none
win8 x86 debugging , handleCount information not accessible? RRS feed

  • Question

  • I am debugging x86 win8 machine and following is the output with winDbg 6.2.9200.16384. As you can see for most processes that are live the handleCount data is not accessible, however if i change the target machine to win7 the data is indeed available. Bug in windbg?

    kd> !process 0 0

    **** NT ACTIVE PROCESS DUMP ****
    PROCESS 8588cb00  SessionId: none  Cid: 0004    Peb: 00000000  ParentCid: 0000
        DirBase: 00185000  ObjectTable: 83003000  HandleCount: <Data Not Accessible>
        Image: System

    PROCESS 86c34cc0  SessionId: none  Cid: 0218    Peb: 7fe25000  ParentCid: 0004
        DirBase: 3e03d020  ObjectTable: 8d089640  HandleCount: <Data Not Accessible>
        Image: smss.exe

    PROCESS 8f95ecc0  SessionId: 0  Cid: 0298    Peb: 7f0b3000  ParentCid: 0290
        DirBase: 3e03d080  ObjectTable: 8e86b540  HandleCount: <Data Not Accessible>
        Image: csrss.exe

    PROCESS 8ee099c0  SessionId: 1  Cid: 02d0    Peb: 7fb45000  ParentCid: 0218
        DirBase: 3e03d0a0  ObjectTable: 00000000  HandleCount:   0.
        Image: smss.exe

    PROCESS 86b959c0  SessionId: 0  Cid: 02d8    Peb: 7fc3f000  ParentCid: 0290
        DirBase: 3e03d0c0  ObjectTable: 8d04a1c0  HandleCount: <Data Not Accessible>
        Image: wininit.exe

    PROCESS 85962cc0  SessionId: 1  Cid: 0308    Peb: 7f763000  ParentCid: 02d0
        DirBase: 3e03d040  ObjectTable: 92895500  HandleCount: <Data Not Accessible>
        Image: csrss.exe

    PROCESS 8596bcc0  SessionId: 1  Cid: 0324    Peb: 7f4ef000  ParentCid: 02d0
        DirBase: 3e03d0e0  ObjectTable: 928aac40  HandleCount: <Data Not Accessible>
        Image: winlogon.exe

    PROCESS 859a3040  SessionId: 0  Cid: 0350    Peb: 7fc9d000  ParentCid: 02d8
        DirBase: 3e03d060  ObjectTable: 8bdffe80  HandleCount: <Data Not Accessible>
        Image: services.exe


    Wednesday, March 13, 2013 7:19 PM

All replies

  • May be windbg is not yet updated to handle the changed HANDLE_TABLE struct? Below is the difference in the handle table and handle table entry structs between win7 x86 and win 8 x86.

    Win8 x86
    =============

    kd> dt _handle_table
    nt!_HANDLE_TABLE
       +0x000 NextHandleNeedingPool : Uint4B
       +0x004 ExtraInfoPages   : Int4B
       +0x008 TableCode        : Uint4B
       +0x00c QuotaProcess     : Ptr32 _EPROCESS
       +0x010 HandleTableList  : _LIST_ENTRY
       +0x018 UniqueProcessId  : Uint4B
       +0x01c Flags            : Uint4B
       +0x01c StrictFIFO       : Pos 0, 1 Bit
       +0x01c EnableHandleExceptions : Pos 1, 1 Bit
       +0x01c Rundown          : Pos 2, 1 Bit
       +0x01c Duplicated       : Pos 3, 1 Bit
       +0x020 HandleContentionEvent : _EX_PUSH_LOCK
       +0x024 HandleTableLock  : _EX_PUSH_LOCK
       +0x028 FreeLists        : [1] _HANDLE_TABLE_FREE_LIST
       +0x028 ActualEntry      : [20] UChar
       +0x03c DebugInfo        : Ptr32 _HANDLE_TRACE_DEBUG_INFO
       
    kd> dt _handle_table_entry
    nt!_HANDLE_TABLE_ENTRY
       +0x000 VolatileLowValue : Int4B
       +0x000 LowValue         : Int4B
       +0x000 InfoTable        : Ptr32 _HANDLE_TABLE_ENTRY_INFO
       +0x000 Unlocked         : Pos 0, 1 Bit
       +0x000 Attributes       : Pos 1, 2 Bits
       +0x000 ObjectPointerBits : Pos 3, 29 Bits
       +0x004 HighValue        : Int4B
       +0x004 NextFreeHandleEntry : Ptr32 _HANDLE_TABLE_ENTRY
       +0x004 LeafHandleValue  : _EXHANDLE
       +0x004 GrantedAccessBits : Pos 0, 25 Bits
       +0x004 ProtectFromClose : Pos 25, 1 Bit
       +0x004 RefCnt           : Pos 26, 6 Bits

    ===================================================================

    win 7 x86
    ===========

    kd> dt _handle_table
    nt!_HANDLE_TABLE
       +0x000 TableCode        : Uint4B
       +0x004 QuotaProcess     : Ptr32 _EPROCESS
       +0x008 UniqueProcessId  : Ptr32 Void
       +0x00c HandleLock       : _EX_PUSH_LOCK
       +0x010 HandleTableList  : _LIST_ENTRY
       +0x018 HandleContentionEvent : _EX_PUSH_LOCK
       +0x01c DebugInfo        : Ptr32 _HANDLE_TRACE_DEBUG_INFO
       +0x020 ExtraInfoPages   : Int4B
       +0x024 Flags            : Uint4B
       +0x024 StrictFIFO       : Pos 0, 1 Bit
       +0x028 FirstFreeHandle  : Uint4B
       +0x02c LastFreeHandleEntry : Ptr32 _HANDLE_TABLE_ENTRY
       +0x030 HandleCount      : Uint4B
       +0x034 NextHandleNeedingPool : Uint4B
       +0x038 HandleCountHighWatermark : Uint4B

    kd> dt _handle_table_entry
    nt!_HANDLE_TABLE_ENTRY
       +0x000 Object           : Ptr32 Void
       +0x000 ObAttributes     : Uint4B
       +0x000 InfoTable        : Ptr32 _HANDLE_TABLE_ENTRY_INFO
       +0x000 Value            : Uint4B
       +0x004 GrantedAccess    : Uint4B
       +0x004 GrantedAccessIndex : Uint2B
       +0x006 CreatorBackTraceIndex : Uint2B
       +0x004 NextFreeTableEntry : Uint4B

    Wednesday, March 13, 2013 7:40 PM