search

microsoftfeedback / WinDbg-Feedback

Public issue and feedback tracking for WinDbg Preview.
Creative Commons Attribution 4.0 International
49 stars 12 forks source link

!pool stopped working in 1809 #3

Open rodwiddowson opened 5 years ago

rodwiddowson commented 5 years ago

As well as consuming 'egregious' amounts of kernel stack, the new pool package in RS5 broke the windbg !pool command in WinDbg (both the app and the old style one).

I haven't met a single kernel dev who doesn't view this as critically impacting their ability to work with late versions Win10.

See also this link

aluhrs13 commented 5 years ago

Can you share more details about the exact errors you're seeing and OS version? That issue was fixed a while back, so a fully patched 1809/RS5 should be working again.

rodwiddowson commented 5 years ago

@aluhrs13 Thanks for getting back to me.

Hope this helps.

nt!ExAllocatePoolWithTag:
fffff807`065fb030 48895c2408      mov     qword ptr [rsp+8],rbx
1: kd> gu
0: kd> !pool @rax
Failed to read heap key
0: kd> lm vm nt
Browse full module list
start             end                 module name
fffff807`062b1000 fffff807`06d22000   nt         (pdb symbols)          D:\Program Files (x86)\Windows Kits\10\Debuggers\x64\sym\ntkrnlmp.pdb\4537E1C06FC8D20BF2F4D315925632E01\ntkrnlmp.pdb
    Loaded symbol image file: ntkrnlmp.exe
    Image path: ntkrnlmp.exe
    Image name: ntkrnlmp.exe
    Browse all global symbols  functions  data
    Image was built with /Brepro flag.
    Timestamp:        99C0087B (This is a reproducible build file hash, not a timestamp)
    CheckSum:         0093E20B
    ImageSize:        00A71000
    File version:     10.0.17763.504
    Product version:  10.0.17763.504
    File flags:       0 (Mask 3F)
    File OS:          40004 NT Win32
    File type:        1.0 App
    File date:        00000000.00000000
    Translations:     0409.04b0
    Information from resource tables:
        CompanyName:      Microsoft Corporation
        ProductName:      Microsoft® Windows® Operating System
        InternalName:     ntkrnlmp.exe
        OriginalFilename: ntkrnlmp.exe
        ProductVersion:   10.0.17763.504
        FileVersion:      10.0.17763.504 (WinBuild.160101.0800)
        FileDescription:  NT Kernel & System
        LegalCopyright:   © Microsoft Corporation. All rights reserved.

Unable to enumerate user-mode unloaded modules, Win32 error 0n30

This was during reboot after a windows update.

WindBg version 10.0.17763.1 dated 14/Sep/2018 22:12

As time allows today I'll poke about some more. Let me know if you need anything else/what I'm doing wrong