrently opened handles, but the tool's command-line options also let you test limits of process and thread creation.
• VMMap is a process virtual and physical memory analysis utility. It shows a breakdown of a process's committed virtual memory types as well as the amount of physical memory (working set) assigned by the operating system to those types. Besides graphical representations of memory usage, VMMap also shows summary information and a detailed process memory map. Powerful filtering and refresh capabilities allow you to identify the sources of process memory usage and the memory cost of application features.
• MemInfo is a tool to query information on the state of the memory manager page lists, page frame number (PFN) database entries, per-component and per-process memory usage, and for mapping virtual to physical addresses (for certain kinds of kernel-mode pointers). It can also display the physical memory ranges available for use by Windows and reported by the BIOS and/or ACPI tables. MemInfo can help detect bad or damaged memory sticks by displaying the size of the bad page list, as well as help in detecting certain kinds of malware or rootkits by showing processes that tools other than the kernel debugger may not show as present. It can also be used to diagnose certain situations where the number of memory available to Windows is different from the amount of memory installed on the system.
• Debugging tools for Windows Package: Allows to use Process Explorer to view both the currently allocated pool sizes, as well as the maximum. To see the maximum, you’ll need to configure Process Explorer to use symbol files for the operating system. First, install the latest Debugging Tools for Windows package. Then run Process Explorer and open the Symbol Configuration dialog in the Options menu and point it at the dbghelp.dll in the Debugging Tools for Windows installation directory and set the symbol path to point at Microsoft’s symbol server
• WinObj is a must-have tool if you are a system administrator concerned about security, a developer tracking down object-related problems, or just curious about the Object Manager namespace. WinObj is a 32-bit Windows NT program that uses the native Windows NT API (provided by NTDLL.DLL) to access and display information on the NT Object Manager's name space. Winobj may seem similar to the Microsoft SDK's program of the same name, but the SDK version suffers from numerous significant bugs that prevent it from displaying accurate information (e.g. its handle and reference counting information are totally broken). In addition, our WinObj understands many more object types. Finally, Version 2.0 of our WinObj has user-interface enhancements, knows how to open device objects, and will let you view and change object security information using native NT security editors.
(*) Sourced from the download links that were previously provided,
sexta-feira, 20 de novembro de 2009
[TECH][PT] Windows Memory Management Tools
Here are some very useful tools for tracking Windows memory management issues and for analyzing and inspecting third party applications and what they are doing or using.
- Application Verifier: http://www.microsoft.com/downloads/details.aspx?FamilyID=c4a25ab9-649d-4a1b-b4a7-c9d8b095df18&DisplayLang=en#filelist (relevante para deteccção de leaks de aplicações Win32).
- Testlimit: http://download.sysinternals.com/Files/Testlimit.zip (particularmente relevante para provocar situações extremas de uso de Handles, Kernel Memory, etc).
- Application Verifier: http://www.microsoft.com/downloads/details.aspx?FamilyID=c4a25ab9-649d-4a1b-b4a7-c9d8b095df18&DisplayLang=en#filelist (relevante para deteccção de leaks de aplicações Win32).
- Testlimit: http://download.sysinternals.com/Files/Testlimit.zip (particularmente relevante para provocar situações extremas de uso de Handles, Kernel Memory, etc).
- Notmyfault: http://download.sysinternals.com/Files/Notmyfault.zip
- Debugging tools for Windows Package (pré-requisito para o LiveKD): http://www.microsoft.com/whdc/devtools/debugging/default.mspx ou http://www.microsoft.com/whdc/devtools/debugging/debugstart.mspx, instalada nos termos descritos no artigo [2];
- LiveKD: http://technet.microsoft.com/en-us/sysinternals/bb897415.aspx - apresenta num dos modos dados relacionados com Kernel memory, limites máximos, etc.
A seguinte ferramenta é referida nos artigos, pode ser usada para determinar kernel pool leaks (ver [2]) e, ao que parece, já se encontra instalada:
Outras ferramentas que podem ajudar:
- windbg (Windows debugger): http://www.microsoft.com/whdc/devtools/debugging/default.mspx (parte das Debugging Tools for Windows)
[TECH] Turbo Delphi - Free Delphi IDE
For Delphi lovers, there are free versions of the IDE for Win32, .Net and so on.
The only restriction is that you can't add custom components (like components from Developer Express).
If you want to make a simple Win32 application and you know Delphi / Object Pascal this is a good IDE for it. Just follow the link: Turbo Delphi jump start article
Note: I did not verify all the links on the target article yet.
The only restriction is that you can't add custom components (like components from Developer Express).
If you want to make a simple Win32 application and you know Delphi / Object Pascal this is a good IDE for it. Just follow the link: Turbo Delphi jump start article
Note: I did not verify all the links on the target article yet.
[TECH][WIN] Windows Memory Management great articles
Mark is a guy who can explain something complex in a very clear and simple way. I found these four articles on Windows memory management highly informative, now that I am in the process of solving a stability issue on a customer:
[3] http://blogs.technet.com/markrussinovich/archive/2008/07/21/3092070.aspx (Physical Memory - relevante para a questão de memória utilizada por devices apresentada nas properties do My Computer)
[4] http://blogs.technet.com/markrussinovich/archive/2009/07/08/3261309.aspx (Processes e Threads)
Also a reference in the area is the following book:
[TECH] Who stole who?
The common opinion with some people I know is that MS only copies others and that it is not so innovative as other companies.
This is an interesting article I found a few weeks ago and some of the discussions about these issues remind me of the discussion between who was born first: Was it the chicken or the egg? Because innovation is sometimes improving a concept that already exists. I think it is very difficult to enter a market without copying the others, I mean, improving on other's ideas. For instance look at what's happening to Apple because of the iPhone: it seems that Nokia is claiming a few copyright infringements.
Apple versus Microsoft: The top 20 stolen ideas of the OS wars:
So, who stole more from each other? Apple or Microsoft?
quarta-feira, 4 de novembro de 2009
Good Stuff?
Good stuff... Good stuff is what an English teacher of mine would say often during his classes. It is what comes into my mind when thinking of the tech world. So many things to think about, investigate, read, create an opinion, test, look and discover. You might even forget harsh reality and all its problems.
During my daily work I am confronted with some data sources, interesting stuff that I'd like to share to others. I like to receive bits of information daily instead of spending minutes browsing the web for updating myself. If something catches my eye I'll share and I'll be more than glad if some of you might find it of some help or for achieving that same purpose.
Nowadays I am a "certified English Speaker" and this means that I am qualified to speak more correct English (but not more than "native" speakers). All these statements are private jokes I used to tell to a customer that stayed on our facilities for years (AgustaWestland, Westland Helicopters) and with whom I worked closely. Nowadays I am starting to miss those times.
So let's keep the good stuff coming.
Good stuff!
Subscrever:
Mensagens (Atom)
