Sorting and Early Greek Philosophers

May 29th, 2012

Who was the first? Anaximander or Anaximenes? Use alphabetical sorting and you find that Anaximenes was after Anaximander.

- Dmitry Vostokov @ SoftwareGeneralist.com -

Reading Notebook: 17-May-2012

May 18th, 2012

Comments in italics are mine and express my own views, thoughts and opinions

Mac OS X Internals by A. Singh:

kextstat command (p. 49) - here’s the output from my system:

MacBook-Air:~ DumpAnalysis$ kextstat
Index Refs Address            Size       Wired      Name (Version) <Linked Against>
1   78 0xffffff7f80739000 0x683c     0x683c     com.apple.kpi.bsd (11.3.0)
2    6 0xffffff7f807de000 0x3d0      0x3d0      com.apple.kpi.dsep (11.3.0)
3  104 0xffffff7f80744000 0x1b9d8    0x1b9d8    com.apple.kpi.iokit (11.3.0)
4  109 0xffffff7f8072f000 0x9b54     0x9b54     com.apple.kpi.libkern (11.3.0)
5   93 0xffffff7f80740000 0x88c      0x88c      com.apple.kpi.mach (11.3.0)
6   37 0xffffff7f80760000 0x4938     0x4938     com.apple.kpi.private (11.3.0)
7   53 0xffffff7f80741000 0x22a0     0x22a0     com.apple.kpi.unsupported (11.3.0)
8   19 0xffffff7f80bc6000 0x7000     0x7000     com.apple.iokit.IOACPIFamily (1.4) <7 6 4 3>
9   27 0xffffff7f80765000 0x1e000    0x1e000    com.apple.iokit.IOPCIFamily (2.6.8) <7 6 5 4 3>
10    2 0xffffff7f81ba4000 0x58000    0x58000    com.apple.driver.AppleACPIPlatform (1.4) <9 8 7 6 5 4 3 1>
11    1 0xffffff7f809cc000 0xc000     0xc000     com.apple.driver.AppleKeyStore (28.18) <7 6 5 4 3 1>
12    9 0xffffff7f807e2000 0x25000    0x25000    com.apple.iokit.IOStorageFamily (1.7) <7 6 5 4 3 1>
13    0 0xffffff7f80c4c000 0x19000    0x19000    com.apple.driver.DiskImages (331.3) <12 7 6 5 4 3 1>
14    0 0xffffff7f818e6000 0x2a000    0x2a000    com.apple.driver.AppleIntelCPUPowerManagement (167.3.0) <7 6 5 4 3 1>
15    0 0xffffff7f807df000 0x3000     0x3000     com.apple.security.TMSafetyNet (7) <7 6 5 4 2 1>
16    2 0xffffff7f80846000 0x4000     0x4000     com.apple.kext.AppleMatch (1.0.0d1) <4 1>
17    1 0xffffff7f8084a000 0x11000    0x11000    com.apple.security.sandbox (177.3) <16 7 6 5 4 3 2 1>
18    0 0xffffff7f8085b000 0x5000     0x5000     com.apple.security.quarantine (1.1) <17 16 7 6 5 4 2 1>
19    0 0xffffff7f81c0b000 0x8000     0x8000     com.apple.nke.applicationfirewall (3.2.30) <7 6 5 4 3 1>
20    0 0xffffff7f818e2000 0x3000     0x3000     com.apple.driver.AppleIntelCPUPowerManagementClient (167.3.0) <7 6 5 4 3 1>
21    0 0xffffff7f81b81000 0x3000     0x3000     com.apple.driver.AppleAPIC (1.5) <4 3>
22    3 0xffffff7f80b62000 0x4000     0x4000     com.apple.iokit.IOSMBusFamily (1.1) <5 4 3>
23    0 0xffffff7f81bfc000 0x7000     0x7000     com.apple.driver.AppleACPIEC (1.4) <22 10 8 5 4 3>
24    0 0xffffff7f816da000 0x4000     0x4000     com.apple.driver.AppleSMBIOS (1.7) <7 4 3>
25    0 0xffffff7f81918000 0x3000     0x3000     com.apple.driver.AppleHPET (1.6) <8 7 5 4 3>
26    0 0xffffff7f816ff000 0x7000     0x7000     com.apple.driver.AppleRTC (1.4) <8 5 4 3 1>
27    6 0xffffff7f809d8000 0x6b000    0x6b000    com.apple.iokit.IOHIDFamily (1.7.1) <11 7 6 5 4 3 2 1>
28    0 0xffffff7f81c05000 0x4000     0x4000     com.apple.driver.AppleACPIButtons (1.4) <27 10 8 7 6 5 4 3 1>
