Archives

• September 2008
• April 2008
• October 2007
• September 2007
• August 2007
• July 2007
• June 2007
• May 2007
• April 2007
• March 2007
• February 2007
• January 2007
• December 2006
• November 2006
• October 2006
• September 2006
• August 2006
• July 2006
• June 2006
• May 2006
• April 2006
• March 2006
• February 2006
• January 2006
• December 2005
• November 2005

Categories

• AI (1)
• authentication (4)
• Blogging (38)
• Culture (27)
• DDK (89)
• General nonsense (29)
• Intellectual Property (9)
• Microsoft (52)
• Networking (23)
• PhoneFactor (5)
• Positive Networks (8)
• Programming (115)
• Security (46)
• two-factor (4)
• Uncategorized (38)
• Vista (34)
• WDK (26)
• Windows (56)

Links

• A Hole In My Head
• Alex Ionescu's Blog
• Antimail
• Buggin' My Life Away
• craigrow: blogging about developing, testing and getting a logo for your drivers using the Windows Driver Kit and the Driver Test Manager
• Dana Epp's ramblings at the Sanctuary
• DebugInfo.com - Oleg Starodumov
• Fabulous Adventures In Coding
• Joel on Software
• Larry Osterman's WebLog
• Lori Pearce's WebLog
• Mark's Sysinternals Blog
• Metasploit
• Michael Howard's Web Log
• Nynaeve
• Pointless Blathering
• Positive Networks
• Positive Networks Blog
• Q & Stuff
• Schneier on Security
• Schwieb
• Sorting It All Out
• The Old New Thing
• Under The Hood - Matt Pietrek

Meta

• Register
• Login
• Valid XHTML
• XFN
• WordPress
• Domain
• Website Design
• Web Hosting

A clever way to find who owns a pool

Scott Noone pointed out this technique on NTDEV for finding a mysterious pool tag owner:

If you have a debugger hooked up try:

ed nt!PoolHitTag 'REVD'

You'll break in when someone allocates memory using that tag.

This little tip is a new one on me. I’m sure the rest of you already know this, and I’m even surer that my co-workers (a couple of ‘em anyway) are going to make fun of me for not knowing this. But, hey, I’m arrogant enough to not care what they think.

Anyway, I thought it was neato.

This entry was posted on Tuesday, June 6th, 2006 at 9:11 pm and is filed under DDK, Windows, Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “A clever way to find who owns a pool”

• doug Says:
  April 28th, 2008 at 8:15 pm

  You should note that in ed nt!PoolHitTag ‘REVD’ the tag is DVER, meaning that you have to spell it backwards.

• dispensa Says:
  April 28th, 2008 at 8:16 pm

  Well, assuming you’re on a little-endian box, but who has one of those?

Leave a Reply

Name

Mail (will not be published)

Website

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>

Recent Posts

• Windows 7 Server == Windows Server 2008 R2
• Bad Idea: Making assumptions about CPU number
• At Driver DevCon
• Free advice (being worth what you pay for it, of course)
• PhoneFactor video
• Interesting peek at Win7
• No more single-core chips
• I guess it depends on what you’re hex editing
• Metasploit as the security Mendoza line
• The return of err.exe

Recent Comments

• Manny
• dispensa
• doug
• dispensa
• Yossi