Category Archives: Debugging

The Case of the Ever-Increasing SYSTEM Handle Count

Posted on November 26, 2025 by snowkoan

Update – Dec. 8, 2025: I got some feedback from a member of the Windows File Systems Team. They can reproduce the issue and also pointed out the leaking driver is not enabled in most cases: Wcifs only gets attached … Continue reading

Posted in Debugging, Kernel, Leak, Process Monitor, Sysinternals Tools | Tagged , , , , | Leave a comment

Doing the Microsoft Word Save Dance

Posted on September 9, 2025 by snowkoan

This is a level setting post on the complexities of saving a file. When working at the kernel level, this becomes a serious consideration. Update (Jan 2026) — Microsoft must get a lot of questions about this. They have a … Continue reading

Posted in Debugging | Tagged , , | Leave a comment

Driver Installation Pitfalls

Posted on January 24, 2025 by snowkoan

The most underrated part of client software is the installer. While it’s easy enough to get something up and running using tools like WiX, the real challenge lies in handling edge cases around install / uninstall, repair, upgrade, and rollback … Continue reading

Posted in Debugging | Tagged , , , | Leave a comment

Debugging Python for Fame and Blog Posts

Posted on August 26, 2024 by snowkoan

Python is Magic? Coming from a C/C++ Windows background, Python seems magical in how easy it is to get things done. However, this ease this comes at a cost. What do you do when things go wrong in a non-trivial … Continue reading

Posted in Debugging | Leave a comment

Creating a process without starting it

Posted on May 19, 2023 by snowkoan

I looked at a case today where our process was not starting for some reason. It had one thread and the thread stack looked very much like this: The thread is clearly suspended. My first thought was that someone manually … Continue reading

Posted in Debugging, Windbg, Windows | Leave a comment

Learning about Rundown References (aka Failing to Track Down a Reference Leak)

Posted on April 8, 2023 by snowkoan

I’ve been trying to track down a rare case where our filter driver hangs on unload. I haven’t yet been able to find the source of the leak, but I have learned something about rundown references. Perhaps this will help … Continue reading

Posted in Debugging | Leave a comment

Compiler:1, Filter Verifier:0 –OR– Why Your Mother Told You that Stackwalking is Dangerous

Posted on January 27, 2023 by snowkoan

Update: I reported this to the Filter Manager team at Microsoft. Of course, they already knew about it but maybe my report tipped the scales, because it is now documented on the Filter Verifier page. One of our excellent testers … Continue reading

Posted in Debugging, Kernel, Windows | Leave a comment

Decoding Kernel ETLs More Easily!

Posted on July 30, 2021 by snowkoan

I’ve been using WPP tracing in the kernel for many years. On the upside, WPP tracing uses a mechanism which is super fast and space efficient. On the downside, the output is in a binary format and it’s cumbersome to … Continue reading

Posted in Debugging, TipsAndTricks, Windows | Tagged , | 2 Comments

Fixing compile failure: ..\minidumpapiset.h(1328, 0): error C2143: syntax error: missing ‘;’ before ‘}’

Posted on August 25, 2020 by snowkoan

tl;dr; Update your target Windows SDK or go back to an older version of the Debugger Tools for Windows headers. Well, this is pretty stinky. After updating Visual Studio or your Debugging Tools for Windows SDK, you may run into … Continue reading

Posted in Debugging | Leave a comment

Tracking Down a FILE_OBJECT leak

Posted on February 6, 2019 by snowkoan

I recently looked at an an issue where a kernel component was leaking FILE_OBJECTs. The handle count on the objects was zero but they all had outstanding references keeping them open. Note: This is not new territory but I had … Continue reading

Posted in Debugging, File System, GFlags, Windbg, Windows | 1 Comment