Author Archives: Alnoor Allidina

Preventing System DLL Sideload Attacks

Problem Statement DLL sideloading is an attack where an unintended DLL is loaded, resulting in unintended code execution. This attack is possible for any DLL; in this article, we focus on Windows system DLLs. Sideloading system DLLs There’s an inherent … Continue reading

Posted in Security | Tagged , | Leave a comment

MEX is Your Friend: Analyzing 32-bit Processes in a 64-bit Kernel Dump

Introduction In 2016, Microsoft publicly released a WinDBG extension called MEX. It has a number of commands that make life easier when kernel debugging or analyzing a crash dumps. You can download it here if you want to give it a … Continue reading

Posted in Debugging, Windbg | Leave a comment

Windows Subystem For Linux – File Reads

I’ve read a bit about the way that Microsoft has implemented the Windows Subsystem for Linux (WSL). A one sentence summary: all system calls in a WSL process are fulfilled by a special kernel driver called a pico provider. I … Continue reading

Posted in Debugging | Leave a comment

Why does Notepad++ hang when I open it?

I am generally happy with Notepad++ but every now and then I find that it takes a long time to open. Yesterday, I started seeing a 20-second hang and after opening Notepad++ a few times, I became frustrated enough to troubleshoot … Continue reading

Posted in Hang, Performance, Troubleshooting | Leave a comment

Symbols Do Not Load in Windows Performance Analyzer (WPA)

The Windows Performance Toolkit (WPT) has been updated with the release of Windows 10 and I’ve just upgraded. There seem to be some minor improvements, but I noticed pretty quickly that I was unable to load symbols in Windows Performance Analyzer (WPA). … Continue reading

Posted in Performance | Tagged , , , | Leave a comment

Recovering a Deleted Draft in Gmail

So, here’s a funny thing about Gmail. If you delete a regular email, it gets moved to the Trash folder. However, if you discard a draft, it just vanishes in a puff of smoke. My wife discovered this frustrating behaviour tonight … Continue reading

Posted in Data Recovery | 147 Comments

Vmware-hostd Listening on HTTPS Port 443

Recently, I needed to stand up a web server on my development machine to do some testing. Unfortunately, when I tried to bind to the default HTTPS port (443), I found out that some other process on my machine was … Continue reading

Posted in Sysinternals Tools, Troubleshooting | Leave a comment