I see a crash in Explorer.exe, due to our security s/w dll loaded in to the Explorer.exe.
The crash happens during the shutdown of the system. The VM is connected to the Kernel debugger. I don't see Kernel debugger breaks when exception happens. I tried all debug event filters. But I could not success.
Can someone suggest me, why could not I see the break when there is an exception. I want to break into the debugger, exactly at the time of exception. Can I use SXE ud "dllName" in kernelmode to notify my when a perticula dll gets unloaded?
the exception was Explorer Crash, "The instruction at 0x6ad88b5 refrernced memory at 0x0000000. The memory could not be read"
This should work:
Now when explorer.exe crash and kernel debugger is connected, WinDbg should break.