When should I look at Data Structures in dumps?

x BlueRobot · May 13, 2013

I thought it would better to post this thread within this section, since this is me asking for some help with a particular command, rather than needing help with a BSOD issue.

So, getting to the question, when is it appropriate to check at data structures with the dt command?

Any help would be very appreciated.

Thanks,

Harry

Vir Gnarus · May 14, 2013

When the data structure has the information you are looking for. :)

Like, for example, my Fun with MDLs article. I couldn't tell what the MDL flags were that were at fault unless I looked at the _MDL structure. Windows holds a lot of stuff in data structures, so if you want the dirt on stuff, you're gonna need to either discover the extension/command in Windbg that gives a nice readout the appropriate data structure(s), or you'll need to access the structures themselves. In some cases (like with _KPRCB and !prcb) the extension is vastly limited in output to the actual structure.

debi3324 · Sep 26, 2016

thank you for your direction im going to try this and see if i can come up with something! :dance:

Search

Search

When should I look at Data Structures in dumps?

x BlueRobot

Administrator

Vir Gnarus

BSOD Kernel Dump Expert

debi3324

New member