Dudes I love this series its totally awesome... I feel you guy's are providing a great learning outlet especially for a beginner like myself. However at times the show gets hi jacked and it never gets back on course. I felt the past two episodes could have been a bit more linear and detailed.
My machine is no longer opening the correct architecture windbg (x64 vs x86) when I double click a dump file. The x64 version opens arbitrarily now. It was working as demonstrated by Andrew. However after setting procdump as JIT debugger that functionality went away. Is there a registry entry I should look into?
Chad I see in the windows internal 6th edition that the virtual address space for 32-bit x86 is 0x00000000 - 0x7fffffff for user process and 0x80000000 - 0xffffffff for protected operating system memory.
What are the values for a 64-bit x64 system?
I agree with Andrew that was an awesome demo. Can't wait for more!!!