4.4.1 Built in Kernel Debugging Extensions

WinDbg provides a set of debugging extensions for kernel-mode driver debugging. These extensions allow the user to obtain additional extended information specific to kernel-mode debugging not available through the standard WinDbg commands.

The command-line syntax for a built-in extension is:

!extension_name [arguments]

!cxr

!cxr address

!cxr displays the context record at the specified address.

Parameters

address: Address of the system context record.

Platforms

Power PC, Alpha, MIPS, x86

Comments

The information from a context record can be used to assist in debugging a system halt where an unhandled exception has occurred and an exact stack trace is not available.

!db

!db [PhysicalAddress]

!db displays a hexadecimal and ASCII dump of 128 bytes from the specified address on the target machine.

Parameters

PhysicalAddress: This parameter is required on first usage. On subsequent usgae, the parameter is optional. If this parameter is not specified, !db will display the next 128 bytes starting at the first byte following the end of the previous !db command.

Platforms

Power PC, Alpha, MIPS, x86

!dd

!dd [PhysicalAddress]

!dd displays a hexadecimal dump of 32 ULONG values from the specified address on the target machine.

Parameters

PhysicalAddress: This parameter is required on first usage. On subsequent usage, the parameter is optional. If the parameter is not specified, !dd will display the next 32 ULONG values starting at the first byte following the end of the previous !dd command.

Platforms

Power PC, Alpha, MIPS, x86

!default

!default DLLName

!default changes the default extension DLL for WinDbg.

Parameters

DLLName: The name and path of the extension DLL..

Platforms

Power PC, Alpha, MIPS, x86

Comments

WinDbg maintains a default extension DLL which is implicity loaded when WinDbg loads. This allows the user to specify an extension command without first having to load a extension DLL. This command allows modification of which DLL is loaded as the default DLL.

!devobj

!devobj address

!devobj displays detailed information about a DEVICE_OBJECT.

Parameters

Address: The virtual address of a DEVICE_OBJECT.

Platforms

Power PC, Alpha, MIPS, x86

!drvobj

!drvobj address

!drvobj displays detailed information about a DRIVER_OBJECT.

Parameters

Address: The virtual address of a DRIVER_OBJECT.

Platforms

Power PC, Alpha, MIPS, x86

!drivers

!drivers

!drivers displays memory usage information and a list of each driver loaded on the target machine.

Platforms

Power PC, Alpha, MIPS, x86

!ed

!ed PhysicalAddress Data0 [Data1 ... DataN]

!ed writes a sequence of ULONG values into a specified physical address.

Parameters

PhysicalAddress: The physical address on the target machine that the data will be written to.
Data0: A ULONG value to be written into physical memory.
Data1 ... DataN: These parameters are optional. If specified, the values will be written in sequence into the physical address on the target machine specified by the parameter PhysicalAddress.

Platforms

Power PC, Alpha, MIPS, x86

!errlog

!errlog

!errlog displays the contents of any pending error log entries.

Platforms

Power PC, Alpha, MIPS, x86

Comments

This command will only display entries that were queued by IoWriteErrorLogEntry but have not been committed to the error log. This command can be used as a diagnostic aid to see pending error information which was unable to be committed to the error log before the system halted.

!exr

!exr Address

!exr displays the contents of an exception record.

Parameters

Address: The virtual address of an exception record.

Platforms

Power PC, Alpha, MIPS, x86

Comments

This command will display information related to an exception encountered on the target machine. The information displayed will include the exception address, exception code, exception flags, and a variable list of parameters to the exception.

!frag

!frag Flags

!frag displays fragmentation information about pool memory on the target system.

Parameters

Flags: The Flags parameter is used to control the detail level of the output from this command. The parameter can be one of the three following values:

    0  Minimum detail.
    1  Moderate detail
    2  Maximum detail.

Platforms

Power PC, Alpha, MIPS, x86

!filecache

!filecache

!filecache displays information regarding the system file cache memory and PTE usage.

Platforms

Power PC, Alpha, MIPS, x86

!handle

!handle [Handle] [Flags] [Process] [TypeName]

!handle displays information about a handle or handles owned by one or all processes in the target system.

Parameters

Handle: Specifies a handle value for which information should be displayed. This parameter is optional. However, if a value is specified for this parameter, then a value must be specified for Process.