29    1 0xffffff7f81b57000 0x4000     0x4000     com.apple.driver.AppleEFIRuntime (1.5.0) <7 6 5 4 3>
30   13 0xffffff7f80783000 0x4f000    0x4f000    com.apple.iokit.IOUSBFamily (4.5.8) <9 7 5 4 3 1>
32    0 0xffffff7f80a8e000 0x17000    0x17000    com.apple.driver.AppleUSBEHCI (4.5.8) <30 9 7 5 4 3 1>
33    2 0xffffff7f80dc8000 0xa000     0xa000     com.apple.iokit.IOAHCIFamily (2.0.7) <5 4 3 1>
34    0 0xffffff7f81b85000 0x18000    0x18000    com.apple.driver.AppleAHCIPort (2.2.0) <33 9 5 4 3 1>
35    0 0xffffff7f816df000 0x8000     0x8000     com.apple.driver.AppleSmartBatteryManager (161.0.0) <22 8 5 4 3 1>
36    0 0xffffff7f81b5b000 0x7000     0x7000     com.apple.driver.AppleEFINVRAM (1.5.0) <29 7 5 4 3>
37    5 0xffffff7f80986000 0x29000    0x29000    com.apple.iokit.IONetworkingFamily (2.0) <7 6 5 4 3 1>
38    1 0xffffff7f80dfb000 0x38000    0x38000    com.apple.iokit.IO80211Family (412.2) <37 7 5 4 3 1>
39    0 0xffffff7f80e33000 0x1e0000   0x1e0000   com.apple.driver.AirPort.Brcm4331 (513.20.19) <38 37 9 7 5 4 3 1>
40    0 0xffffff7f809c9000 0x3000     0x3000     com.apple.iokit.IOUSBUserClient (4.5.8) <30 7 5 4 3 1>
41    0 0xffffff7f80a79000 0x11000    0x11000    com.apple.driver.AppleUSBHub (4.5.0) <30 5 4 3 1>
42    4 0xffffff7f80ab2000 0x9e000    0x9e000    com.apple.iokit.IOThunderboltFamily (1.7.4) <5 4 3 1>
43    0 0xffffff7f8163e000 0x12000    0x12000    com.apple.driver.AppleThunderboltNHI (1.3.2) <42 9 8 5 4 3 1>
44    0 0xffffff7f80dde000 0x15000    0x15000    com.apple.iokit.IOAHCIBlockStorage (2.0.1) <33 12 5 4 3 1>
45    0 0xffffff7f815b2000 0x4000     0x4000     com.apple.driver.XsanFilter (403) <12 5 4 3 1>
46    0 0xffffff7f81342000 0x9000     0x9000     com.apple.BootCache (33) <7 6 5 4 3 1>
47    0 0xffffff7f81b46000 0x5000     0x5000     com.apple.AppleFSCompression.AppleFSCompressionTypeZlib (1.0.0d1) <6 4 3 2 1>
48    0 0xffffff7f81b4d000 0x5000     0x5000     com.apple.AppleFSCompression.AppleFSCompressionTypeDataless (1.0.0d1) <7 6 4 3 2 1>
49    1 0xffffff7f807d2000 0x6000     0x6000     com.apple.driver.AppleUSBComposite (4.5.8) <30 4 3 1>
50    0 0xffffff7f807d8000 0x6000     0x6000     com.apple.driver.AppleUSBMergeNub (4.5.3) <49 30 4 3 1>
51    3 0xffffff7f80a43000 0x8000     0x8000     com.apple.iokit.IOUSBHIDDriver (4.4.5) <30 27 5 4 3 1>
52    0 0xffffff7f815de000 0x4000     0x4000     com.apple.driver.AppleUSBTCKeyboard (225.2) <51 30 27 7 6 5 4 3 1>
55    2 0xffffff7f80cc1000 0x76000    0x76000    com.apple.iokit.IOBluetoothFamily (4.0.3f12) <7 5 4 3 1>
56    1 0xffffff7f80d57000 0xe000     0xe000     com.apple.driver.AppleUSBBluetoothHCIController (4.0.3f12) <55 30 7 5 4 3>
57    0 0xffffff7f80d6d000 0x9000     0x9000     com.apple.driver.BroadcomUSBBluetoothHCIController (4.0.3f12) <56 55 30 5 4 3>
58    0 0xffffff7f81632000 0x4000     0x4000     com.apple.driver.AppleThunderboltPCIDownAdapter (1.2.1) <42 9 4 3>
59    0 0xffffff7f815e7000 0x13000    0x13000    com.apple.driver.AppleUSBMultitouch (227.1) <51 30 27 6 5 4 3 1>
60    1 0xffffff7f81650000 0x8000     0x8000     com.apple.driver.AppleThunderboltDPAdapterFamily (1.5.9) <42 9 8 5 4 3>
