NoBrassRing
Reputation: 493
windbg output from !thread?
Running windbg on a full memory dump. The !process command generates thread information (see below). Frequently the THREAD line is followed by multiple event-like things, like "fffffa800a0c0060 SynchronizationTimer". What do they signify? Are they objects the thread owns? Or is waiting on?
THREAD fffffa8005718b50 Cid 16c0.1660 Teb: 00000000fffd8000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Alertable
fffffa800a0c0060 SynchronizationTimer
fffffa800a7c1060 SynchronizationTimer
<etc...>
fffffa8007a9f4e0 SynchronizationEvent
fffffa800ae48b20 SynchronizationTimer
Not impersonating
DeviceMap fffff8a01480f1e0
Upvotes: 0
Views: 448
Answers (1)
conio
Reputation: 3718
A thread doesn't really own objects, so it has to be the latter.
The documentation doesn't say this, but it's mentioned, for example, here: How can I work out what events are being waited for with WinDBG in a kernel debug session
Upvotes: 1
Related Questions
- How to list threads in WinDbg (kernel debugging)
- Windbg, how to read the !locks output?
- Analyzing output of !threadpool and !threads in windbg
- Find the reason why a thread starts
- Windbg: How to show thread details inside thread execute command?
- How do you set the current thread when using windbg
- How to examine user thread call stack from windbg kernel debugger?
- How to get the parent thread in WinDBG?
- !syncblk identify waiting threads
- Windbg stack trace issue