I’ve noticed that when Driver Verifier is running, I cannot use WinDbg to do a Local Kernel Debug session – it will start to “open” but then immediately close. I’m running Win2003, but don’t know if it behaves similarly on other versions.
Is there some way to get around this behavior? Does anyone know why it behaves that way? I love using the Local Kernel Debug to check the current state of variables and whatnot.
Thanks for any info!
Very weird. Can’t say that I’ve ever tried this, so can’t comment on whether
or not it should work.
Have you tried using LiveKD instead?
http://technet.microsoft.com/en-us/sysinternals/bb897415
Though can’t say if that will work with Verifier enabled either.
-scott
–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@windbg…
I’ve noticed that when Driver Verifier is running, I cannot use WinDbg to do
a Local Kernel Debug session – it will start to “open” but then immediately
close. I’m running Win2003, but don’t know if it behaves similarly on other
versions.
Is there some way to get around this behavior? Does anyone know why it
behaves that way? I love using the Local Kernel Debug to check the current
state of variables and whatnot.
Thanks for any info!
LiveKd should work with verifier enabled. I’m certainly interested to hear if it doesn’t in your case.
But I would also expect local kd to work as well here. If you use kd -kl, do you get any interesting console output?
-----Original Message-----
From: Scott Noone
Sent: Thursday, August 04, 2011 11:20
To: Kernel Debugging Interest List
Subject: Re:[windbg] Local Kernel Debug while Driver Verifier is running?
Very weird. Can’t say that I’ve ever tried this, so can’t comment on whether
or not it should work.
Have you tried using LiveKD instead?
http://technet.microsoft.com/en-us/sysinternals/bb897415
Though can’t say if that will work with Verifier enabled either.
-scott
–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@windbg…
I’ve noticed that when Driver Verifier is running, I cannot use WinDbg to do
a Local Kernel Debug session – it will start to “open” but then immediately
close. I’m running Win2003, but don’t know if it behaves similarly on other
versions.
Is there some way to get around this behavior? Does anyone know why it
behaves that way? I love using the Local Kernel Debug to check the current
state of variables and whatnot.
Thanks for any info!
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Hmm. Very interesting.
Seems like it should work.
Very helpful, I know.
Mm
On Aug 4, 2011 12:29 PM, wrote:
> I’ve noticed that when Driver Verifier is running, I cannot use WinDbg to
do a Local Kernel Debug session – it will start to “open” but then
immediately close. I’m running Win2003, but don’t know if it behaves
similarly on other versions.
>
> Is there some way to get around this behavior? Does anyone know why it
behaves that way? I love using the Local Kernel Debug to check the current
state of variables and whatnot.
>
> Thanks for any info!
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Good ideas!
LiveKD does work fine, so there’s my solution.
“kd -kl” does not work and prints:
Unable to read head of debugger data list, Win32 error 0n31
Thanks, all.
C:\>winerror 31
31 ERROR_GEN_FAILURE <–> 0xc0000001 STATUS_UNSUCCESSFUL
Very helpful…
A mystery of our faith. At least LiveKD works!
-scott
–
Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com
wrote in message news:xxxxx@windbg…
Good ideas!
LiveKD does work fine, so there’s my solution.
“kd -kl” does not work and prints:
Unable to read head of debugger data list, Win32 error 0n31
Thanks, all.
while verifier is running these entries seem to be gone in
lkd> !address 806781f4
804d7000 - 001f9000
Usage KernelSpaceUsageImage
ImageName ntkrnlpa.exe
lkd> ln 806781f4
(806781f4) nt!KdpDebuggerDataListHead | (80678200) nt!KdpSearchPageHits
Exact matches:
nt!KdpDebuggerDataListHead =
lkd> ln poi(806781f4)
(80545b60) nt!KdDebuggerDataBlock | (80545df0) nt!Kd_WIN2000_Mask
Exact matches:
nt!KdDebuggerDataBlock =
it fails here
CPU Stack
Address Comments
00A6FD48 ; /RETURN from ntdll.ZwSystemDebugControl to
dbgeng.LocalLiveKernelTargetInfo::DebugControl+0AF
00A6FD4C ; |C@#%CODE = SysDbgReadVirtualMemory
00A6FD50 ; |foo = 0A6FDF4
00A6FD54 ; |blah = 0C
00A6FD58 ; |wow = 0
00A6FD5C ; |ahh = 0
00A6FD60 ; \ooh = 0A6FDEC
Address Hex dump
ASCII
00A6FDEC 00 00 00 00|00 00 00 00|F4 81 67 80|
…??g?
if verifier present this area is 000000
Address Hex dump
ASCII
806781F4 60 5B 54 80|60 5B 54 80|00 00 00 00|00 00
00 00| [T?[T?..
