Looking for a crash

System crashes

REVEN v2.2.0

OS Windows 64-bit

Look for the symbol KeBugCheckEx in ntoskrnl:

crash_symbol = next(server.ossi.symbols("^KeBugCheckEx$",
                                        binary_hint="ntoskrnl"))
for ctx in server.trace.search.symbol(crash_symbol):
    print(f"System crash at {ctx}")

Related examples

Crash detection

Process crashes

REVEN v2.3.0

OS Windows 64-bit

Look for the symbol KiUserExceptionDispatch in ntdll:

crash_symbol = next(server.ossi.symbols("^KiUserExceptionDispatch$",
                                        binary_hint="ntdll"))
for ctx in server.trace.search.symbol(crash_symbol):
    process = ctx.ossi.process()
    print(f"{process.name} crashed at {ctx}")

Related examples

Crash detection

REVEN API Cookbook

Looking for a crash

System crashes

Process crashes