Hi,
I am writing a WinDbg extension that will search the memory for a given structure pattern. You can imagine it as Volatility’s drvscan command. This will work on crash dumps.
Can I somehow enumerate the kernel addresses available in the dump? Currently I am just searching addresses page-by-page, but the result is that the WinDbg’s output window is flooded with errors like this:
Page da25c not present in the dump file. Type ".hh dbgerr004" for details
Page da25d not present in the dump file. Type ".hh dbgerr004" for details
Page da25e not present in the dump file. Type ".hh dbgerr004" for details
Page da25f not present in the dump file. Type ".hh dbgerr004" for details
Page da260 not present in the dump file. Type ".hh dbgerr004" for details
Is there a way to prevent this?
Easiest thing to do is just suppress the message with .ignore_missing_pages
-scott
OSR
@OSRDrivers
wrote in message news:xxxxx@windbg…
Hi,
I am writing a WinDbg extension that will search the memory for a given
structure pattern. You can imagine it as Volatility’s drvscan command. This
will work on crash dumps.
Can I somehow enumerate the kernel addresses available in the dump?
Currently I am just searching addresses page-by-page, but the result is that
the WinDbg’s output window is flooded with errors like this:
Page da25c not present in the dump file. Type ".hh dbgerr004" for details
Page da25d not present in the dump file. Type ".hh dbgerr004" for details
Page da25e not present in the dump file. Type ".hh dbgerr004" for details
Page da25f not present in the dump file. Type ".hh dbgerr004" for details
Page da260 not present in the dump file. Type ".hh dbgerr004" for details
Is there a way to prevent this?