Hi experts,
I am debugging one issue in my kernel mode driver for windows where I am
getting crash(system hang). I wanted to know *if there is any way to
identify which Application was running at User mode while system crash (got
hung).* Any tool, windbg Command will be helpfull.
Hi Ravi,
You can use the following WinDbg command:
!process 0 0
Regards,
Fernando Roberto da Silva
DriverEntry Kernel Development
But on an N-core system, there can be N processes running. Does this
command list them all?
joe
Hi Ravi,
You can use the following WinDbg command:
!process 0 0
Regards,
Fernando Roberto da Silva
DriverEntry Kernel Development
http://www.driverentry.com.br
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Actually !process 0 0 lists all processes. If you want to see current
process (on a given core) use !process -1 0. You can switch between cores
with ~n where n is a core number. Alternatively use !running -ti to dump
actives processes for all cores.
Also bear in mind that system crashes might happen in arbitrary context so
the process that initiated problematic request is not necessarily a current
one.
Hope it helps.
Kris
On Wednesday, January 2, 2013, wrote:
But on an N-core system, there can be N processes running. Does this
command list them all?
joe> Hi Ravi,
>
> You can use the following WinDbg command:
>
> !process 0 0
>
> Regards,
> –
> Fernando Roberto da Silva
> DriverEntry Kernel Development
> http://www.driverentry.com.br
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
–
Kris
Thanks.
As you point out, the process that is running may be completely irrelevant
in looking for the base cause; all the OP can hope to do is try running
the process with some sort of tracing (such as IRP tracing) enabled, or
run the process with Driver Verifier activated.
joe
Actually !process 0 0 lists all processes. If you want to see current
process (on a given core) use !process -1 0. You can switch between cores
with ~n where n is a core number. Alternatively use !running -ti to dump
actives processes for all cores.Also bear in mind that system crashes might happen in arbitrary context so
the process that initiated problematic request is not necessarily a
current
one.Hope it helps.
Kris
On Wednesday, January 2, 2013, wrote:
> But on an N-core system, there can be N processes running. Does this
> command list them all?
> joe
>
> > Hi Ravi,
> >
> > You can use the following WinDbg command:
> >
> > !process 0 0
> >
> > Regards,
> > –
> > Fernando Roberto da Silva
> > DriverEntry Kernel Development
> > http://www.driverentry.com.br
> >
> > —
> > WINDBG is sponsored by OSR
> >
> > For our schedule of WDF, WDM, debugging and other seminars visit:
> > http://www.osr.com/seminars
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
> >
>
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>–
Kris
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer