When should I look at Data Structures in dumps?

[x BlueRobot]

I thought it would better to post this thread within this section, since this is me asking for some help with a particular command, rather than needing help with a BSOD issue.

So, getting to the question, when is it appropriate to check at data structures with the dt command?

Any help would be very appreciated.

Thanks,

Harry

 

[Vir Gnarus]

When the data structure has the information you are looking for. :)

Like, for example, my Fun with MDLs article. I couldn't tell what the MDL flags were that were at fault unless I looked at the _MDL structure. Windows holds a lot of stuff in data structures, so if you want the dirt on stuff, you're gonna need to either discover the extension/command in Windbg that gives a nice readout the appropriate data structure(s), or you'll need to access the structures themselves. In some cases (like with _KPRCB and !prcb) the extension is vastly limited in output to the actual structure.

 

[debi3324]

thank you for your direction im going to try this and see if i can come up with something! :dance: