|$vframe tells you the 'virtual frame pointer'. This is the memory address where you can find the stack frame. If the function has a true stack frame, memory will be layed out like the below table. $vframe is extremely helpful when retail debugging because it tells you where about on the stack to look for your local variables.|
|The 32-bit x86 calling conventions|
|The following example shows the results of making a function call using various calling conventions. This example is based on the following function skeleton.|
void MyFunc(char c, short s, int i, double f)
MyFunc ('x', 12, 8192, 2.7183);
Nice callstack frame.
|This is when keyed events were born. They were added to Windows XP as a new kernel object type, and there is always one global event \KernelObjects\CritSecOutOfMemoryEvent, shared among all processes. There is no need for any of your code to initialize or create it—it’s always there and always available, regardless of the amount of resources on the machine. Having it there always adds a single HANDLE per process, which is a very small price to pay for the benefit that comes along with it. If you dump the handles with !handle in WinDbg, you’ll always see one of type KeyedEvent. Well, what does it do?|