Hi!
Is it possible to use the ‘Object Reference Tracing’ (!obtrace) for a DEVICE_OBJECT?
I tried several times with different ‘gflags’ settings, but with no success.
When I set a process name filter (gflags /i) the tracing is working for Key,
File and some other object types, but not for DEVICE_OBJECT:
kd> !obtrace address
Unable to find object in table.
The address of a device object is 100% valid (this can be verified,
for example, by the ‘!devobj’ and ‘!devstack’ commands).
It seems that a ‘gflags /i’ filter does not apply for the objects created
in the system process context, like a driver objects or a device objects.
When I set a tag names (gflags /t + Dflt, tlfD or any other custom tag)
the tracing does not working at all and I see the message again: “Unable to
find object in table”.
Some additional information:
-
Windows 7, Windows 8.1 (both x64);
-
gflags settings (!gflag):
Current NtGlobalFlag contents: 0x01007400
ptg - Enable pool tagging
ust - Create user mode stack trace database
kst - Create kernel mode stack trace database
otl - Maintain a list of objects for each type
eot - Enable object handle type tagging
- “C:\Program Files\Windows Kits\8.1\Debuggers\x64\gflags.exe” /ro
Boot Registry Settings :
Object Ref Tracing Enabled
Permanent Traces
Pool Tags: Dflt;tlfD;ABCD;DCBA
Process Name: All Processes
(and system was rebooted).
Thanks.
