Archive for June, 2014

Hibernate and Hiberfile sizes

June 13, 2014

Windows reserves typically 75% of the Memory for Hiberfil.sys . This is normally enough after compression but maybe less especially if you use memory tools. The way to change hiberfile size is as follows :

powercfg /h /size

To turn off Hibernate use the following command:
powercfg /h off

Turning off hibernate in Windows8+ is:
1) No fast startup so impact on boot time
2) No way to save data if the battery reaches critical levels.
3) No way to save data on Thermal conditions

Decrypting wdf01000.sys interrupts with WPA

June 13, 2014

If you are trying to figure out which WDF driver is the source of all interrupts there is a way out. Since wdf01000.sys fields all interrupts and then calls the actual driver, it is difficult to figure out which driver caused the interrupts. Fortunately, there is a way out: You need to use the trace flags in the kernel – WDF_INTERRUPT and WDF_DPC. You can find all Kernel trace flags by the following command: “xperf -providers KF” .

You can trace as follows: ”

xperf -on diageasy+WDF_DPC+WDF_INTERRUPT+0x48000000+PROC_THREAD+LOADER+INTERRUPT+DPC+CSWITCH+TIMER+CLOCKINT -stackwalk TimerSetPeriodic+TimerSetOneShot+CSwitch+readythread+profile -clocktype perfcounter -buffersize 1024 -minbuffers 1024

xperf -d test.etl