Introduction MONITOR and MWAIT are using when the CPU needs to be stopped executing the instruction and enter an implementation-dependent optimized state until some special event happens. MONITOR sets up an address range used to monitor write-back stores while MWAIT enables a logical processor to enter into an optimized state…
Posts published in “Debugging”
Hey there, In the previous part, I’d explained about Page Frame Number and its importance in the OSs architecture. In this part, I’ll trace PFN more practically. I strongly recommend to read the first part, to make sure you didn’t miss anything about basic concepts. As I described in the previous…
Introduction (Page Frame Number) Windows and almost all the OSs use Page Frame Number Database in order to have a track of virtually allocated pages to know which page must be freed or evicted or if a page needs to be cached and etc. All of these kinds of stuff…
[The picture of this post is taken by one of my best friends, Ahmad Ghazi in Chitgar Lake !] Introduction You should by now be aware of everything, cause the topic’s title clearly describes the contents of this post. As you know, almost all of the modern malware programs use some bunch…
The content of this post is the second part of PyKD Tutorials, so make sure to read this topic first, then continue reading this topic. Breakpoints Breakpoints are such useful things and can give you the power of analyzing programs in a better and easier way by using PyKD. In…