!errlog

The !errlog extension displays the contents of any pending entries in the I/O system's error log.

Only entries that were queued by IoWriteErrorLogEntry but have not been committed to the error log will be displayed.

This command can be used as a diagnostic aid after a system crash because it reveals pending error information that was unable to be committed to the error log before the system halted.

nt!IoWriteErrorLogEntry+0x114:
fffff800`02d5de64 803d96b9110000  cmp     byte ptr [nt!IopErrorLogSessionPending (fffff800`02e79801)],0
fffff800`02d5de6b 488b05e6c21100  mov     rax,qword ptr [nt!IopErrorLogListHead+0x8 (fffff800`02e7a158)]
fffff800`02d5de72 488d4b08        lea     rcx,[rbx+8]
fffff800`02d5de76 48894310        mov     qword ptr [rbx+10h],rax
fffff800`02d5de7a 488d15cfc21100  lea     rdx,[nt!IopErrorLogListHead (fffff800`02e7a150)]
fffff800`02d5de81 488911          mov     qword ptr [rcx],rdx
fffff800`02d5de84 488908          mov     qword ptr [rax],rcx
fffff800`02d5de87 48890dcac21100  mov     qword ptr [nt!IopErrorLogListHead+0x8 (fffff800`02e7a158)],rcx
fffff800`02d5de8e 7533            jne     nt!IoWriteErrorLogEntry+0x173 (fffff800`02d5dec3)

IDebugDataSpaces::ReadDebuggerData

Index: DEBUG_DATA_IopErrorLogListHeadAddr  Returns the address of the kernel variable IopErrorLogListHead.