No, he is still patching DbgPrint code. To disable page protection he
temporarily clears WP flag in CR0. Seems interesting and I’d like to know
why SoftICE needs to turn off kernel code write protection if this works.
Comments?
BTW, below mentioned article is really interesting. It can be found on
http://www.wdj.com/archive/1102/feature.html. This solution is better
because doesn’t miss user mode DbgPrints as DebugView one.
Best regards,
Michal Vodicka
RKK Informationssysteme s.r.o.
:We support your Future
[WWW: http://www.rkk.cz , http://www.skytale.com]
From: Mark Cariddi[SMTP:xxxxx@osr.com]
Reply To: NT Developers Interest List
Sent: Friday, April 28, 2000 22:23
To: NT Developers Interest List
Subject: [ntdev] RE: DebugView on W2K (Was: Re: WinDbg under Windows
2 000)I’ll bet you that he took over the IDT entry for Debug. This was
described
a month ago in WDJ or in a message in one of the news groups.–Mark
Mark J. Cariddi
Consulting Associate
xxxxx@osr.comOSR Open Systems Resources, Inc.
105 Route 101A, Suite 19
Amherst, New Hampshire 03031
603/595-6500
603/595-6503 Fax
http://www.osr.com****************************************
The definitive book on writing Windows NT
device drivers, “Windows NT Device Driver
Development” by OSR consulting partners
Peter Viscarola and Tony Mason, is now
available for ordering.
****************************************-----Original Message-----
From: Roddy, Mark [mailto:xxxxx@stratus.com]
Sent: Friday, April 28, 2000 3:12 PM
To: NT Developers Interest List
Subject: [ntdev] RE: DebugView on W2K (Was: Re: WinDbg under Windows
2000)Yeah, I checked this out too. Clever fellow. Wonder how he disabled kernel
page protections.