How to check contents of a shared memory

NTDEV
1

I am not sure if this is the right forum to post this or not. Please help me
if you can.

I have an ill behaving process that might have corrupted shared memory which
is causing exceptions to be thrown whenever the shared memory is accessed. I
created a dump after catching the exception. Now I have the dump file,
handle to the shared memory but I don’t have the address to the shared
memory… Is there any way I can look at the contents of the shared memory
based on the handle info… Are there any useful fields here that can be
used to get the address of the shared memory?

1: kd> !handle 19c
processor number 1, process 84c49020
PROCESS 84c49020 SessionId: 0 Cid: 0ec4 Peb: 7ffdf000 ParentCid: 0f04
DirBase: 1d10d000 ObjectTable: e14c1490 HandleCount: 376.
Image: CallProcessor.exe

Handle table at e14a2000 with 376 Entries in use
019c: Object: e1064d88 GrantedAccess: 000f0007 Entry: e14a2338
Object: e1064d88 Type: (89d7e398) Section
ObjectHeader: e1064d70
HandleCount: 1 PointerCount: 2
Directory Object: e18c29d0 Name: CallerSharedMemory

Thanks for your help!!

Regards,
Jing

2

Not really sure what you’re trying to do here. Need more information.

mm

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jing Bing
Sent: Thursday, July 05, 2007 19:06
To: Windows System Software Devs Interest List
Subject: [ntdev] How to check contents of a shared memory

I am not sure if this is the right forum to post this or not. Please
help me if you can.

I have an ill behaving process that might have corrupted shared memory
which is causing exceptions to be thrown whenever the shared memory is
accessed. I created a dump after catching the exception. Now I have the
dump file, handle to the shared memory but I don’t have the address to
the shared memory… Is there any way I can look at the contents of the
shared memory based on the handle info… Are there any useful fields
here that can be used to get the address of the shared memory?

1: kd> !handle 19c
processor number 1, process 84c49020
PROCESS 84c49020 SessionId: 0 Cid: 0ec4 Peb: 7ffdf000 ParentCid:
0f04
DirBase: 1d10d000 ObjectTable: e14c1490 HandleCount: 376.
Image: CallProcessor.exe

Handle table at e14a2000 with 376 Entries in use
019c: Object: e1064d88 GrantedAccess: 000f0007 Entry: e14a2338
Object: e1064d88 Type: (89d7e398) Section
ObjectHeader: e1064d70
HandleCount: 1 PointerCount: 2
Directory Object: e18c29d0 Name: CallerSharedMemory

Thanks for your help!!

Regards,
Jing
— Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256 To unsubscribe, visit the
List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer