    When should I look at Data Structures in dumps?

    I thought it would better to post this thread within this section, since this is me asking for some help with a particular command, rather than needing help with a BSOD issue.

    So, getting to the question, when is it appropriate to check at data structures with the dt command?

    Any help would be very appreciated.


    Re: When should I look at Data Structures in dumps?

    When the data structure has the information you are looking for. :)

    Like, for example, my Fun with MDLs article. I couldn't tell what the MDL flags were that were at fault unless I looked at the _MDL structure. Windows holds a lot of stuff in data structures, so if you want the dirt on stuff, you're gonna need to either discover the extension/command in Windbg that gives a nice readout the appropriate data structure(s), or you'll need to access the structures themselves. In some cases (like with _KPRCB and !prcb) the extension is vastly limited in output to the actual structure.
    Re: When should I look at Data Structures in dumps?

    thank you for your direction im going to try this and see if i can come up with something!

