[dallas]

The "all this debugging was done in assembly language with minimal symbol table information" was basically true in 2009-2011 too. The (non-CrowdStrike, non-Microsoft) team I was on was developing Windows intermediate drivers which did network acceleration. I'm not sure how CrowdStrike works but we essentially MITM'd/proxied in the Windows networking stack (is CrowdStrike observe-only? I don't know). I would end up filling notebooks with register moves and subroutine calls to trace back bluescreens because Windows is closed source. Thank goodness for Windbag disassembly. Interop with other intermediate drivers like popular virus scanners was an interesting problem. I'm pretty proud of our work there in hindsight!