61    0 0xffffff7f81658000 0x4000     0x4000     com.apple.driver.AppleThunderboltDPInAdapter (1.5.9) <60 42 9 8 5 4 3>
62    0 0xffffff7f815e3000 0x3000     0x3000     com.apple.driver.AppleUSBTCButtons (225.2) <51 30 27 7 6 5 4 3 1>
64    3 0xffffff7f80861000 0x2b000    0x2b000    com.apple.iokit.IOSCSIArchitectureModelFamily (3.0.3) <5 4 3 1>
65    1 0xffffff7f809b8000 0x11000    0x11000    com.apple.iokit.IOUSBMassStorageClass (3.0.1) <64 30 12 5 4 3 1>
67   14 0xffffff7f80c02000 0x38000    0x38000    com.apple.iokit.IOGraphicsFamily (2.3.2) <9 7 5 4 3>
68    0 0xffffff7f817a8000 0x3a000    0x3a000    com.apple.driver.AppleIntelSNBGraphicsFB (7.1.8) <67 9 8 7 6 5 4 3 1>
72    7 0xffffff7f80c3a000 0x12000    0x12000    com.apple.iokit.IONDRVSupport (2.3.2) <67 9 7 5 4 3>
73    1 0xffffff7f81b1c000 0x3000     0x3000     com.apple.driver.AppleBacklightExpert (1.0.3) <72 67 9 5 4 3>
74    0 0xffffff7f81b71000 0x5000     0x5000     com.apple.driver.AppleBacklight (170.1.9) <73 72 67 9 5 4 3>
75    1 0xffffff7f81b0a000 0x3000     0x3000     com.apple.driver.AppleGraphicsControl (3.0.16) <72 67 9 8 7 5 4 3 1>
77    0 0xffffff7f8179b000 0x3000     0x3000     com.apple.driver.AppleLPC (1.5.3) <9 5 4 3>
78    0 0xffffff7f816c9000 0x3000     0x3000     com.apple.driver.AppleSMBusPCI (1.0.10d0) <9 5 4 3>
79    1 0xffffff7f80bcd000 0x13000    0x13000    com.apple.driver.IOPlatformPluginFamily (4.7.5d4) <8 7 6 5 4 3>
80    3 0xffffff7f80be0000 0xc000     0xc000     com.apple.driver.AppleSMC (3.1.1d8) <8 7 5 4 3>
81    0 0xffffff7f80bec000 0x11000    0x11000    com.apple.driver.ACPI_SMC_PlatformPlugin (4.7.5d4) <80 79 9 8 7 6 5 4 3>
82    0 0xffffff7f81b0d000 0xf000     0xf000     com.apple.driver.ApplePolicyControl (3.0.16) <75 72 67 9 8 7 5 4 3 1>
83    2 0xffffff7f8135c000 0x6000     0x6000     com.apple.kext.OSvKernDSPLib (1.3) <5 4>
84    4 0xffffff7f81362000 0x2a000    0x2a000    com.apple.iokit.IOAudioFamily (1.8.6fc6) <83 5 4 3 1>
85    0 0xffffff7f8138c000 0x4000     0x4000     com.apple.driver.AudioIPCDriver (1.2.2) <84 5 4 3 1>
86    0 0xffffff7f812a6000 0x5000     0x5000     com.apple.Dont_Steal_Mac_OS_X (7.0.0) <80 7 4 3 1>
87    2 0xffffff7f81931000 0xc000     0xc000     com.apple.iokit.IOHDAFamily (2.1.7f9) <5 4 3 1>
88    1 0xffffff7f8196c000 0x1a000    0x1a000    com.apple.driver.AppleHDAController (2.1.7f9) <87 67 9 6 5 4 3 1>
89    1 0xffffff7f80d76000 0x5000     0x5000     com.apple.iokit.IOEthernetAVBController (1.0.0d5) <37 5 4 3 1>
90    0 0xffffff7f80d7b000 0x9000     0x9000     com.apple.iokit.IOAVBFamily (1.0.0d22) <89 37 5 4 3 1>
91    1 0xffffff7f80b66000 0xe000     0xe000     com.apple.iokit.IOSerialFamily (10.0.5) <7 6 5 4 3 1>
92    0 0xffffff7f80d49000 0xe000     0xe000     com.apple.iokit.IOBluetoothSerialManager (4.0.3f12) <91 7 5 4 3 1>
93    0 0xffffff7f816c2000 0x5000     0x5000     com.apple.driver.AppleSMCLMU (2.0.1d2) <80 67 5 4 3>
94    0 0xffffff7f80b50000 0x12000    0x12000    com.apple.iokit.IOSurface (80.0) <7 5 4 3 1>
95    0 0xffffff7f809af000 0x6000     0x6000     com.apple.iokit.IOUserEthernet (1.0.0d1) <37 6 5 4 3 1>
96    0 0xffffff7f817e2000 0xe1000    0xe1000    com.apple.driver.AppleIntelHD3000Graphics (7.1.8) <72 67 9 7 5 4 3 1>
