system timer interrupt

hi all,

I am new to dump analysis , i want to check status of system timer interrupt
from the memory.dmp file, which windbg command is there to check it.

thanks in advance.

xxxxx@lge.com wrote:

I am new to dump analysis , i want to check status of system timer interrupt
from the memory.dmp file, which windbg command is there to check it.

I don’t know what you mean by “check status” here. What information are
you trying to get?


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

thanks for reply tim,

i want to know the number of tick count or the time of a system timer from the dump.

System Uptime: 0 days 11:28:30.132 that is spewed on start shows tick count

Kernel base = 0x804d7000 PsLoadedModuleList = 0x80554040
Debug session time: Thu Jun 30 00:23:46.562 2011 (UTC + 5:30)
System Uptime: 0 days 11:28:30.132 <-------------
Loading Kernel Symbols

or you can check !kuser->tickcount

kd> !kuser
_KUSER_SHARED_DATA at ffdf0000
TickCount: fa00000 * 00285788 (0:11:28:30.125)
TimeZone Id: 0

kd> !whattime 00285788
2643848 Ticks in Standard Time: 11:28:30.125s
kd> !whattime fa00000000285788
-432345564224923768 Ticks in Standard Time: 11:28:30.125s

or you can use

kd> !grep -e “Elapsed” -c “!process 0 1 System”
ElapsedTime 11:28:30.132

or you can use
kd> .time
Debug session time: Thu Jun 30 00:23:46.562 2011 (UTC + 5:30)
System Uptime: 0 days 11:28:30.132

or if dump was done with /ma or /mt you can use .ttime
kd> .ttime
Thread times not available

some experts can describe about the 2ec206fd whatever that is

kd> !grep -e “Interrupt time” -c !timer
Interrupt time: 2ec206fd 00000060 [6/30/2011 00:23:46.562]

On 2/9/12, xxxxx@lge.com wrote:
> thanks for reply tim,
>
> i want to know the number of tick count or the time of a system timer from
> the dump.
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

xxxxx@lge.com wrote:

i want to know the number of tick count or the time of a system timer from the dump.

When you bring up Windbg on a memory dump, this is part of the welcome text:

Symbol search path is:
srv*i:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17640.amd64fre.win7sp1_gdr.110622-1506
Machine Name:
Kernel base = 0xfffff80002a1e000 PsLoadedModuleList = 0xfffff80002c63670
Debug session time: Tue Dec 6 15:57:17.410 2011 (GMT-8)
System Uptime: 0 days 0:32:40.971

Those last two lines tell you the wall clock time and the tick count.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

thanks tim, raj for all your guidance
I also want to hook this timer with my ISR and DPC currently i am not able to acquire resources
for this. is that possible to hook? i clamed the IRQ 8 and port no 70 is that correct ?

hello folks…

m a newbie in driver development…
my team decided to start with driver debugging a mini filter driver before
modifying one…

we have connect host n guest(VM) using windbg, both windows 7
but are not getting how to start debugging the driver code which is on the
VM

To start we are using WDK sample -> Cdo minifilter
Please if any1 cud help

Thank you!
Regards

On Thu, Feb 16, 2012 at 1:47 PM, wrote:

> thanks tim, raj for all your guidance
> I also want to hook this timer with my ISR and DPC currently i am not able
> to acquire resources
> for this. is that possible to hook? i clamed the IRQ 8 and port no 70 is
> that correct ?
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

xxxxx@lge.com wrote:

thanks tim, raj for all your guidance
I also want to hook this timer with my ISR and DPC currently i am not able to acquire resources
for this. is that possible to hook? i clamed the IRQ 8 and port no 70 is that correct ?

You can’t do that. Those resources are already owned by the operating
system.

What do you hope to achieve? There are better (supported) ways of doing
this.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

This doesn’t even make any sense. The “system timer” is not something you
have direct access to, and just because you happen to know a port ID and
IRQ level doesn’t help in the slightest. Keep away from this. Really far
away.
joe

thanks tim, raj for all your guidance
I also want to hook this timer with my ISR and DPC currently i am not able
to acquire resources
for this. is that possible to hook? i clamed the IRQ 8 and port no 70 is
that correct ?


WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer