In Windbg what command will display all function names or addresses that call a specific function?

Question

I need to obtain the addresses (absolute) of all functions that call the below function. Can this be done in Windbg ?

The function that I would like to find all callers of is KeBugCheckEx

lkd> uf nt!KeBugCheckEx

Answer 1

That cannot be a realistic requirement

KeBugCheckEx is an exported Function as such it can be called by AnyOne who wants to call it

dumpbin /exports c:\Windows\System32\ntoskrnl.exe  | findstr "KeBugCheckEx"
       1114  442 003F8FA0 KeBugCheckEx

over and above as commented by Raymond chen indirect calls are not resolvable statically

still if you want to go ahead try this

this may scrap around 50% hopefully :)

0: kd> lm m nt
start             end                 module name
fffff800`73800000 fffff800`74846000   nt         (pdb symbols)          f:\symbols\ntkrnlmp.pdb\68A17FAF3012B7846079AEECDBE0A5831\ntkrnlmp.pdb
0: kd> .hh
0: kd> # KeBugCheckEx fffff800`73800000 L?(fffff800`74846000-fffff800`73800000)
*** WARNING: Unable to verify timestamp for volmgrx.sys
nt!ExAcquireFastMutexUnsafe+0x12f:
fffff800`73a0971f e87cf81e00      call    nt!KeBugCheckEx (fffff800`73bf8fa0)
nt!MiIdentifyPfn+0xd1b:
fffff800`73a0d94b e850b61e00      call    nt!KeBugCheckEx (fffff800`73bf8fa0)
nt!ExAcquireFastMutex+0x14a:
fffff800`73a0dbaa e8f1b31e00      call    nt!KeBugCheckEx (fffff800`73bf8fa0)
nt!ExAcquireCacheAwarePushLockSharedEx+0x14a:
fffff800`73a0df1a e881b01e00      call    nt!KeBugCheckEx (fffff800`73bf8fa0)
nt!ExAcquirePushLockExclusiveEx+0x146:
fffff800`73a0e4b6 e8e5aa1e00      call    nt!KeBugCheckEx (fffff800`73bf8fa0)
nt!ExAcquirePushLockSharedEx+0x13d:
fffff800`73a0e66d e82ea91e00      call    nt!KeBugCheckEx (fffff800`73bf8fa0)
nt!ExReleaseResourceLite+0x18d:
fffff800`73a0ef7d e81ea01e00      call    nt!KeBugCheckEx (fffff800`73bf8fa0)
nt!ExAcquireResourceExclusiveLite+0x2eb:

:>python -c print(len((open('callkebug.txt','r')).readlines())) 3224