Monthly Archives: April 2018


Documented Behavior The IO_IGNORE_SHARE_ACCESS_CHECK flag provides a way for Windows kernel components to bypass sharing checks while opening local files. NTFSD has lots of posts on the subject — see here, here, here, etc… MSDN discusses the flag as well … Continue reading

Posted in File System, Reversing, Windows | Leave a comment

Finding an Exception in a user-mode minidump

I spend most of my time in kernel and so I still fumble around sometimes when asked to look at user-mode crash dumps. In particular, someone gave me an .hdmp file recently — I don’t know much about this kind … Continue reading

Posted in Debugging, usermode, Windbg | Leave a comment