On 8/5/11, Scott Noone wrote:
> C:>winerror 31
> 31 ERROR_GEN_FAILURE <–> 0xc0000001 STATUS_UNSUCCESSFUL
>
> Very helpful…
>
> A mystery of our faith. At least LiveKD works!
>
> -scott
>
> –
> Scott Noone
> Consulting Associate and Chief System Problem Analyst
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
>
> wrote in message news:xxxxx@windbg…
>
> Good ideas!
>
> LiveKD does work fine, so there’s my solution.
>
> “kd -kl” does not work and prints:
> Unable to read head of debugger data list, Win32 error 0n31
>
> Thanks, all.
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
thanks and regards
raj_r
if you run verifier inside vpc2007 and run lkd also inside it both will work 
kd> g
Breakpoint 0 hit
nt!NtSystemDebugControl:
80649ce3 6a50 push 50h
kd> !process 0 0 windbg.exe
PROCESS f4704da0 SessionId: 0 Cid: 03b4 Peb: 7ffdc000 ParentCid: 0494
DirBase: 04029000 ObjectTable: e10b0ea0 HandleCount: 41.
Image: windbg.exe
kd> .process /p /r f4704da0
Implicit process is now f4704da0
.cache forcedecodeuser done
Loading User Symbols
…
kd> kv
ChildEBP RetAddr Args to Child
f984fd44 804de7ec 0000000c 0093e0dc 00000018 nt!NtSystemDebugControl
(FPO: [Non-Fpo])
f984fd44 7c90e4f4 0000000c 0093e0dc 00000018 nt!KiFastCallEntry+0xf8
(FPO: [0,0] TrapFrame @ f984fd64)
0093e074 7c90de3c 022792df 0000000c 0093e0dc ntdll!KiFastSystemCallRet
(FPO: [0,0,0])
0093e078 022792df 0000000c 0093e0dc 00000018
ntdll!ZwSystemDebugControl+0xc (FPO: [6,0,0])
0093e0b8 0211455a 0000000c 0093e0dc 00000018
dbgeng!LocalLiveKernelTargetInfo::DebugControl+0xaf (FPO: [Non-Fpo])
0093e0f4 02198b44 00000000 000002f4 00000000
dbgeng!LocalLiveKernelTargetInfo::ReadControl+0x5a (FPO: [Non-Fpo])
0093e150 0212cfeb 0078f960 00000001 0093e1a4
dbgeng!X86MachineInfo::ReadProcessorSystemDataOffset+0x84 (FPO:
[Non-Fpo])
0093e16c 02116ddd 00000000 00000001 0093e1a4
dbgeng!TargetInfo::GetProcessorSystemDataOffset+0xbb (FPO: [Non-Fpo])
0093e1d4 10116fff 0078640c 00000000 00000001
dbgeng!DebugClient::ReadProcessorSystemData+0x8d (FPO: [Non-Fpo])
0093e21c 0218cb52 00786404 0093e2fc bbd304f3 kdexts!prcb+0x7f (FPO: [Non-Fpo])
0093e2bc 0218cda9 00786400 0093e4c8 0093e41c
dbgeng!ExtensionInfo::CallA+0x342 (FPO: [Non-Fpo])
0093e44c 0218ce72 00786400 0093e4c8 0093e4d0
dbgeng!ExtensionInfo::Call+0x129 (FPO: [Non-Fpo])
0093e468 0218b6cf 00786400 00a3ba18 0093e4c8
dbgeng!ExtensionInfo::CallAny+0x72 (FPO: [Non-Fpo])
0093e8e0 021d5d9f 00786400 00000000 773f405c dbgeng!ParseBangCmd+0x65f
(FPO: [Non-Fpo])
0093e9c8 021d71a9 00786400 00000000 bbd30c43
dbgeng!ProcessCommands+0x50f (FPO: [Non-Fpo])
0093ea0c 021076c9 00786400 00000000 00000000
dbgeng!ProcessCommandsAndCatch+0x49 (FPO: [Non-Fpo])
0093eea4 0210794a 00786400 0093ef98 00000002 dbgeng!Execute+0x2b9
(FPO: [Non-Fpo])
0093eed4 010290f6 00786408 00000001 0093ef98
dbgeng!DebugClient::ExecuteWide+0x6a (FPO: [Non-Fpo])
0093ef80 01029612 00000000 0093ef98 00000001
windbg!ProcessCommand+0x156 (FPO: [Non-Fpo])
0093ffa0 0102b8f6 00000000 00000000 00000000
windbg!ProcessEngineCommands+0xb2 (FPO: [Non-Fpo])
