Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

Breaking on my driver.

OSR_Community_UserOSR_Community_User Member Posts: 110,217
Hi,

I'm new to WinDBG and I would like to know
if someone can tell me how can I load my driver
and set bp on one of my function( e.g, DriverEntry
etc.) ?

Regards,
-Mike.

__________________________________________________
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com

Comments

  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Start WinDbg, break into the system, and then enter "bu
    yourDriver!DriverEntry". Start your driver.

    If you want to catch it during system boot, then use Ctl+Alt+K in WinDbg to
    enter WinDbg early in the boot process and set the breakpoint as stated.

    Gary G. Little
    Broadband Storage, Inc.
    [email protected]
    [email protected]

    -----Original Message-----
    From: [email protected]
    [mailto:[email protected]]On Behalf Of Mike Malgin
    Sent: Monday, February 25, 2002 11:55 AM
    To: Kernel Debugging Interest List
    Subject: [windbg] Breaking on my driver.

    Hi,

    I'm new to WinDBG and I would like to know
    if someone can tell me how can I load my driver
    and set bp on one of my function( e.g, DriverEntry
    etc.) ?

    Regards,
    -Mike.

    __________________________________________________
    Do You Yahoo!?
    Yahoo! Sports - Coverage of the 2002 Olympic Games
    http://sports.yahoo.com

    ---
    You are currently subscribed to windbg as: [email protected]
    To unsubscribe send a blank email to %%email.unsub%%
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Hi,

    Thanks for the help.

    I tried what you previously suggested, i
    n windbg I did the following :
    kd> bu MySerialDrv!DriverEntry.
    kd> bl
    0 eu 0001 (0001) (MySerialDrv!DriverEntry)
    kd> g

    Now, I manually started the driver on the target
    machine, the windbg was indeed break on a bp, but
    it doesn't look like it break on the right one,
    the below is the line which appear after I run my
    driver

    nt!MiRemoveUnusedSegments+7d7:
    80459081 cc int 3
    ....
    some more asm...
    After some "F10" clicks I saw my driver debug output.

    I have another problem, I get some warnings
    about some wrong symbols version
    "*** WARNING: symbols timestamp is wrong 0x384d9b17
    0x384d4cfd for ntoskrnl.exe"
    Maybe someone can pour some light on this issue
    as well ?

    Thanks,
    -Mike.

    --- Gary Little <[email protected]> wrote:
    > Start WinDbg, break into the system, and then enter
    > "bu
    > yourDriver!DriverEntry". Start your driver.
    >
    > If you want to catch it during system boot, then use
    > Ctl+Alt+K in WinDbg to
    > enter WinDbg early in the boot process and set the
    > breakpoint as stated.
    >
    > Gary G. Little
    > Broadband Storage, Inc.
    > [email protected]
    > [email protected]
    >
    > -----Original Message-----
    > From: [email protected]
    > [mailto:[email protected]]On Behalf
    > Of Mike Malgin
    > Sent: Monday, February 25, 2002 11:55 AM
    > To: Kernel Debugging Interest List
    > Subject: [windbg] Breaking on my driver.
    >
    > Hi,
    >
    > I'm new to WinDBG and I would like to know
    > if someone can tell me how can I load my driver
    > and set bp on one of my function( e.g, DriverEntry
    > etc.) ?
    >
    > Regards,
    > -Mike.
    >
    > __________________________________________________
    > Do You Yahoo!?
    > Yahoo! Sports - Coverage of the 2002 Olympic Games
    > http://sports.yahoo.com
    >
    > ---
    > You are currently subscribed to windbg as:
    > [email protected]
    > To unsubscribe send a blank email to %%email.unsub%%
    >
    > ---
    > You are currently subscribed to windbg as:
    > [email protected]
    > To unsubscribe send a blank email to
    %%email.unsub%%


    __________________________________________________
    Do You Yahoo!?
    Yahoo! Sports - Coverage of the 2002 Olympic Games
    http://sports.yahoo.com
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    First, make sure you are using the version 4.00.0018 of WinDbg. You can
    download it from

    http://www.microsoft.com/ddk/debugging

    Second, be sure that your drivers PDB file is in the symbol path. If needed
    do a !reload.

    Gary G. Little
    Broadband Storage, Inc.
    [email protected]
    [email protected]

    -----Original Message-----
    From: Mike Malgin [mailto:[email protected]]
    Sent: Monday, February 25, 2002 5:05 PM
    To: Kernel Debugging Interest List
    Subject: [windbg] RE: Breaking on my driver.

    Hi,

    Thanks for the help.

    I tried what you previously suggested, i
    n windbg I did the following :
    kd> bu MySerialDrv!DriverEntry.
    kd> bl
    0 eu 0001 (0001) (MySerialDrv!DriverEntry)
    kd> g

    Now, I manually started the driver on the target
    machine, the windbg was indeed break on a bp, but
    it doesn't look like it break on the right one,
    the below is the line which appear after I run my
    driver

    nt!MiRemoveUnusedSegments+7d7:
    80459081 cc int 3
    ....
    some more asm...
    After some "F10" clicks I saw my driver debug output.

    I have another problem, I get some warnings
    about some wrong symbols version
    "*** WARNING: symbols timestamp is wrong 0x384d9b17
    0x384d4cfd for ntoskrnl.exe"
    Maybe someone can pour some light on this issue
    as well ?

    Thanks,
    -Mike.

