O'Reilly logo

Memory Dump Analysis Anthology, Volume 7 by Dmitry Vostokov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Event Owners

When we dump a stack trace collection (Volume 1, page 409) from a complete or kernel memory dump we see lots of synchronization and notification events, for example:

THREAD fffffa8003d33120  Cid 0734.0868  Teb: 000007fffffd4000 Win32Thread:
fffff900c07182e0 WAIT: (UserRequest) UserMode Alertable
fffffa8003413d20  NotificationEvent
fffffa80020b5170  NotificationEvent fffffa80017f31e0 NotificationEvent fffffa80013f8cf0 NotificationEvent fffffa8002547ee0 NotificationEvent fffffa8002547e80 NotificationEvent fffffa8004186100 NotificationEvent fffffa8003dcfa80 NotificationEvent fffffa8003df6870 NotificationEvent fffffa8003bbd5e0 NotificationEvent fffffa8003b5d4e0 NotificationEvent fffffa800390c690 NotificationEvent fffffa8003dbc410 NotificationEvent ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required