0093ffb4 7c80b713 00000000 0006ce48 773f405c windbg!EngineLoop+0x366
(FPO: [Non-Fpo])
0093ffec 00000000 0102b590 00000000 00000000
kernel32!BaseThreadStart+0x37 (FPO: [Non-Fpo])
kd> !du 0093ef98
kd> du 0093ef98
0093ef98 “!prcb”
kd> !verifier 1
Verify Level 9b … enabled options are:
Special pool
Special irql
All pool allocations checked on unload
Io subsystem checking enabled
DMA checking enabled
Summary of All Verifier Statistics
RaiseIrqls 0x11d542f
AcquireSpinLocks 0x727
Synch Executions 0x0
Trims 0x3584f
Pool Allocations Attempted 0xe9bc4
Pool Allocations Succeeded 0xe9bc4
Pool Allocations Succeeded SpecialPool 0x48b5c
Pool Allocations With NO TAG 0x0
Pool Allocations Failed 0x0
Resource Allocations Failed Deliberately 0x0
Current paged pool allocations 0x4876 for 003D2550 bytes
Peak paged pool allocations 0x4912 for 00A9FCE4 bytes
Current nonpaged pool allocations 0x2992 for 001B23FC bytes
Peak nonpaged pool allocations 0x3036 for 002A729C bytes
Driver Verification List
Entry State NonPagedPool PagedPool Module
81284f00 Loaded 001b0308 003d2418 ntoskrnl.exe
81284e80 Loaded 000020f4 00000138 ftdisk.sys
lyris rejects posts with same content
and asks me to send a post with slightly different content
so you have it here a post with slightly different content
On 8/5/11, raj_r wrote:
> while verifier is running these entries seem to be gone in
>
> lkd> !address 806781f4
> 804d7000 - 001f9000
> Usage KernelSpaceUsageImage
> ImageName ntkrnlpa.exe
>
> lkd> ln 806781f4
> (806781f4) nt!KdpDebuggerDataListHead | (80678200)
> nt!KdpSearchPageHits
> Exact matches:
> nt!KdpDebuggerDataListHead =
> lkd> ln poi(806781f4)
> (80545b60) nt!KdDebuggerDataBlock | (80545df0) nt!Kd_WIN2000_Mask
> Exact matches:
> nt!KdDebuggerDataBlock =
>
>
> it fails here
>
> CPU Stack
> Address Comments
> 00A6FD48 ; /RETURN from ntdll.ZwSystemDebugControl to
> dbgeng.LocalLiveKernelTargetInfo::DebugControl+0AF
> 00A6FD4C ; |C@#%CODE = SysDbgReadVirtualMemory
> 00A6FD50 ; |foo = 0A6FDF4
> 00A6FD54 ; |blah = 0C
> 00A6FD58 ; |wow = 0
> 00A6FD5C ; |ahh = 0
> 00A6FD60 ; \ooh = 0A6FDEC
>
>
> Address Hex dump
> ASCII
> 00A6FDEC 00 00 00 00|00 00 00 00|F4 81 67 80|
> …? g?
>
> if verifier present this area is 000000
>
>
> Address Hex dump
> ASCII
> 806781F4 60 5B 54 80|60 5B 54 80|00 00 00 00|00 00
> 00 00| [T?[T?..
>
>
>
>
>
> On 8/5/11, Scott Noone wrote:
>> C:>winerror 31
>> 31 ERROR_GEN_FAILURE <–> 0xc0000001 STATUS_UNSUCCESSFUL
>>
>> Very helpful…
>>
>> A mystery of our faith. At least LiveKD works!
>>
>> -scott
>>
>> –
>> Scott Noone
>> Consulting Associate and Chief System Problem Analyst
>> OSR Open Systems Resources, Inc.
>> http://www.osronline.com
>>
>>
>> wrote in message news:xxxxx@windbg…
>>
>> Good ideas!
>>
>> LiveKD does work fine, so there’s my solution.
>>
>> “kd -kl” does not work and prints:
>> Unable to read head of debugger data list, Win32 error 0n31
>>
>> Thanks, all.
>>
>> —
>> WINDBG is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
>
> –
> thanks and regards
>
> raj_r
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
thanks and regards
raj_r