Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.WinDbg Preview vs WinDbg
Saikrishna_Ravikanti
Member Posts: 12
Hi Team,
I have noticed some strange behaviour with WinDbg. I am getting 'Kernel stack not resident' error while trying to view the thread's call stack. But i am able to see the same thread's call stack if i analyzed the same dump file using WinDbg Preview. As per MSDN doc, WinDbg Preview is using the same underlying engine as WinDbg.
Generally we use company provided virtual machines to analyze customer reported issues and at present we can't install WinDbg Preview on those VM's. Could you please help me in understanding the reason for the above mentioned behavior?
Regards,
Sai
Howdy, Stranger!
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Writing WDF Drivers | 24 January 2022 | Live, Online |
| Internals & Software Drivers | 7 February 2022 | Live, Online |
| Kernel Debugging | 21 March 2022 | Live, Online |
| Developing Minifilters | 23 May 2022 | Live, Online |
Comments
They both use the same back end but the store version is sometimes using a newer version. Are you using the latest public WinDbg? It should be 10.0.19041.685
-scott
OSR
Thanks Scott. I am using 10.0.18362.1 WinDbg version. Let me try with 10.0.19041.685 version.
The behaviour is same even with latest WinDbg version.
Is the crash dump from a really new system? Is it user mode or kernel mode?
I just looked on my system and the debugger engine DLLs in WinDbg Preview (somewhere like C:\Program Files\WindowsApps\Microsoft.WinDbg_BLAH_BLAH\amd64) are newer than the ones in the latest WinDbg. You can try replacing the WinDbg DLLs with the WinDbg Preview ones and see if that works.
-scott
OSR
not exactly relevant but i downloaded the 19041 sdk iso to an old win7 x86 and installed the debugger only it installed fine but when i ran it was no table to debug even a simple console app it erred with only a part of memory could be read (ReadProcessMemory Error ) and it was showing 001b:0068 as instruction pointer and spewed out cannot resolve instruction pointer this was quiet some time ago i ditched this 19041 debugger and extracted an18362 which ran fine on win 7 x86 i spent a few hours in the process and it appered that i would not be able to coax to run it on that machine so something is definitely different in this 19041
Thanks Scott. I am able to see the call stack after replacing the DLLs.