The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Considering that in x64, the first arguments are passed in registers, and therefore when i call another function inside that function, the previous arguments should be gone at that point (right?), so how can windbg tell me the arguments that is passed to every function when i use K and print the function frames that i have the private pdb symbols?
Basically i want to know if these function arguments that windbg prints in x64 are **100% **reliable or not?
I am asking this because i have a crash dump (x64) that for example has this sequence of calls : f1(myVar) -> f2(myVar)
But the thing is that windbg is giving me some random junk for myVar* in f2, but in f1 it is correct, and this varriable is not changed inside any of them, and since its x64, therefore the variable is also inside rcx so it cant be because of overflow either..
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Writing WDF Drivers||24 January 2022||Live, Online|
|Internals & Software Drivers||7 February 2022||Live, Online|
|Kernel Debugging||21 March 2022||Live, Online|
|Developing Minifilters||23 May 2022||Live, Online|