Windbg: @$scopeip seems to be broken at OS initial breakpoint

Ladislav_Zezula · November 1, 2012, 7:28am

Hi,

when I boot-up the OS in VMWARE and have kernel debugger attached to it, the initial breakpoint is not shown properly. This is what I see in the “Disassembly” window:

No prior disassembly possible
:
00000000 ?? ???
00000001 ?? ???
00000002 ?? ???
00000003 ?? ???
00000004 ?? ???

However, register values seem to be OK:

kd> r
eax=00000003 ebx=00000000 ecx=0005ffa4 edx=0005ff74 esi=8008ab18 edi=8008abbc
eip=8052e4c4 esp=0005ff60 ebp=0005ff60 iopl=0 nv up di ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000082

And so is the “u eip” output:

kd> u EIP
nt!DebugService2+0x10:
8052e4c4 cc int 3
8052e4c5 5d pop ebp
8052e4c6 c20c00 ret 0Ch
8052e4c9 cc int 3

The problem seems to be related to the “@$scopeip” variable. When I enter “eip” in the address window of the disassembly, it works fine.

Ladislav_Zezula · November 1, 2012, 7:33am

An addition to this: I am observing this problem about since SDK 8.0 has been released. Earlier versions of WinDbg work fine.

raj_r · November 1, 2012, 2:38pm

disassembly “” i was searching all over to see where you notice this
it is true one reads only half and assumes half it seems

yes seems to be a newer feature also the alias doesn’t work either
and it seems this happens with iml (initial module load only and not
with ibp initial breakpoint)

with ibp one seems to get proper evaluation of alias as well as proper
disassembly “”

nt!RtlpBreakWithStatusInstruction:
804e3592 cc int 3
kd> ? @$scopeip

nt!DebugService2+0x10:
80506d3e cc int 3
kd> ? @$scopeip
Evaluate expression: 0 = 00000000
kd> t
nt!DebugService2+0x11:
80506d3f 5d pop ebp
kd> ? @$scopeip
Evaluate expression: 0 = 00000000
kd> t
nt!DebugService2+0x12:
80506d40 c20c00 ret 0Ch
kd> ? @$scopeip
Evaluate expression: -2142212800 = 80506d40

also in older version though the Window appears to have valid disassembly

the alias isnt evaluated properly

old 6.12 version output on sxe iml;.reboot

System Uptime: not available
nt!DebugService2+0x10:
80506d3e cc int 3
kd> ? @$scopeip
Evaluate expression: 0 = 00000000
kd> ? @$scopeip
Evaluate expression: 0 = 00000000
kd> ? @$scopeip
Evaluate expression: 0 = 00000000
kd> ? @$scopeip
Evaluate expression: 0 = 00000000

On 11/1/12, xxxxx@volny.cz wrote:
> An addition to this: I am observing this problem about since SDK 8.0 has
> been released. Earlier versions of WinDbg work fine.
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>