!errlog

The !errlog extension displays the contents of any pending entries in the I/O system's error log.

Only entries that were queued by IoWriteErrorLogEntry but have not been committed to the error log will be displayed.

This command can be used as a diagnostic aid after a system crash because it reveals pending error information that was unable to be committed to the error log before the system halted.

nt!IoWriteErrorLogEntry+0x114:
fffff800`02d5de64 803d96b9110000  cmp     byte ptr [nt!IopErrorLogSessionPending (fffff800`02e79801)],0
fffff800`02d5de6b 488b05e6c21100  mov     rax,qword ptr [nt!IopErrorLogListHead+0x8 (fffff800`02e7a158)]
fffff800`02d5de72 488d4b08        lea     rcx,[rbx+8]
fffff800`02d5de76 48894310        mov     qword ptr [rbx+10h],rax
fffff800`02d5de7a 488d15cfc21100  lea     rdx,[nt!IopErrorLogListHead (fffff800`02e7a150)]
fffff800`02d5de81 488911          mov     qword ptr [rcx],rdx
fffff800`02d5de84 488908          mov     qword ptr [rax],rcx
fffff800`02d5de87 48890dcac21100  mov     qword ptr [nt!IopErrorLogListHead+0x8 (fffff800`02e7a158)],rcx
fffff800`02d5de8e 7533            jne     nt!IoWriteErrorLogEntry+0x173 (fffff800`02d5dec3)

IDebugDataSpaces::ReadDebuggerData

Index: DEBUG_DATA_IopErrorLogListHeadAddr  Returns the address of the kernel variable IopErrorLogListHead.

!vm --Physical memory

1: kd> !vm

*** Virtual Memory Usage ***

Physical Memory:      387422 (   1549688 Kb)

The physical memory size is the MmNumberOfPhysicalPages * (page size)

You can implement it using the dbgeng.dll

IDebugDataSpaces::ReadDebuggerData

The ReadDebuggerData method returns information about the target that the debugger engine has queried or determined during the current session. The available information includes the locations of certain key target kernel locations, specific status values, and a number of other things.

HRESULT ReadDebuggerData(
  [in]             ULONG Index,
  [out]            PVOID Buffer,
  [in]             ULONG BufferSize,
  [out, optional]  PULONG DataSize
);

DEBUG_DATA_MmNumberOfPhysicalPagesAddr

ULONG64

Returns the address of the kernel variableMmNumberOfPhysicalPages.




DEBUG_DATA_MmPageSize

ULONG64

Returns the page size.