97    1 0xffffff7f816cc000 0xe000     0xe000     com.apple.driver.AppleSMBusController (1.0.10d0) <22 9 8 5 4 3>
98    0 0xffffff7f81afb000 0xb000     0xb000     com.apple.driver.AGPM (100.12.42) <72 67 9 5 4 3>
100    0 0xffffff7f8174b000 0x4000     0x4000     com.apple.driver.ApplePlatformEnabler (2.0.4d2) <7 5 4 3>
101    0 0xffffff7f81392000 0x5000     0x5000     com.apple.driver.AudioAUUC (1.59) <84 67 9 8 7 5 4 3 1>
102    0 0xffffff7f81b77000 0xa000     0xa000     com.apple.driver.AppleAVBAudio (1.0.0d11) <5 4 3 1>
103    0 0xffffff7f8176c000 0xa000     0xa000     com.apple.driver.AppleMCCSControl (1.0.26) <67 9 7 5 4 3 1>
104    0 0xffffff7f81601000 0x5000     0x5000     com.apple.driver.AppleUpstreamUserClient (3.5.9) <67 9 8 7 5 4 3 1>
105    0 0xffffff7f8193d000 0x22000    0x22000    com.apple.driver.AppleMikeyDriver (2.1.7f9) <97 8 5 4 3 1>
106    1 0xffffff7f81986000 0xa4000    0xa4000    com.apple.driver.DspFuncLib (2.1.7f9) <84 83 5 4 3 1>
107    0 0xffffff7f81a2a000 0xaf000    0xaf000    com.apple.driver.AppleHDA (2.1.7f9) <106 88 87 84 72 67 6 5 4 3 1>
109    0 0xffffff7f81761000 0x3000     0x3000     com.apple.driver.AppleMikeyHIDDriver (122) <27 7 4 3 1>
110    1 0xffffff7f8134c000 0x5000     0x5000     com.apple.kext.triggers (1.0) <7 6 5 4 3 1>
111    0 0xffffff7f81351000 0x9000     0x9000     com.apple.filesystems.autofs (3.0) <110 7 6 5 4 3 1>
116    3 0xffffff7f80b8a000 0xd000     0xd000     com.apple.iokit.IOCDStorageFamily (1.7) <12 5 4 3 1>
117    2 0xffffff7f80b97000 0xb000     0xb000     com.apple.iokit.IODVDStorageFamily (1.7) <116 12 5 4 3 1>
118    1 0xffffff7f80ba2000 0xa000     0xa000     com.apple.iokit.IOBDStorageFamily (1.6) <117 116 12 5 4 3 1>
119    0 0xffffff7f80bac000 0x1a000    0x1a000    com.apple.iokit.IOSCSIMultimediaCommandsDevice (3.0.3) <118 117 116 64 12 5 4 3 1>
121    0 0xffffff7f81911000 0x5000     0x5000     com.apple.driver.AppleHWSensor (1.9.4d0) <5 4 3>
122    7 0xffffff7f81c20000 0x46000    0x46000    com.apple.iokit.AppleProfileFamily (85.2) <9 7 6 5 4 3 1>
123    0 0xffffff7f81c66000 0x7000     0x7000     com.apple.driver.AppleIntelProfile (85.2) <122 6 4 3>
124    0 0xffffff7f81c6f000 0x4000     0x4000     com.apple.driver.AppleProfileCallstackAction (85.2) <122 6 5 4 3 1>
125    0 0xffffff7f81c73000 0x3000     0x3000     com.apple.driver.AppleProfileKEventAction (85.2) <122 4 3 1>
126    0 0xffffff7f81c76000 0x4000     0x4000     com.apple.driver.AppleProfileReadCounterAction (85.2) <122 6 4 3>
127    0 0xffffff7f81c7a000 0x3000     0x3000     com.apple.driver.AppleProfileRegisterStateAction (85.2) <122 4 3 1>
128    0 0xffffff7f81c7d000 0x4000     0x4000     com.apple.driver.AppleProfileThreadInfoAction (85.2) <122 6 4 3 1>
129    0 0xffffff7f81c81000 0x4000     0x4000     com.apple.driver.AppleProfileTimestampAction (85.2) <122 5 4 3 1>
130    0 0xffffff7f80807000 0xc000     0xc000     com.apple.nke.ppp (1.7) <7 6 5 4 3 1>
313    0 0xffffff7f808ff000 0x2000     0x2000     com.apple.driver.AppleUSBODD (3.0.1) <65 64 30 12 5 4 3 1>
315    0 0xffffff7f8147b000 0x35000    0x35000    com.apple.filesystems.udf (2.2) <7 5 4 1>

