tailieunhanh - Memory Dump Analysis Anthology- P8

Memory Dump Analysis Anthology- P8: This is a revised, edited, cross-referenced and thematically organized volume of selected blog posts about crash dump analysis and debugging written in 2006 - 2007 for software engineers developing and maintaining products on Windows platforms, technical support and escalation engineers dealing with complex software issues and general Windows users. | WinDbg Tips and Tricks 211 0 kd ub b8d1a068-2 olddriver TraceRoutine 0xc1 b8d1a051 mov esp ebp b8d1a053 pop ebp b8d1a054 ret b8d1a055 cmp edi 8 b8d1a058 jbe olddriver TraceRoutine 0x157 b8d1a0e7 b8d1a05e push 206b6444h b8d1a063 push edx b8d1a064 push 0 0 kd .formats 206b6444 Evaluate expression Hex 206b6444 Decimal 543908932 Octal 04032662104 Binary 00100000 01101011 01100100 01000100 Chars kdD Time Sat Mar 28 05 48 52 1987 Float low high 0 Double Please purchase PDF Split-Merge on to remove this watermark 212 PART 2 Professional Crash Dump Analysis OLD DUMPS NEW EXTENSIONS Sometimes we can use old Windows 2000 WinDbg extensions to extract information from Windows 2003 and XP crash dumps when their native extensions fail. We can also do the other way around to extract information from old Windows 2000 crash dumps using WinDbg extensions written for Windows XP and later. Here is an example. WinDbg stacks command shows the following not really helpful output from Windows 2000 complete memory dump 2 kd stacks Thread Ticks ThreadState Blocker System 89df8220 0000000 BLOCKED nt KiSwapThread 0x1b1 89dc1860 0003734 BLOCKED nt KiSwapThread 0x1b1 89dc15e0 0003734 BLOCKED nt KiSwapThread 0x1b1 89dc1360 00003b4 BLOCKED nt KiSwapThread 0x1b1 89dc10e0 0003734 BLOCKED nt KiSwapThread 0x1b1 89dc0020 0000381 BLOCKED nt KiSwapThread 0x1b1 89dc0da0 00066f6 BLOCKED nt KiSwapThread 0x1b1 89dc0b20 00025b4 BLOCKED nt KiSwapThread 0x1b1 89dc08a0 00025b4 BLOCKED nt KiSwapThread 0x1b1 89dc0620 0003734 BLOCKED nt KiSwapThread 0x1b1 89dc03a0 0003734 BLOCKED nt KiSwapThread 0x1b1 89dbf020 00025b4 BLOCKED nt KiSwapThread 0x1b1 89dbfda0 00025b4 BLOCKED nt KiSwapThread 0x1b1 89dbfb20 00007b4 BLOCKED nt KiSwapThread 0x1b1 89dbf8a0 00007b4 BLOCKED nt KiSwapThread 0x1b1 89dbf620 0000074 BLOCKED nt .