Deadlocks and critical sections

Still playing with WinDbg scripting and applying them to dump analysis. The following script will uncover deadlocks and critical section contention in user mode processes (including services) if you run it against complete memory dump:

$$
$$ List owned critical sections in user processes
$$
r $t0 = nt!PsActiveProcessHead
.for (r $t1 = poi(@$t0); (@$t1 != 0) & (@$t1 != @$t0); r $t1 = poi(@$t1))
{
    r? $t2 = #CONTAINING_RECORD(@$t1, nt!_EPROCESS, ActiveProcessLinks);
    .process @$t2
    .reload
    !ntsdexts.locks
}

To run it save in a file and use the following command in WinDbg: $$><script.txt 

- Dmitry Vostokov -

One Response to “Deadlocks and critical sections”

  1. Dmitry Vostokov Says:

    Another alternative would be to use the following command instead of the script:

    !for_each_process ".process /r /p @#Process; !ntsdexts.locks"

Leave a Reply

You must be logged in to post a comment.