XNU is not a microkernel (p. 50) - Windows Internals book also mentions that about itself at the beginning

u-area (p. 52) - in Windows the equivalent can be TEB and PEB structures

UBC (p. 52) - looks like in Windows we have the same unification of file cache and virtual memory subsystems

- Dmitry Vostokov @ SoftwareGeneralist.com -

Software as Means of Production

April 23rd, 2012

The cover of the latest Economist issue arrived today picturing a third industrial revolution prompted me to write about Software as means of production that I was thinking for sometime and even created a Software Generalist Party you are welcome to join. Software generalists are the future driving force of society change and I started working on a work comparable to Marx’s Capital called Software, Volume 1 subtitled as A Critical Analysis of Industrial Production (ISBN: 978-1908043375). It will also include an analysis of new emerging commodities such as memories.

- Dmitry Vostokov @ SoftwareGeneralist.com -

Resuming Reading Notebook

April 13th, 2012

Finally the book has arrived and I plan to continue my close reading with relevant comments pointing to DumpAnalysis.org and any additional experiments if needed, for example, to cover x64 Windows (the new edition is still 32-bit oriented in WinDbg examples).

Windows Internals, Part 1: Covering Windows Server 2008 R2 and Windows 7

- Dmitry Vostokov @ SoftwareGeneralist.com -

A History of Software in 64 Programs

November 15th, 2011

This is a new exiting book project I’m working on now scheduled for release in 2012 with ISBN 978-1908043337. If your company would like to have its programs considered for inclusion please let me know and send a copy just in case I would need to include screenshots. I’ll update about this project soon.

- Dmitry Vostokov @ SoftwareGeneralist.com -

MVC Worldview and The Origin of Economic Order

September 7th, 2011

A few weeks ago when I was asked about my opinion whether the current economic crisis will deepen an idea came to me that Cloud Computing is the last Model piece of MVC (Model-View-Controller) where View is Social Media such as Facebook, LinkedIn, Twitter, etc. and Controller is Internet itself. With the final piece of the puzzle the World needs new MVC Revolution in order to get back on track.

- Dmitry Vostokov @ SoftwareGeneralist.com -

Reading Notebook: 04-March-11

March 10th, 2011

Comments in italics are mine and express my own views, thoughts and opinions

Windows Internals by M. Russinovich, D. Solomon and A. Ionescu:

HKLM\S\MountedDevices and basic disk volume partition offset (pp. 667 - 668)

General reparse points; symbolic links and mount points as their applications (p. 669)

Device object -> VPB, !vpb WinDbg command (p. 670) - here’s on my x64 W2K8 system:

