Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Where can I get the current tick count in a 64-bit windows dump?

There's one symbol named KeTickCount which works in 32-bit, but when I applied that in my 64-bit dump (Windows 2008), it doesn't work anymore. Did windows change the value?

The only approach I can do is that use ".time" to get the current uptime and multiply it with ticksPerSecond, which is troublesome and inaccurate.

like image 815
liujinmarshall Avatar asked Nov 04 '22 06:11

liujinmarshall


1 Answers

Run !kuser to get at that in windbg.

like image 113
Neeraj Singh Avatar answered Nov 15 '22 06:11

Neeraj Singh



Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!