How to specify threads in WinDbg (kernel debugging)

Question

Does anyone know how I can list all threads in WinDbg during kernel debugging. I found older links that say "~", but that doesn't work.

In particular, I am looking to find the identifier of the thread that caused the event, namely the breakpoint.

Thanks.

+4

user963228 Dec 24 '11 at 6:42

2 answers

Paul betts · Answer 1 · 2011-12-24T08:02:54+0000

~ only works in user mode. To list all the threads in the system !process 0 1 , as I recall (for a while).

"In particular, I am looking to find the identifier of the thread that caused the event, namely the breakpoint."

This operator does not make sense from kernel mode. Can you tell us more about your scenario?

Edit: And now I get it. You want to know which stream you are currently using. Give !thread a go.

snoone · Answer 2 · 2011-12-27T16:05:24+0000

You can always use the @ $ thread pseudo-registry to refer to the current thread object:

 0: kd> r @$thread $thread=fffff80002c02cc0

If you need a thread id, you need to dig it out of ETHREAD. Fortunately, the @ $ stream is typed as a pointer to ETHREAD if you use a C ++ evaluator:

 0: kd> ?? @$thread->Cid struct _CLIENT_ID +0x000 UniqueProcess : 0x00000000`00001408 Void +0x008 UniqueThread : 0x00000000`0000144c Void

-Scott