O'Reilly logo

Memory Dump Analysis Anthology, Volume 7 by Dmitry Vostokov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Disk Packet Buildup

This is similar to Network Packet Buildup (page 82) pattern. It can be detectable either through SCSI WinDbg extension or using IRP Distribution Anomaly (Volume 1, page 459) pattern:

 0: kd> .load scsikd 0: kd> !scsikd.classext Storage class devices: * !classext fffffa80026395b0 [1,2] SAMSUNG HS082HB Paging Disk Usage: !classext <class device> <level [0-2]> 0: kd> !scsikd.classext fffffa80026395b0 Storage class device fffffa80026395b0 with extension at fffffa8002639700 Classpnp Internal Information at fffffa8002648010 -- dt classpnp!_CLASS_PRIVATE_FDO_DATA fffffa8002648010 -- Classpnp External Information at fffffa8002639700 SAMSUNG HS082HB NL100-01 S140JR0SA00025 Minidriver information at fffffa8002639bc0 Attached device ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required