RE: There's got to be an easy way to do this...

Actually I’ve never used the !new !improved windbag to debug an NT4 system.
Sorry to hear that it keeps crashing. Maybe the Microsoft support people who
read this group could provide some insight. By the way the windbag version
number in the ABOUT box is actually appended to the name. The number
reported in the string “Version 5.0 (xxxxx” is the os version. Fairly
confusing, eh?

Mark Roddy
xxxxx@hollistech.com
www.hollistech.com
WindowsNT Windows 2000 Consulting Services

-----Original Message-----
From: Smith, Joel [mailto:xxxxx@ntpsoftware.com]
Sent: Friday, November 10, 2000 1:31 PM
To: NT Developers Interest List
Subject: [ntdev] RE: There’s got to be an easy way to do this… gett ing
_DRIVER_OBJE CTs from a crash dump using WinDbg

ahhh…
I see, just create .pdb symbols for my driver and now I can use dt!.
I’m still crashing, but making progress!

-Joel

-----Original Message-----
From: Smith, Joel [mailto:xxxxx@ntpsoftware.com]
Sent: Friday, November 10, 2000 11:30 AM
To: NT Developers Interest List
Subject: [ntdev] RE: There’s got to be an easy way to do this… gett ing
_DRIVER_OBJE CTs from a crash dump using WinDbg

I can’t get the dt command to dump a formatted data structure. The
symbols distributed with NT4 (from the support directory) appear not to have
full type information. The debugger seems to want .pdb symbols and all I
have are .dbg symbols. Are the .pdb symbols available for nt4?
In addition, I did install the latest version of WinDbg and was still
crashing. I decided to then reinstalled my OS (Win2k). I again downloaded
the latest WinDbg, and am still crashing, even more than before! I am
loading an windows NT4 memory.dmp (I should be able to analyze an NT 4 crash
dump with this version ,right?). The easiest way for me to get the debugger
to crash is with this sequence:

!irpfind
!irp (some irp address)

I then get an access violation in WinDbg.exe (the instruction at 0x77fc9760
referenced memory at 0xfffffff8). Has anyone else had problems using WinDbg
1.00.0006.0 to analyze an nt4 crash dump?
Note that the help|about shows this Windbg to be version 5.0 (build 2195)
(although 1.00.0006 appears on the title bar). I aslo have an older
windbg.exe in my ddk\bin directory which also calls itself version 5.0
(build 2195). I guess I don’t understand this versioning scheme.

-Joel

-----Original Message-----
From: Roddy, Mark [mailto:xxxxx@stratus.com]
Sent: Thursday, November 09, 2000 4:17 PM
To: NT Developers Interest List
Subject: [ntdev] RE: There’s got to be an easy way to do this… getting
_DRIVER_OBJE CTs from a crash dump using WinDbg

As the increasingly odd Dan Rather might put it: that version of windbag
stinks worse than a Florida election :slight_smile:

Go get the !new !improved windbag from the Microsoft website. It is really
pretty good with only a few insanities.

As for driver objects, I haven’t a clue what you would find of any interest
in one, but generally I find mine hanging off of my device objects. If you
don’t actually have any device objects then perhaps setting a breakpoint in
DriverEntry, or using a debug printf to push the address onto the console
would get you there. Given the address of your driver object, the !new
!improved windbag’s “dt” command will print (recursively even) the a fully
parsed description of any data structure.

Mark Roddy
xxxxx@hollistech.com
www.hollistech.com
WindowsNT Windows 2000 Consulting Services

-----Original Message-----
From: Smith, Joel [mailto:xxxxx@ntpsoftware.com]
Sent: Thursday, November 09, 2000 3:30 PM
To: NT Developers Interest List
Subject: [ntdev] There’s got to be an easy way to do this… getting
_DRIVER_OBJE CTs from a crash dump using WinDbg

I wasting a lot of time trying to get the _DRIVER_OBJECT that were
in memory at the time of a system crash using WinDbg (analyzing a crash dump
file). The !drivers command lists some information, but I’m trying to get
my actual _DRIVER_OBJECT as it existed at the time of the crash. Can
someone explain how I should go about doing this?

Also, the version of WinDbg (version 5.0 build 2195) crashes quite
often. Is this normal or is it more likely there is some sort of
environmental thing with my system that is causing WindDbg to be unstable?

Thanks,
Joel