Can't get deferred breakpoints to work correctly

WINDBG
1

I’m trying to set a breakpoint on a line of code within my DriverEntry. I
used the BU command and the ‘source file:line number’. The first time I did
this I had the wrong symbol file loaded for the driver running but the
breakpoint fired when the driver loaded (the source line displayed didn’t
match the actual code but that would be expected with the wrong symbols).

I then stopped the driver, installed the correct driver (to match my symbol
file) and restarted the driver. But this time the breakpoint didn’t fire.
I tried unloading the symbols, exiting Windbg, resetting the breakpoint but
I can’t get the breakpoint to work again. I’m going to reboot the machine
and see if that resolves the issue.

I’ve tried setting the breakpoint from the GUI (using F9 on the source line)
but that doesn’t work unless the driver is loaded.

I’m using Windbg 3.0.0010.0. My target is Windows XP RC1. The driver is
actually an NT driver (I’m using XP to get the benefits of Driver Verifier).

I’ve only been using Windbg about a month or so (previous SoftICE user) so
perhaps I’m just not doing something simple.

Thanks in advance,

  • Steve -

You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

2

Try entering the command as:

bp mydriver!DriverEntry

If this fails try:

x mydriver!DriverEntry

This will view the symbolic information in your symbols concerning
DriverEntry to insure that it exists.

u mydriver!DriverEntry mydriver!DriverEntry+300

For Example:

1: kd> u NetBt!DriverEntry NetBt!DriverEntry+300
netbt!DriverEntry:
f7611fc0 55 push ebp
f7611fc1 33c0 xor eax,eax
f7611fc3 8bec mov ebp,esp
f7611fc5 83ec20 sub esp,0x20
f7611fc8 53 push ebx
f7611fc9 8945f4 mov [ebp-0xc],eax
f7611fcc 56 push esi
f7611fcd 8945f8 mov [ebp-0x8],eax
f7611fd0 57 push edi
f7611fd1 8945f0 mov [ebp-0x10],eax
f7611fd4 e87f99ffff call netbt!TdiInitialize (f760b958)
f7611fd9 64a124010000 mov eax,fs:[00000124]
f7611fdf 8b4044 mov eax,[eax+0x44]
f7611fe2 8d4df0 lea ecx,[ebp-0x10]

You could set a bp right after the call to netbt!TdiInitialize by
issueis

bp f7611fd9

Then a bl commmand would list the breakpoint as

netbt!TdiInitialize+14

-----Original Message-----
From: Steve Whitman [mailto:xxxxx@cognex.com]
Sent: Tuesday, July 17, 2001 9:34 AM
To: Kernel Debugging Interest List
Subject: [windbg] Can’t get deferred breakpoints to work correctly

I’m trying to set a breakpoint on a line of code within my DriverEntry.
I used the BU command and the ‘source file:line number’. The first time
I did this I had the wrong symbol file loaded for the driver running but
the breakpoint fired when the driver loaded (the source line displayed
didn’t match the actual code but that would be expected with the wrong
symbols).

I then stopped the driver, installed the correct driver (to match my
symbol
file) and restarted the driver. But this time the breakpoint didn’t
fire. I tried unloading the symbols, exiting Windbg, resetting the
breakpoint but I can’t get the breakpoint to work again. I’m going to
reboot the machine and see if that resolves the issue.

I’ve tried setting the breakpoint from the GUI (using F9 on the source
line) but that doesn’t work unless the driver is loaded.

I’m using Windbg 3.0.0010.0. My target is Windows XP RC1. The driver
is actually an NT driver (I’m using XP to get the benefits of Driver
Verifier).

I’ve only been using Windbg about a month or so (previous SoftICE user)
so perhaps I’m just not doing something simple.

Thanks in advance,

  • Steve -

You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

3

A more descriptive response:

Try entering the command as:

bp mydriver!DriverEntry

This Breakpoint should be hit. If your driver still loads without the
breakpoint being hit then do a:

x mydriver!DriverEntry

This will view the symbolic information in your symbols concerning
DriverEntry to insure that it exists in the pdb file. You also want to
insure that your symbols match the driver.

If you are debugging unoptomized code then once the initial breakpoint
is hit in your driver entry you can use the u command to unassemble
portions of your driver:

u mydriver!DriverEntry mydriver!DriverEntry+300

Then you can use the bp command and specify an address in your function
where you would like the breakpoint to hit. The address will be in the
left most column of the unassembly command.

