Thank you David. With “lm” command and “Vim gym”, I was able to locate the
module from where the _ERESOURCE, _DISPATCHER_HEADER, _KEVENT, _LIST_ENTRY
types came in.
It is also true that in W2K-SP3 I get a bunch of types from “dt nt!*” and
“dt hal!*”.
WBR Primoz
-----Original Message-----
From: David Holcomb [mailto:xxxxx@microsoft.com]
Sent: Tuesday, December 03, 2002 7:52 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: Listing DT types
I just learned that W2K SP3 should have these types for the kernel. But no
OSes prior to that will.
-----Original Message-----
From: David Holcomb
Sent: Tuesday, December 03, 2002 9:44 AM
To: ‘Kernel Debugging Interest List’
Subject: RE: [windbg] RE: Listing DT types
If you do not fully qualify the symbol name (e.g. driver!type instead of
just type), the debugger will search all loaded modules for the type. Some
driver you have loaded probably has this type defined.
These types are not available for NT4 or W2K public symbols, only on XP and
above. There are no plans to add these types to the NT4 and W2K symbols
either.
Some of these types might change from OS to OS so you want to be somewhat
certain you are referencing the right defined type for your OS. I don’t mean
to suggest that is the case with your loaded driver, but if you are
referencing one of these types from a driver and it seems to be a little
off, it may be because the driver is not fully compatible with your OS
version.
-----Original Message-----
From: Primoz Beltram [mailto:xxxxx@hermes.si]
Sent: Tuesday, December 03, 2002 6:59 AM
To: Kernel Debugging Interest List
Subject: [windbg] RE: Listing DT types
Thank you Simon. This make sense and explain why “dt nt!_ERESOURCE” fails
with “Symbol nt!_ERESOURCE not found.”. Do you have any idea from where the
_ERESOURCE type came, since the “dt _ERESOURCE” dumps correctly its
structure fields? Built-in types? WBR Primoz
-----Original Message-----
From: Graham, Simon [mailto:xxxxx@stratus.com]
Sent: Tuesday, December 03, 2002 3:37 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: Listing DT types
“dt driver!*” will do this - note that “dt nt!*” will produice an empty list
since the type info is stripped from the nt symbols.
/smigr
-----Original Message-----
From: Primoz Beltram [mailto:xxxxx@hermes.si]
Sent: Tuesday, December 03, 2002 6:56 AM
To: Kernel Debugging Interest List
Subject: [windbg] Listing DT types
Question: Is it possible to list structure types that “DT” command knows
about?
Case scenario:
WinDbg version 6.1.0009.0. I load crash dump file (e.g. W2K, postmortem
kernel debug). PDB symbol files are loaded OK. I use “!sym noisy” and
“.reload /f /v” and check for no “*** ERROR” or “*** WARNING” (except for
3rd party modules).
If I type “DT nt!_ERESOURCE” (WinDbg documentation example!) or “DT
ntdll!_ERESOURCE” or “DT other_kerne_modules!_ERESOURCE”, I get “Symbol
xxxxxx not found.” error back. If I type “DT _ERESOURCE” it is OK. The same
is true for some other kernel types (_DISPATCHER_HEADER, _KEVENT,
_LIST_ENTRY, …), that I found by experimenting.
If I execute “X *!*” command I don’t find any of mentioned kernel types
(_ERESOURCE, DISPATCHER_HEADER, KEVENT, …). I would like to know from
where and which structure types “DT” command knows. If I type “DT
MyDriver!MY_STRUCTURE” I know that it came from MyDriver.pdb, and I would
like to know (if possible) the same also for _ERESOURCE, _DISPATCHER_HEADER,
_KEVENT, _LIST_ENTRY, …
WBR Primoz
P.s.:
I know “!kdex2x86.strct” command and a GREAT possibility it offers to define
“own” structures in .INI file.
You are currently subscribed to windbg as: xxxxx@stratus.com To
unsubscribe send a blank email to %%email.unsub%%
You are currently subscribed to windbg as: xxxxx@hermes.si To
unsubscribe send a blank email to %%email.unsub%%
You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%
You are currently subscribed to windbg as: xxxxx@hermes.si To
unsubscribe send a blank email to %%email.unsub%%