O'Reilly logo

Memory Dump Analysis Anthology, Volume 7 by Dmitry Vostokov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

System Object

Certain System Objects can be found in object directory and can be useful to see additional system and other product activity. For example, in a complete memory dump we see that LowCommitCondition event is signalled:

1: kd> !object \KernelObjects
Object: 85a08030 Type: (82b38ed0) Directory
ObjectHeader: 85a08018 (old version)
HandleCount: 0 PointerCount: 19
Directory Object: 85a074c0 Name: KernelObjects
Hash Address  Type        Name
---- -------  ----        ----
02   82b7b0b8 Event       HighCommitCondition
04   82b7b780 Event       HighMemoryCondition
10   82b7b178 Event       LowNonPagedPoolCondition
11   82b7b138 Event       HighNonPagedPoolCondition
17   82b7b0f8 Event       LowCommitCondition 20 82b78d08 Event SuperfetchParametersChanged 82b6eb58 Event BootLoaderTraceReady ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required