WinDBG: How to get the underlying FILE_OBJECT from a WDFFILEOBJECT handle?
I'm having a WDFFILEOBJECT handle(0x0000057fedd9b8b8), and I want to know its underlying FILE_OBJECT address, so that I can use !object xxxx to query the FILE_OBJECT's .PointerCount and .HandleCount. What windbg command can I use?
!wdfkd.wdfhandle 0x0000057fedd9b8b8 f0 does not seems to provide that information.
Were it a WDFDEVICE handle, I know !wdfkd.wdfdevice can tell me the underlying DEVICE_OBJECT, but what about WDFFILEOBJECT?
====== SOLVED (many days later) =====
According to snoone's hint, I figured it out. Live information below:
This time, FileObject=0x0000057fede811b8 .
I have to use !wdfkd.handle 0x0000057fede811b8 f0 first, because the handle value 0x0000057fede811b8 is not a valid kernel address, !wdfkd.handle tells the real kernel address for the KMDF FxObject behind the handle.
Try using the dt command specified in the output (dt wdf01000!FxFileObject 0x)
- How do I get CDB to display the value of a std::filesystem::path?
- How do I get CDB to show source lines for Microsoft’s C++ Standard Library?
- How do I use a remote Linux system to debug an application that’s running on Windows?
- Debugging Windows kernel on a Microsoft Azure platform virtual machine
- what does windbg command "d esp" exactly do?
- SOS does not support the current target architecture
- How to use WinDbg to analyze the crash dump for VC++ application?
- What are possible GDI objects that would be leaked but not enumerated as a known GDI object type?
- Windbg expects different version of mscordacwks.dll
- How to determine length of null-terminated string in WinDbg
- Tracing CSP calls within Windows Crypto API
- How to pull .natvis data out of a PDB?
- WinDbg/SOS: Explanation of !SyncBlk output
- How Windows Handle to associate corresponding object type?
- core dump files batch processing (Windows)
- windbg .shell passes the entire script to cmd, ending in "The command line is too long"
- WinDBG not able to read symbol path string set with the _NT_SYMBOL_PATH environment variable
- _NT_SYMBOL_PATH format
- Updating WinDbg Preview
- Could not find the ... dump file, Win32 error 0n87
- How to use the ah series commands of windbg?
- Is 0x0000ffff the default load count of a dll in windows?
- How to escape an asterisk in a Python related library?
- Heap extension command fails: failed to initialize the extention
- Powershell: Call Debug Analyzer cdb.exe as Process
- Is there a Windbg command to find out if a process is a 32-bit one or a 64-bit one?
- How do I debug a .NET Core console app with WinDbg by "Launch executable"?
- How to output partial of the result !da address with windbg?
- Application Verifier Stop: An HKEY was leaked
- How to get Windbg x86 version?