Flags

Process: Specifies a process ID for a currently running process on the target system. This parameter is optional.

TypeName

Platforms

Power PC, Alpha, MIPS, x86

Comments

This command can be used to display all handles for a specified process. In order to do this, a value of 0xFFFFFFFF is required for Handle with a valid process ID specified for Process.

!heap

!heap [Address] [Detail]

!heap displays heap usage information in varying levels of detail for the current process.

Parameters

Address

Detail: The detail parameter is used to control the level of output that is displayed by this command. This parameter is optional. However, when specified the following values are valid:

    0 (default)    Summary information about the heap
    1        Level 0 information with the size and location
             all the committed and uncommitted regions.
    3        Level 1 information with the allocated and free
             blocks contained in each committed region
    4        Level 3 information with a dump of the free lists
             in the heap.

!irp

!irp Address [Verbose]

!irp displays information about an IRP.

Parameters

Verbose: If a value is specified for Verbose then a more detailed output of the IRP will be given.

Platforms

Power PC, Alpha, MIPS, x86

!irpfind

!irpfind [Options]

!irpfind displays information about all IRPs currently allocated in the target system.

Parameters

Options: If a nonzero value is specified for Options then a more detailed output of the IRPs allocated in the target system is displayed.

Platforms

Power PC, Alpha, MIPS, x86

!irpzone

!irpzone is an obsolete debugger extension command and debugger users should instead see !irpfind.

!kb

!kb

!kb displays a stack trace which is obtained from a trap frame. This command must be used after a !trap so that !kb can use the loaded trap frame information to find the call stack.

Platforms

Power PC, Alpha, MIPS, x86

!load

!load [DllName]

!load is used to load a new extension DLL into the debugger. Once this command has been completed, it allows the user to access the commands stored in the loaded extension.

Parameters

DllName: Specifies the fully qualified path and filename of the DLL to be loaded as a new extension.

Platforms

Power PC, Alpha,. MIPS, x86

!locks

!locks [Options] [Address]

!locks displays information about kernel ERESOURCE locks.

Parameters

Options

This parameter is optional. The following options can be specified to control the information output.

-V: Maximum output about each lock should be displayed.
-P: Performance lock information should be displayed

Address

This parameter is optional. Displays information about the ERESOURCE lock at the specified address. If Address is not specified, then information about all ERESOURCE locks in the system will be displayed.

Platforms

Power PC, Alpha, MIPS, x86

!lookaside

!lookaside [Address] [Options] [Depth]

!lookaside displays information or modifies information of a lookaside list on the target system.

Parameters

Address: Specifies an address for a lookaside list to be used. This parameter is optional. If Address is not specified, or if it is 0, then the system lookaside lists will be displayed.
Options: This parameter is used to control what operation will be taken with the lookaside list which was specified. This parameter is optional, however if it is specified then the following options are available:

    0 (default)    Displays information about the lookaside list
    1              Resets the counters of the lookaside list
    2              Modifies the depth of the lookaside list

Depth: This parameter is only used if a value of 2 is specified for Options. The value will be the new depth value set in the specified lookaside list.

Platforms

Power PC, Alpha, MIPS, x86

Comments

Options must be 0 or 1 if this command is being used to look or modify the system lookaside lists. If a 1 is specified, then it will reset the counters for all of the system lookaside lists which are displayed as part of this command.

!lpc

!lpc

!lpc displays information about all LPC ports and messages in the target system.

Platforms

Power PC, Alpha, MIPS, x86

!memusage

!memusage

!memusage displays a dump of the page frame database table from the Memory Manager.

Platforms

Power PC, Alpha, MIPS, x86

!noversion

!noversion

!noversion causes WinDbg to disable all version checking for extension DLLs.

Platforms

Power PC, Alpha, MIPS, x86

!object

!object [Address] [Name]

!object displays information about a system object.

Parameters

Address: Specifies the hexadecimal address of a valid system object to display information about.
Name: This parameter is optional. Specifies the name of a class of system object for which to display all instances. If specified, Address must be zero.

Comments

!object can also be used with to display information about the root directory holding all objects. If Address is specified to be the character ‘\’, then information about the root directory object will be displayed.

Platforms

Power PC, Alpha, MIPS, x86

!pcr

!pcr [Processor]

!pcr displays the current status of the PCR register on a specific processor.

