Hi, All
Is there any way to know which threads are related to specific driver?
Is it possible during debugging?
Is it possible in DUMPs?
What is the way to do it?
–
Thank you,
Kozlov Daniel
Not as far as I know. The system threads are just that - system threads. I usually do the brute force thing of !process 0 7 and look for my drivername…
“danny kozlov” wrote in message news:xxxxx@windbg…
Hi, All
Is there any way to know which threads are related to specific driver?
Is it possible during debugging?
Is it possible in DUMPs?
What is the way to do it?
–
Thank you,
Kozlov Daniel
>“Rod Widdowson” wrote in message
>news:xxxxx@windbg…
>Not as far as I know. The system threads are just that - system threads.
>I usually do the brute force thing of !process 0 7 >and look for my
>drivername…
!stacks takes a filter string so there’s a shortcut for this:
!stacks 2 drivername!
-scott
–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
“Rod Widdowson” wrote in message
news:xxxxx@windbg…
Not as far as I know. The system threads are just that - system threads. I
usually do the brute force thing of !process 0 7 and look for my
drivername…
“danny kozlov” wrote in message news:xxxxx@windbg…
Hi, All
Is there any way to know which threads are related to specific driver?
Is it possible during debugging?
Is it possible in DUMPs?
What is the way to do it?
–
Thank you,
Kozlov Daniel
If you know driver’s module name you can use !stacks to see all kernel
stacks that contains given module:
!stacks 2 <module_name>
You can then figure out which one is actually system thread that was
created by a given driver.
Beginning of a call stack should be something like (it’s from Win7):
nt!PspSystemThreadStartup
nt!KiThreadStartup
Kris
From: danny kozlov [mailto:xxxxx@gmail.com]
Posted At: Monday, July 19, 2010 9:31 AM
Posted To: windbg
Conversation: Thread List of specific driver.
Subject: Thread List of specific driver.
Hi, All
Is there any way to know which threads are related to specific driver?
Is it possible during debugging?
Is it possible in DUMPs?
What is the way to do it?
–
Thank you,
Kozlov Daniel</module_name>