0: kd> dt _DEVICE_OBJECT
ntdll!_DEVICE_OBJECT
   +0x000 Type             : Int2B
   +0x002 Size             : Uint2B
   +0x004 ReferenceCount   : Int4B
   +0x008 DriverObject     : Ptr64 _DRIVER_OBJECT
   +0x010 NextDevice       : Ptr64 _DEVICE_OBJECT
   +0x018 AttachedDevice   : Ptr64 _DEVICE_OBJECT
   +0x020 CurrentIrp       : Ptr64 _IRP
   +0x028 Timer            : Ptr64 _IO_TIMER
   +0x030 Flags            : Uint4B
   +0x034 Characteristics  : Uint4B
   +0×038 Vpb              : Ptr64 _VPB
   +0×040 DeviceExtension  : Ptr64 Void
   +0×048 DeviceType       : Uint4B
   +0×04c StackSize        : Char
   +0×050 Queue            : <unnamed-tag>
   +0×098 AlignmentRequirement : Uint4B
   +0×0a0 DeviceQueue      : _KDEVICE_QUEUE
   +0×0c8 Dpc              : _KDPC
   +0×108 ActiveThreadCount : Uint4B
   +0×110 SecurityDescriptor : Ptr64 Void
   +0×118 DeviceLock       : _KEVENT
   +0×130 SectorSize       : Uint2B
   +0×132 Spare1           : Uint2B
   +0×138 DeviceObjectExtension : Ptr64 _DEVOBJ_EXTENSION
   +0×140 Reserved         : Ptr64 Void

0: kd> dt _VPB
ntdll!_VPB
   +0x000 Type             : Int2B
   +0x002 Size             : Int2B
   +0x004 Flags            : Uint2B
   +0x006 VolumeLabelLength : Uint2B
   +0x008 DeviceObject     : Ptr64 _DEVICE_OBJECT
   +0x010 RealDevice       : Ptr64 _DEVICE_OBJECT
   +0x018 SerialNumber     : Uint4B
   +0x01c ReferenceCount   : Uint4B
   +0x020 VolumeLabel      : [32] Wchar

FS -> Volume I/O (pp. 674 - 675) - we can also see driver stack from IRP I/O stack locations:

2: kd> !irp fffffa8017492b80
[...]
     cmd  flg cl Device   File     Completion-Context
 [  0, 0]   0  0 00000000 00000000 00000000-00000000   

                     Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000   

                     Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000   

                     Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000   

                     Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000   

                     Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000   

                     Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000   

                     Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000   

                     Args: 00000000 00000000 00000000 00000000
>[  4,34]  1c e0 fffffa800dfe2060 00000000 fffff88001186f30-00000000 Success Error Cancel
              \Driver\Disk  partmgr!PmReadWriteCompletion
                     Args: 00001000 00000000 b99a9000 00000000
 [  4, 0]  1c e0 fffffa800dfe2b90 00000000 fffff88001197180-fffffa800da89e20 Success Error Cancel
              \Driver\partmgr     volmgr!VmpReadWriteCompletionRoutine
                     Args: 148ce8c5bed 00000000 b99a9000 00000000
 [  4, 0]   c e0 fffffa800da89cd0 00000000 fffff88001968150-fffffa800dfe7190 Success Error Cancel
              \Driver\volmgr      volsnap!VspRefCountCompletionRoutine
                     Args: 00001000 00000000 148ce8c5be9 00000000
 [  4, 0]   c e1 fffffa800dfe7040 00000000 fffff88001a464f4-fffff88002777a10 Success Error Cancel pending
              \Driver\volsnap     Ntfs!NtfsMasterIrpSyncCompletionRoutine
                     Args: 00001000 00000000 b996a000 00000000
 [  4, 0]   0  0 fffffa800dfed030 fffffa800da958e0 00000000-00000000
              \FileSystem\Ntfs
                     Args: 00001000 00000000 01afc000 00000000
[…]

BitLocker architecture diagram (p.678) - parts can be seen from IRP I/O stack locations:

 kd> !irp 85e7ee00
[...]
     cmd  flg cl Device   File     Completion-Context
 [  0, 0]   0  0 00000000 00000000 00000000-00000000   

                  Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000   

                  Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000   

                  Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000   

                  Args: 00000000 00000000 00000000 00000000
 [  0, 0]   0  0 00000000 00000000 00000000-00000000   

                  Args: 00000000 00000000 00000000 00000000
>[  3,34]  10 e0 857b9030 00000000 8353724e-00000000 Success Error Cancel
             \Driver\Disk     partmgr!PmReadWriteCompletion
                  Args: 00001000 00000000 400d6000 00000000
 [  3, 0]  10  0 857b9d18 00000000 00000000-00000000
             \Driver\partmgr
                  Args: 6bad71d7 00000000 400d6000 00000000
 [  3, 0]  10 e0 8478b5f0 00000000 835487a4-857bc2f0 Success Error Cancel
      \Driver\DriverA   volmgr!VmpReadWriteCompletionRoutine
                  Args: 00001000 00000000 400d6000 00000000
 [  3, 0]   0 e0 857bc238 00000000 872c83e2-857bfb70 Success Error Cancel
             \Driver\volmgr   fvevol!FvePassThroughCompletion
                  Args: 00001000 00000000 6bad70ba 00000000
 [  3, 0]   0 e0 857bfab8 00000000 8709807a-859a2118 Success Error Cancel
             \Driver\fvevol   Ntfs!NtfsMasterIrpAsyncCompletionRoutine
                  Args: 00001000 00000000 40097000 00000000
 [  3, 0]   0  1 857e2020 8584ca40 00000000-00000000    pending
             \FileSystem\Ntfs
                  Args: 00001000 00000000 0329e000 00000000
[…]

VMK -> FVEK: possibility for rekeying (p. 679) 

Maximum protection: TPM+USB+PIN (p. 679)

Diffuser to protect from manipulations with AES-encrypted ciphertext (p. 681)

- Dmitry Vostokov @ SoftwareGeneralist.com -

Reading Notebook: 23-February-11

February 24th, 2011

Comments in italics are mine and express my own views, thoughts and opinions

Windows Internals by M. Russinovich, D. Solomon and A. Ionescu:

The distinction between class, port and miniport components in storage stack (pp. 646 - 647)

Example: disk.sys as a class driver, ataport.sys and atapi.sys as port and miniport drivers (pp. 647 - 448)

MPIO (multi path I/O), DSM (device-specific modules) and storage stack (pp. 649 - 650)

Old and new naming convention (DRX) for disk device objects (p. 650)

Win32 API disk drive naming (p. 651)

Partition device objects (p. 652)

Volume manager as a bus driver (p. 655)

System vs. boot volume (p. 660)

Volmgr.sys vs. Volmgrx.sys (p. 661)

The advantages of storing volume metadata in a file (p. 662)

Spanned, striped (RAID-0), mirrored (RAID-1), RAID-5 (striped with rotated parity) (pp. 662 - 667) 

- Dmitry Vostokov @ SoftwareGeneralist.com -

Reading Notebook: 21-February-11

February 21st, 2011

Comments in italics are mine and express my own views, thoughts and opinions

Windows Internals by M. Russinovich, D. Solomon and A. Ionescu:

Differences between driver and service loading (p. 623)

Tag value precedence redefinition (p. 624)

Verbose !devnode command options (pp. 627 - 628)

DID=VID.PID and DIID=DID.IID (p. 630)

Hybrid sleep (pp. 637-638) 

Power dispatch routine (p. 639) - Here’s a dispatch routine for a PCI driver from my x64 W2K8R2 system:

0: kd> !devnode 0 3
Dumping IopRootDeviceNode (= 0xfffffa8003c1ed90)
DevNode 0xfffffa8003c1ed90 for PDO 0xfffffa8003c1db10
  InstancePath is "HTREE\ROOT\0"
  State = DeviceNodeStarted (0x308)
  Previous State = DeviceNodeEnumerateCompletion (0x30d)

[...]

        DevNode 0xfffffa8003e91b10 for PDO 0xfffffa8003e40a20
          InstancePath is “PCI\VEN_8086&DEV_2810&SUBSYS_00000000&REV_02\3&172e68dd&0&F8″
          ServiceName is “msisadrv”
          State = DeviceNodeStarted (0×308)
          Previous State = DeviceNodeEnumerateCompletion (0×30d)

[...]

0: kd> !devobj 0xfffffa8003e40a20
Device object (fffffa8003e40a20) is for:
 NTPNP_PCI0013 \Driver\pci DriverObject fffffa8003cfe270
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00001040
Dacl fffff9a10008b231 DevExt fffffa8003e40b70 DevObjExt fffffa8003e40f90 DevNode fffffa8003e91b10
ExtensionFlags (0×00000800)
                             Unknown flags 0×00000800
AttachedDevice (Upper) fffffa8003e3f800
 \Driver\ACPI
Device queue is not busy.

0: kd> !drvobj fffffa8003cfe270 f
Driver object (fffffa8003cfe270) is for:
 \Driver\pci
Driver Extension List: (id , addr)

Device Object list:
fffffa8003e9da20  fffffa8003e9a060  fffffa8003e99a20  fffffa8003e939f0
fffffa8003e93040  fffffa8003e92660  fffffa8003e92cb0  fffffa8003e42060
fffffa8003e41a20  fffffa8003e41060  fffffa8003e40a20  fffffa8003e40060
fffffa8003e3fa20  fffffa8003e3f060  fffffa8003e3ea20  fffffa8003e3e060
fffffa8003e3da20  fffffa8003e3d060  fffffa8003e3ca20  fffffa8003e3c060
fffffa8003e3ba20  fffffa8003e3b060  fffffa8003e3aa20  fffffa8003e3a060
fffffa8003e37530

