Search
Search

switching to user stack in kernel dumps

user3279954 Published at Dev
17
user3279954

Is there a way to switch to user mode of a particular process in a kernel dump while doing postmortem debugging ?

I remember doing this while live debugging using the .process command.

Thomas Weller

.process also works in kernel dumps. First, you can find your process using

!process 0 0 myprocess.exe

and then switch to that process using

.process <address>

where <address> is the hex number after PROCESS.

Note that you are still kernel debugging and you have only the physical memory of that process available (a.k.a. Working Set). The majority of virtual address space is probably swapped to disk and you cannot analyze that process as you would in user mode (especially for .NET programs, where you need the complete .NET heap).

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

From Dev

Switching from user mode to kernel mode

From Dev

Switching from user mode to kernel mode

From Dev

How to know the address range of kernel stack in user process and kernel thread?

From Dev

Is mode switch occur switching from user thread to kernel thread?

From Dev

Kernel Panic dumps no log files

From Dev

How to generate kernel crash dumps?

From Dev

How to examine user thread call stack from windbg kernel debugger?

From Dev

Switching Kernel Versions on Ubuntu

From Dev

How does linux kernel switch between user-mode and kernel-mode stack?

From Dev

Dumping only stack trace in linux core dumps

From Dev

What is a kernel stack used for?

From Dev

Windows Server debugging: view User Mode Stack in WDM Kernel Mode Driver Breakpoint

From Dev

Locking workstation or user switching

From Dev

Analyzing Mac OS X kernel core dumps part 2

From Dev

Switching user in Fabric using with settings(user='user')

From Dev

Switching back from development to default kernel

From Dev

How to enable crash reports/core dumps/stack trace logging globally?

From Dev

Switching from OVH kernel to default kernel without reinstalling Ubuntu

From Dev

Stack memory inside the Linux kernel

From Dev

Debug stack overruns in kernel modules

From Dev

Zigbee stack on Linux (mainline kernel)?

From Dev

Where to place the stack and load the kernel

From Dev

Debug stack overruns in kernel modules

From Dev

Recompile Kernel to Change Stack Size

From Dev

Zigbee stack on Linux (mainline kernel)?

From Java

TabView resets navigation stack when switching tabs

From Dev

How to perform fast user switching

From Dev

Show Windows' user switching screen

From Dev

Show Windows' user switching screen

Related Related

  1. 1

    Switching from user mode to kernel mode

  2. 2

    Switching from user mode to kernel mode

  3. 3

    How to know the address range of kernel stack in user process and kernel thread?

  4. 4

    Is mode switch occur switching from user thread to kernel thread?

  5. 5

    Kernel Panic dumps no log files

  6. 6

    How to generate kernel crash dumps?

  7. 7

    How to examine user thread call stack from windbg kernel debugger?

  8. 8

    Switching Kernel Versions on Ubuntu

  9. 9

    How does linux kernel switch between user-mode and kernel-mode stack?

  10. 10

    Dumping only stack trace in linux core dumps

  11. 11

    What is a kernel stack used for?

  12. 12

    Windows Server debugging: view User Mode Stack in WDM Kernel Mode Driver Breakpoint

  13. 13

    Locking workstation or user switching

  14. 14

    Analyzing Mac OS X kernel core dumps part 2

  15. 15

    Switching user in Fabric using with settings(user='user')

  16. 16

    Switching back from development to default kernel

  17. 17

    How to enable crash reports/core dumps/stack trace logging globally?

  18. 18

    Switching from OVH kernel to default kernel without reinstalling Ubuntu

  19. 19

    Stack memory inside the Linux kernel

  20. 20

    Debug stack overruns in kernel modules

  21. 21

    Zigbee stack on Linux (mainline kernel)?

  22. 22

    Where to place the stack and load the kernel

  23. 23

    Debug stack overruns in kernel modules

  24. 24

    Recompile Kernel to Change Stack Size

  25. 25

    Zigbee stack on Linux (mainline kernel)?

  26. 26

    TabView resets navigation stack when switching tabs

  27. 27

    How to perform fast user switching

  28. 28

    Show Windows' user switching screen

  29. 29

    Show Windows' user switching screen

HotTag

Archive