Jump-start your project by learning from devs who
write Windows drivers and file systems every day.
Take an OSR seminar!

OSR is Hiring! Click here to find out more.

Go Back   OSR Online Lists > windbg
link Finding the owner of a mutex
Welcome, Guest
You must login to post to this list
  Message 1 of 2  
13 Feb 10 01:03
windbg member 46037
xxxxxx@gmail.com
Join Date:
Posts To This List: 1
Finding the owner of a mutex
I have a deadlock I'm trying to figure out. From !locks: Resource @ 0xfffffa8007ce65d0 Exclusively owned Contention Count = 9 NumberOfExclusiveWaiters = 2 Threads: fffffa800764fae0-01<*> Threads Waiting On Exclusive Access: fffffa8004b65b60 fffffa800425eb60 So fffffa800764fae0 is blocking fffffa8004b65b60 and fffffa800425eb60. When I look at fffffa800764fae0, I get: THREAD fffffa800764fae0 Cid 08c0.13e4 Teb: 000000007efdb000 Win32Thread: 0000000000000000 WAIT: (WrGuardedMutex) KernelMode Non-Alertable fffffa8005ea7388 Gate My thought was I should try to figure out what the guarded mutex is that fffffa800764fae0 is blocked on. I'm really new to kernel debugging, but I tried doing: 0: kd> dt _KGUARDED_MUTEX fffffa8005ea7388 nt!_KGUARDED_MUTEX +0x000 Count : 393479 +0x008 Owner : 0xfffffa80`0764fbe8 _KTHREAD +0x010 Contention : 0x4b28358 +0x018 Gate : _KGATE +0x030 KernelApcDisable : 7 +0x032 SpecialApcDisable : 0 +0x030 CombinedApcDisable : 7 0: kd> !thread fffffa80`0764fbe8 fffffa800764fbe8 is not a thread object, interpreting as stack value... TYPE mismatch for thread object at fffffa800764fbe What's the correct way to find the owner of the mutex that 0xfffffa8007ce65d0 is waiting on? I think the address that !thread gave me for the resource isn't a _KGUARDED_MUTEX since the dump of the address using that type didn't seem to work. Is there another way to do this?
  Message 2 of 2  
13 Feb 10 01:26
Pavel Lebedinsky
xxxxxx@microsoft.com
Join Date: 24 Feb 2009
Posts To This List: 62
Re: Finding the owner of a mutex
> THREAD fffffa800764fae0 Cid 08c0.13e4 Teb: 000000007efdb000 Win32Thread: > 0000000000000000 WAIT: (WrGuardedMutex) KernelMode Non-Alertable > fffffa8005ea7388 Gate > > My thought was I should try to figure out what the guarded mutex is that > fffffa800764fae0 is blocked on. I'm really new to kernel debugging, but I > tried > doing: > > 0: kd> dt _KGUARDED_MUTEX fffffa8005ea7388 <...excess quoted lines suppressed...> fffffa8005ea7388 is the address of a KGATE object, which is at offset 0x18 in KGUARDED_MUTEX. So you need to subtract 0x18 to get the address of the mutex: 0: kd> dt _KGUARDED_MUTEX fffffa8005ea7388 - 18 -- Pavel Lebedinsky/Windows Fundamentals Test This posting is provided "AS IS" with no warranties, and confers no rights.
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the windbg list to be able to post.

All times are GMT -5. The time now is 01:53.

Contact Us - Osr Online Homepage - Top

Copyright ©2012, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license