O'Reilly logo

Memory Dump Analysis Anthology, Volume 7 by Dmitry Vostokov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Disconnected Network Adapter

Sometimes we need to check network adapters (miniports) to see whether they are up, down, connected or disconnected. This can be done using ndiskd WinDbg extension and its commands. Here is an example from a kernel memory dump:

1: kd> !ndiskd.miniports
raspptp.sys, v0.0
  88453360 NetLuidIndex  1, IfIndex  3,  WAN Miniport (PPTP)
raspppoe.sys, v0.0
  884860e8 NetLuidIndex  0, IfIndex  4,  WAN Miniport (PPPOE)
ndiswan.sys, v0.0
  8842f0e8 NetLuidIndex  0, IfIndex  5,  WAN Miniport (IPv6)
  8842e0e8 NetLuidIndex  3, IfIndex  6,  WAN Miniport (IP)
rasl2tp.sys, v0.0
  8842b0e8 NetLuidIndex  0, IfIndex  2,  WAN Miniport (L2TP)
E1G60I32.sys, v8.1
  84b730e8 NetLuidIndex  4, IfIndex  8,  Intel(R) PRO/1000 MT Network
Connection tunnel.sys, v1.0 84b370e8 ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required