1. #1
    x BlueRobot's Avatar
    Join Date
    May 2013
    Minkowski Space

    When should I look at Data Structures in dumps?

    I thought it would better to post this thread within this section, since this is me asking for some help with a particular command, rather than needing help with a BSOD issue.

    So, getting to the question, when is it appropriate to check at data structures with the dt command?

    Any help would be very appreciated.


    Machines Can Think

    We don't make mistakes; we just have happy accidents.

    • Ad Bot



  2. #2

    Join Date
    Mar 2012

    Re: When should I look at Data Structures in dumps?

    When the data structure has the information you are looking for. :)

    Like, for example, my Fun with MDLs article. I couldn't tell what the MDL flags were that were at fault unless I looked at the _MDL structure. Windows holds a lot of stuff in data structures, so if you want the dirt on stuff, you're gonna need to either discover the extension/command in Windbg that gives a nice readout the appropriate data structure(s), or you'll need to access the structures themselves. In some cases (like with _KPRCB and !prcb) the extension is vastly limited in output to the actual structure.
    Last edited by Vir Gnarus; 05-14-2013 at 09:22 AM.
    x BlueRobot says thanks for this.

  3. #3

    Re: When should I look at Data Structures in dumps?

    thank you for your direction im going to try this and see if i can come up with something!

Similar Threads

  1. Replies: 8
    Last Post: 06-02-2013, 03:37 PM
  2. Replies: 1
    Last Post: 12-09-2012, 11:17 PM

Log in

Log in