I’m definitely not a hardware person, but I’ve brushed up on this sort of
thing in the past. I’m
pretty sure that a high end mainframe TLA will do the first part but only
passively.
Also hugely expensive.
I could be wrong about any or all of this.
mm
On Dec 2, 2015 4:10 AM, “Mike Kemp” wrote:
> I just wondered if it is possible for a logic analyser to trap an access
> with this data to an address that matches the profile, and generate a
> system interrupt so the relevant code can be dumped before proceeding?
> Maybe just a custom FPGA?
>
> Mike
>
> ----- Original Message ----- From: Scott Noone
> Newsgroups: ntdev
> To: Windows System Software Devs Interest List
> Sent: Wednesday, December 02, 2015 3:33 AM
> Subject: Re:[ntdev] Memory Corruption Mystery: Any Ideas?
>
>
>
>
> Definitely! It might end up being more than one, I think it could
> practically
> be a book at this point
>
> -scott
> OSR
> @OSRDrivers
>
> “Andrey Bazhan” wrote in message news:xxxxx@ntdev…
>
> Yeah, sometimes you wish it was 24 * 2 in a day :). By the way, this is
> very
> interesting case and it would be really cool if you could write a blog post
> about it.
>
> “Scott Noone” wrote in message news:xxxxx@ntdev…
>
> We searched for the sequence in the “suspect” driver list (NIC, video,
> etc.)
> using IDA Pro, though it was a long shot. We found various instances of it,
> though just through static analysis it was impossible to say if it was even
> related. Not enough hours in the day to do a complete reversing job on
> every
> driver
>
> -scott
> OSR
> @OSRDrivers
>
> “Andrey Bazhan” wrote in message news:xxxxx@ntdev…
>
> Have you tried to narrow down the culprit by running
>
> !for_each_module “.echo @#ModuleName; s-b @#Base @#End D8 0F 00 00”
>
> wrote in message news:xxxxx@ntdev…
>
>
>
> I discounted this as being a RAM problem due to the consistency and the
> pattern and the bad offset. It really “feels” like a device (or possibly
> driver) writing a control/status value where it shouldn’t. That being said,
> I’m happy still guessing…Would this type of corruption be consistent with
> a RAM issue in your opinion?
>
> Thanks!
>
> -scott
> OSR
> @OSRDrivers
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: <
> http://www.osronline.com/showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: <
> http://www.osronline.com/showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer>
></http:></http:>