When during kernel debugging the host computer breaks into what will be a BSOD, such as:
DriverName!FunctionName+0x1cc
I know the “0x1cc” means 0x1cc bytes after the first byte of code to execute of funtion FunctionName. However, how can I find out which line of execution that represents?
If you have private PDBs this information is in the PDB. The ln command will
show you the source line:
0: kd> ln Osr!Xxx+0xeb
c:\projects\xxx\src\xxx\supp.cpp(1535)
(fffff880`01146390) Osr!IXxx+0xeb
If you don’t have private PDBs then you’re on your own for figuring this
out.
-scott
OSR
@OSRDrivers
wrote in message news:xxxxx@ntdev…
When during kernel debugging the host computer breaks into what will be a
BSOD, such as:
DriverName!FunctionName+0x1cc
I know the “0x1cc” means 0x1cc bytes after the first byte of code to execute
of funtion FunctionName. However, how can I find out which line of execution
that represents?
when in need i find looking at call instructions close to the failing instruction is helpful. ie run:
u Osr!Xxx+0xeb-20
also understanding assembly reasonably well if very helpful. even without symbols you can almost always figure out where in code you most likely are.
if you are debugging itanium assembly things get complicated.