Parameters

Processor: This parameter is optional. If specified, the value indicates the processor number to retrieve the PCR information from. If this value is not specified, the current processor will be used.

Platforms

Power PC, Alpha, MIPS, x86

!pfn

!pfn [Number] [Flags]

!pfn displays information about a specific page frame or the whole page frame database.

Parameters

Number: The hexadecimal number of the page frame to be displayed.
Flags: This parameter is optional. If specified as a nonzero value, it will cause !pfn to display the entire page frame table database.

Platforms

Power PC, Alpha, MIPS, x86

!pool

!pool [Address] [Flags]

!pool displays information about a specific pool allocation or can display information about the system wide pool.

Parameters

Address

Specifies a pool entry to display information about. If this is value is -1, it will information about the entire pool.

Flags

This parameter is optional. The following values are valid flag options.

0: Only summary information should be displayed.
1: Level 0 information with the addition of information about the location or size of regions in the block.
3: Level 1 information with the addition of information about the allocated and free blocks of memory in the committed regions.
4: Level 3 information with a display of the free list.

Platforms

Power PC, Alpha, MIPS, x86

!poolfind

!poolfind [Tag] [PoolType]

!poolfind is used to find all instances of a specific pool tag in either nonpaged or paged memory pools.

Parameters

Tag: Specifies the four-byte tag, used in the ExAllocateXxx family of functions, to find.
PoolType: This parameter is optional. If not specified or if zero, nonpaged pool memory is searched. If nonzero, paged pool memory is searched.

Comments

This command can take a significant amount of time to execute depending on the size of pool memory which must be searched.

Platforms

Power PC, Alpha, MIPS, x86

!poolused

!poolused [Flags]

!poolused displays memory usage summaries based on the tag used for each pool allocation.

Parameters

Flags

This parameter is optional. The following values are valid flags:

0: Sort by tag, summary level of information only. This is the default behavior if Flags is not specified.
1: Sort by tag, display verbose level of information.
2: Sort by nonpaged memory usage, display summary level of information.
3: Sort by nonpaged memory usage, display verbose level of information.
4: Sort by paged memory usage, display summary level of information.
5: Sort by paged memory usage, display verbose level of information.

Platforms

Power PC, Alpha, MIPS, x86

!process

!process [Address]

!process displays summary information about a process.

Parameters

Address: The hexadecimal address of the process on the target machine.

Platforms

Power PC, Alpha, MIPS, x86

!ready

!ready

!ready displays summary information about each thread in the system in a READY state.

Platforms

Power PC, Alpha, MIPS, x86

!reload

!reload [Module]

!reload reloads the symbols for a specified module.

Parameters

Module: Specifies the name of an image on the target system to reload symbols for on the host machine. If this parameter is specified to be the character ‘*’, all symbols will be reloaded.

Platforms

Power PC, Alpha, MIPS, x86

!srb

!srb [Address]

!srb displays information about an SRB request.

Parameters

Address: Specifies the hexadecimal address of the SRB on the target machine.

Platforms

Power PC, Alpha, MIPS, x86

!sympath

!sympath [NewPath]

!sympath changes the default path of the host debugger for symbol search.

Parameters

NewPath: The fully qualified path, on the host machine, of a new symbol search path.

Platforms

Power PC, Alpha, MIPS, x86

!thread

!thread [Address]

!thread displays summary information about a thread on the target system.

Parameters

Address: Specifies the hexadecimal address of the thread on the target machine.

Platforms

Power PC, Alpha, MIPS, x86

!trap

!trap [Address]

!trap displays summary information about a trap frame.

Parameters

Address: The hexadecimal address of the trap frame on the target system.

Platforms

Power PC, Alpha, MIPS, x86

!unload

!unload

!unload unloads the current extension DLL from the debugger on the host system.

Platforms

Power PC, Alpha, MIPS, x86

!vad

!vad [Address] [Flags]

!vad displays information about virtual address(s) on the target machine.

Parameters

Address: A virtual address on the target machine. This parameter must be a valid virtual address. However, if the Flags parameter is specified, this field will be ignored, but must remain valid.
Flags: If nonzero, displays information about only this virtual address. Otherwise, information about all virtual addresses will be displayed.

Platforms

Power PC, Alpha, MIPS, x86

!vm

!vm

!vm displays summary information about memory usage statistics on the target system.

Platforms

Power PC, Alpha, MIPS, x86