-----Original Message-----
From: Steve Whitman [mailto:xxxxx@cognex.com]
Sent: Tuesday, July 17, 2001 9:34 AM
To: Kernel Debugging Interest List
Subject: [windbg] Can’t get deferred breakpoints to work correctly

I’m trying to set a breakpoint on a line of code within my DriverEntry.
I used the BU command and the ‘source file:line number’. The first time
I did this I had the wrong symbol file loaded for the driver running but
the breakpoint fired when the driver loaded (the source line displayed
didn’t match the actual code but that would be expected with the wrong
symbols).

I then stopped the driver, installed the correct driver (to match my
symbol
file) and restarted the driver. But this time the breakpoint didn’t
fire. I tried unloading the symbols, exiting Windbg, resetting the
breakpoint but I can’t get the breakpoint to work again. I’m going to
reboot the machine and see if that resolves the issue.

I’ve tried setting the breakpoint from the GUI (using F9 on the source
line) but that doesn’t work unless the driver is loaded.

I’m using Windbg 3.0.0010.0. My target is Windows XP RC1. The driver
is actually an NT driver (I’m using XP to get the benefits of Driver
Verifier).

I’ve only been using Windbg about a month or so (previous SoftICE user)
so perhaps I’m just not doing something simple.

Thanks in advance,

  • Steve -

You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

4

Thanks for the tips. I tried this and it worked but I was still unable to
set a breakpoint on a particular line of a file prior to loading. Later I
discovered that I needed to supply the full pathname to the file for this to
work. But I now have it working.

  • Steve -

-----Original Message-----
From: Eric W Hanson [mailto:xxxxx@microsoft.com]
Sent: Tuesday, July 17, 2001 2:33 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: Can’t get deferred breakpoints to work correctly

Try entering the command as:

bp mydriver!DriverEntry

If this fails try:

x mydriver!DriverEntry

This will view the symbolic information in your symbols concerning
DriverEntry to insure that it exists.

u mydriver!DriverEntry mydriver!DriverEntry+300

For Example:

1: kd> u NetBt!DriverEntry NetBt!DriverEntry+300
netbt!DriverEntry:
f7611fc0 55 push ebp
f7611fc1 33c0 xor eax,eax
f7611fc3 8bec mov ebp,esp
f7611fc5 83ec20 sub esp,0x20
f7611fc8 53 push ebx
f7611fc9 8945f4 mov [ebp-0xc],eax
f7611fcc 56 push esi
f7611fcd 8945f8 mov [ebp-0x8],eax
f7611fd0 57 push edi
f7611fd1 8945f0 mov [ebp-0x10],eax
f7611fd4 e87f99ffff call netbt!TdiInitialize (f760b958)
f7611fd9 64a124010000 mov eax,fs:[00000124]
f7611fdf 8b4044 mov eax,[eax+0x44]
f7611fe2 8d4df0 lea ecx,[ebp-0x10]

You could set a bp right after the call to netbt!TdiInitialize by
issueis

bp f7611fd9

Then a bl commmand would list the breakpoint as

netbt!TdiInitialize+14

-----Original Message-----
From: Steve Whitman [mailto:xxxxx@cognex.com]
Sent: Tuesday, July 17, 2001 9:34 AM
To: Kernel Debugging Interest List
Subject: [windbg] Can’t get deferred breakpoints to work correctly

I’m trying to set a breakpoint on a line of code within my
DriverEntry.
I used the BU command and the ‘source file:line number’. The
first time
I did this I had the wrong symbol file loaded for the driver
running but
the breakpoint fired when the driver loaded (the source line displayed
didn’t match the actual code but that would be expected with the wrong
symbols).

I then stopped the driver, installed the correct driver (to match my
symbol
file) and restarted the driver. But this time the breakpoint didn’t
fire. I tried unloading the symbols, exiting Windbg, resetting the
breakpoint but I can’t get the breakpoint to work again. I’m going to
reboot the machine and see if that resolves the issue.

I’ve tried setting the breakpoint from the GUI (using F9 on the source
line) but that doesn’t work unless the driver is loaded.

I’m using Windbg 3.0.0010.0. My target is Windows XP RC1. The driver
is actually an NT driver (I’m using XP to get the benefits of Driver
Verifier).

I’ve only been using Windbg about a month or so (previous
SoftICE user)
so perhaps I’m just not doing something simple.

Thanks in advance,

  • Steve -

You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to windbg as: xxxxx@cognex.com
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to windbg as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-windbg-$subst(‘Recip.MemberIDChar’)@lists.osr.com