DriverEntry:   fffff880013ae1a0 pci!GsDriverEntry
DriverStartIo: 00000000�
DriverUnload:  fffff880013a2fec pci!PciDriverUnload
AddDevice:     fffff8800139ae54 pci!PciAddDevice

Dispatch routines:
[00] IRP_MJ_CREATE                      fffff80001ab5cfc nt!IopInvalidDeviceRequest
[01] IRP_MJ_CREATE_NAMED_PIPE           fffff80001ab5cfc nt!IopInvalidDeviceRequest
[02] IRP_MJ_CLOSE                       fffff80001ab5cfc nt!IopInvalidDeviceRequest
[03] IRP_MJ_READ                        fffff80001ab5cfc nt!IopInvalidDeviceRequest
[04] IRP_MJ_WRITE                       fffff80001ab5cfc nt!IopInvalidDeviceRequest
[05] IRP_MJ_QUERY_INFORMATION           fffff80001ab5cfc nt!IopInvalidDeviceRequest
[06] IRP_MJ_SET_INFORMATION             fffff80001ab5cfc nt!IopInvalidDeviceRequest
[07] IRP_MJ_QUERY_EA                    fffff80001ab5cfc nt!IopInvalidDeviceRequest
[08] IRP_MJ_SET_EA                      fffff80001ab5cfc nt!IopInvalidDeviceRequest
[09] IRP_MJ_FLUSH_BUFFERS               fffff80001ab5cfc nt!IopInvalidDeviceRequest
[0a] IRP_MJ_QUERY_VOLUME_INFORMATION    fffff80001ab5cfc nt!IopInvalidDeviceRequest
[0b] IRP_MJ_SET_VOLUME_INFORMATION      fffff80001ab5cfc nt!IopInvalidDeviceRequest
[0c] IRP_MJ_DIRECTORY_CONTROL           fffff80001ab5cfc nt!IopInvalidDeviceRequest
[0d] IRP_MJ_FILE_SYSTEM_CONTROL         fffff80001ab5cfc nt!IopInvalidDeviceRequest
[0e] IRP_MJ_DEVICE_CONTROL              fffff8800139e6d0 pci!PciDispatchDeviceControl
[0f] IRP_MJ_INTERNAL_DEVICE_CONTROL     fffff80001ab5cfc nt!IopInvalidDeviceRequest
[10] IRP_MJ_SHUTDOWN                    fffff80001ab5cfc nt!IopInvalidDeviceRequest
[11] IRP_MJ_LOCK_CONTROL                fffff80001ab5cfc nt!IopInvalidDeviceRequest
[12] IRP_MJ_CLEANUP                     fffff80001ab5cfc nt!IopInvalidDeviceRequest
[13] IRP_MJ_CREATE_MAILSLOT             fffff80001ab5cfc nt!IopInvalidDeviceRequest
[14] IRP_MJ_QUERY_SECURITY              fffff80001ab5cfc nt!IopInvalidDeviceRequest
[15] IRP_MJ_SET_SECURITY                fffff80001ab5cfc nt!IopInvalidDeviceRequest
[16] IRP_MJ_POWER                       fffff880013848fc pci!PciDispatchPnpPower
[17] IRP_MJ_SYSTEM_CONTROL              fffff8800139e66c pci!PciDispatchSystemControl
[18] IRP_MJ_DEVICE_CHANGE               fffff80001ab5cfc nt!IopInvalidDeviceRequest
[19] IRP_MJ_QUERY_QUOTA                 fffff80001ab5cfc nt!IopInvalidDeviceRequest
[1a] IRP_MJ_SET_QUOTA                   fffff80001ab5cfc nt!IopInvalidDeviceRequest
[1b] IRP_MJ_PNP                         fffff880013848fc pci!PciDispatchPnpPower

!pocaps and !popolicy WinDbg commands (pp. 641 - 643) 

Unlike other PnP operations like normal eject power cannot be vetoed by drivers and apps (pp. 643 - 644)

- Dmitry Vostokov @ SoftwareGeneralist.com -

Software Generalist View of Religion (Part 1)

October 13th, 2010

In seeking spritual faith a software generalist views various religious worldviews as packages providing interfaces (IReligion). The methods of such interface will be discussed in the next part but for now I show a UML diagram:

- Dmitry Vostokov @ SoftwareGeneralist.com -