WinDBG: How to get the underlying FILE_OBJECT from a WDFFILEOBJECT handle?
I'm having a WDFFILEOBJECT handle(0x0000057fedd9b8b8), and I want to know its underlying FILE_OBJECT address, so that I can use !object xxxx to query the FILE_OBJECT's .PointerCount and .HandleCount. What windbg command can I use?
!wdfkd.wdfhandle 0x0000057fedd9b8b8 f0 does not seems to provide that information.
Were it a WDFDEVICE handle, I know !wdfkd.wdfdevice can tell me the underlying DEVICE_OBJECT, but what about WDFFILEOBJECT?
====== SOLVED (many days later) =====
According to snoone's hint, I figured it out. Live information below:
This time, FileObject=0x0000057fede811b8 .
I have to use !wdfkd.handle 0x0000057fede811b8 f0 first, because the handle value 0x0000057fede811b8 is not a valid kernel address, !wdfkd.handle tells the real kernel address for the KMDF FxObject behind the handle.
Try using the dt command specified in the output (dt wdf01000!FxFileObject 0x)
- Could not find the ... dump file, Win32 error 0n87 when opening SYS
- Are there any WinDBG replacements with a better GUI?
- No stack when creating "kernel" dump with procdump -mk
- Provide symbol server auth to windows debugger
- How to set up symbols in WinDbg?
- How to see managed exception details in WinDBG?
- Find address of C++ static class member using WinDbg
- Confusion over CPSR register for Aarch64: how to read it and encoding of the "ARM processor mode"
- Why can't Windbg's SOS extension give me Syncblock data?
- Setting a breakpoint on CreateFile() API in WinDbg
- Debuggers don't kick in when application crashes
- Unable to set a bp on LoadLibraryW
- WinDbg: Couldn't resolve error at xyz!abc::func while setting breakpoint
- TTD fails to do selective recording of multiple modules
- How to debug a windows driver with IDA and use its corresponding IDB?
- What is the location for windbg Preview in windows 10?And how to rename a project name in visual studio 2019?
- How to do hybrid user-mode/kernel-mode debugging?
- How do I get CDB to display the value of a std::filesystem::path?
- How do I get CDB to show source lines for Microsoft’s C++ Standard Library?
- How do I use a remote Linux system to debug an application that’s running on Windows?
- Debugging Windows kernel on a Microsoft Azure platform virtual machine
- what does windbg command "d esp" exactly do?
- SOS does not support the current target architecture
- How to use WinDbg to analyze the crash dump for VC++ application?
- What are possible GDI objects that would be leaked but not enumerated as a known GDI object type?
- Windbg expects different version of mscordacwks.dll
- How to determine length of null-terminated string in WinDbg
- Tracing CSP calls within Windows Crypto API
- How to pull .natvis data out of a PDB?
- WinDbg/SOS: Explanation of !SyncBlk output