INVALID_KERNEL_HANDLE (93) Crash

Windows debugger tips and skill
Post a reply

INVALID_KERNEL_HANDLE (93) Crash

Postby admin » Thu Apr 23, 2015 4:18 pm

How to trace who closes a file handle?

with Driver Verifier enabled (verifier.exe /standard /driver
mydriver.sys), Handle Tracing will be enabled for the System process. You might
be able to find who closed the handle this way:

1. Find the address of the System process:

0: kd> !process 4 0
Searching for Process with Cid == 4
Cid Handle table at 948ef000 with 620 Entries in use
PROCESS 843edd40 SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000
DirBase: 00185000 ObjectTable: 89201df0 HandleCount: 480.
Image: System

843edd40 is the System process' address on my machine.

2. Check if someone closed that handle recently:

0: kd> !htrace 0xcc8 843edd40
admin
Site Admin
 
Posts: 164
Joined: Thu Sep 16, 2010 6:03 am
Top
Post a reply

Return to WinDbg Tips

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
cron