1. #1
    x BlueRobot's Avatar
    Join Date
    May 2013
    Minkowski Space

    When should I look at Data Structures in dumps?

    I thought it would better to post this thread within this section, since this is me asking for some help with a particular command, rather than needing help with a BSOD issue.

    So, getting to the question, when is it appropriate to check at data structures with the dt command?

    Any help would be very appreciated.


    Machines Can Think

    I am currently studying again, and therefore may not be available very often.

    • Ad Bot



  2. #2

    Join Date
    Mar 2012

    Re: When should I look at Data Structures in dumps?

    When the data structure has the information you are looking for. :)

    Like, for example, my Fun with MDLs article. I couldn't tell what the MDL flags were that were at fault unless I looked at the _MDL structure. Windows holds a lot of stuff in data structures, so if you want the dirt on stuff, you're gonna need to either discover the extension/command in Windbg that gives a nice readout the appropriate data structure(s), or you'll need to access the structures themselves. In some cases (like with _KPRCB and !prcb) the extension is vastly limited in output to the actual structure.
    Last edited by Vir Gnarus; 05-14-2013 at 09:22 AM.
    x BlueRobot says thanks for this.

  3. #3

    Re: When should I look at Data Structures in dumps?

    thank you for your direction im going to try this and see if i can come up with something!

Similar Threads

  1. Replies: 8
    Last Post: 06-02-2013, 03:37 PM
  2. Replies: 1
    Last Post: 12-09-2012, 11:17 PM

Log in

Log in