RE: There's got to be an easy way to do this... getting -_DRIVER_OBJE-CTs from a crash dump using W

As the increasingly odd Dan Rather might put it: that version of windbag
stinks worse than a Florida election :slight_smile:

Go get the !new !improved windbag from the Microsoft website. It is really
pretty good with only a few insanities.

As for driver objects, I haven’t a clue what you would find of any interest
in one, but generally I find mine hanging off of my device objects. If you
don’t actually have any device objects then perhaps setting a breakpoint in
DriverEntry, or using a debug printf to push the address onto the console
would get you there. Given the address of your driver object, the !new
!improved windbag’s “dt” command will print (recursively even) the a fully
parsed description of any data structure.

Mark Roddy
WindowsNT Windows 2000 Consulting Services

-----Original Message-----
From: Smith, Joel []
Sent: Thursday, November 09, 2000 3:30 PM
To: NT Developers Interest List
Subject: [ntdev] There’s got to be an easy way to do this… getting
_DRIVER_OBJE CTs from a crash dump using WinDbg

I wasting a lot of time trying to get the _DRIVER_OBJECT that were
in memory at the time of a system crash using WinDbg (analyzing a crash dump
file). The !drivers command lists some information, but I’m trying to get
my actual _DRIVER_OBJECT as it existed at the time of the crash. Can
someone explain how I should go about doing this?

Also, the version of WinDbg (version 5.0 build 2195) crashes quite
often. Is this normal or is it more likely there is some sort of
environmental thing with my system that is causing WindDbg to be unstable?
