Address of a failed LIST_ENTRY for the KERNEL_SECURITY_CHECK_FAILURE

I'm trying to look into a BSOD with the KERNEL_SECURITY_CHECK_FAILURE stop code. It is the one for the corrupted LIST_ENTRY, or with the Arg1 == 3.

The documentation says that I need to use " dl and dlb commands"

But how do I get the address of the failed LIST_ENTRY?

In the bug check itself I have a trap frame and an exception record. I don't have the source code for the failed module to know more, so all I have is the assembly code for the location where the fast-fail software breakpoint was raised (from the trap frame).

You need to dig into the surrounding assembly and find it.