    --- Gary Little <[email protected]> wrote:
    > Start WinDbg, break into the system, and then enter
    > "bu
    > yourDriver!DriverEntry". Start your driver.
    >
    > If you want to catch it during system boot, then use
    > Ctl+Alt+K in WinDbg to
    > enter WinDbg early in the boot process and set the
    > breakpoint as stated.
    >
    > Gary G. Little
    > Broadband Storage, Inc.
    > [email protected]
    > [email protected]
    >
    > -----Original Message-----
    > From: [email protected]
    > [mailto:[email protected]]On Behalf
    > Of Mike Malgin
    > Sent: Monday, February 25, 2002 11:55 AM
    > To: Kernel Debugging Interest List
    > Subject: [windbg] Breaking on my driver.
    >
    > Hi,
    >
    > I'm new to WinDBG and I would like to know
    > if someone can tell me how can I load my driver
    > and set bp on one of my function( e.g, DriverEntry
    > etc.) ?
    >
    > Regards,
    > -Mike.
    >
    > __________________________________________________
    > Do You Yahoo!?
    > Yahoo! Sports - Coverage of the 2002 Olympic Games
    > http://sports.yahoo.com
    >
    > ---
    > You are currently subscribed to windbg as:
    > [email protected]
    > To unsubscribe send a blank email to %%email.unsub%%
    >
    > ---
    > You are currently subscribed to windbg as:
    > [email protected]
    > To unsubscribe send a blank email to
    %%email.unsub%%


    __________________________________________________
    Do You Yahoo!?
    Yahoo! Sports - Coverage of the 2002 Olympic Games
    http://sports.yahoo.com

    ---
    You are currently subscribed to windbg as: [email protected]
    To unsubscribe send a blank email to %%email.unsub%%
  • Nathan_NesbitNathan_Nesbit Member Posts: 194
    In addition you can add -n to the command line of windbg to get noisy
    symbol loading. Helps in dianosing symbol problems.

    You also should check out using the internet symbol server to get the OS
    symbols.

    -----Original Message-----
    From: Gary Little [mailto:[email protected]]
    Sent: Monday, February 25, 2002 5:16 PM
    To: Kernel Debugging Interest List
    Subject: [windbg] RE: Breaking on my driver.


    First, make sure you are using the version 4.00.0018 of WinDbg. You can
    download it from

    http://www.microsoft.com/ddk/debugging

    Second, be sure that your drivers PDB file is in the symbol path. If
    needed do a !reload.

    Gary G. Little
    Broadband Storage, Inc.
    [email protected]
    [email protected]

    -----Original Message-----
    From: Mike Malgin [mailto:[email protected]]
    Sent: Monday, February 25, 2002 5:05 PM
    To: Kernel Debugging Interest List
    Subject: [windbg] RE: Breaking on my driver.

    Hi,

    Thanks for the help.

    I tried what you previously suggested, i
    n windbg I did the following :
    kd> bu MySerialDrv!DriverEntry.
    kd> bl
    0 eu 0001 (0001) (MySerialDrv!DriverEntry)
    kd> g

    Now, I manually started the driver on the target
    machine, the windbg was indeed break on a bp, but
    it doesn't look like it break on the right one,
    the below is the line which appear after I run my
    driver

    nt!MiRemoveUnusedSegments+7d7:
    80459081 cc int 3
    ....
    some more asm...
    After some "F10" clicks I saw my driver debug output.

    I have another problem, I get some warnings
    about some wrong symbols version
    "*** WARNING: symbols timestamp is wrong 0x384d9b17
    0x384d4cfd for ntoskrnl.exe"
    Maybe someone can pour some light on this issue
    as well ?

    Thanks,
    -Mike.

    --- Gary Little <[email protected]> wrote:
    > Start WinDbg, break into the system, and then enter
    > "bu
    > yourDriver!DriverEntry". Start your driver.
    >
    > If you want to catch it during system boot, then use
    > Ctl+Alt+K in WinDbg to
    > enter WinDbg early in the boot process and set the
    > breakpoint as stated.
    >
    > Gary G. Little
    > Broadband Storage, Inc.
    > [email protected]
    > [email protected]
    >
    > -----Original Message-----
    > From: [email protected]
    > [mailto:[email protected]]On Behalf Of Mike Malgin
    > Sent: Monday, February 25, 2002 11:55 AM
    > To: Kernel Debugging Interest List
    > Subject: [windbg] Breaking on my driver.
    >
    > Hi,
    >
    > I'm new to WinDBG and I would like to know
    > if someone can tell me how can I load my driver
    > and set bp on one of my function( e.g, DriverEntry
    > etc.) ?
    >
    > Regards,
    > -Mike.
    >
    > __________________________________________________
    > Do You Yahoo!?
    > Yahoo! Sports - Coverage of the 2002 Olympic Games
    > http://sports.yahoo.com
    >
    > ---
    > You are currently subscribed to windbg as:
    > [email protected]
    > To unsubscribe send a blank email to %%email.unsub%%
    >
    > ---
    > You are currently subscribed to windbg as:
    > [email protected]
    > To unsubscribe send a blank email to
    %%email.unsub%%


    __________________________________________________
    Do You Yahoo!?
    Yahoo! Sports - Coverage of the 2002 Olympic Games
    http://sports.yahoo.com

    ---
    You are currently subscribed to windbg as: [email protected] To
    unsubscribe send a blank email to %%email.unsub%%

    ---
    You are currently subscribed to windbg as: [email protected] To
    unsubscribe send a blank email to %%email.unsub%%
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Hi,

    The kernel symbol seems to work when I use the
    microsoft symbol server.

    I still have one problem when breaking on my
    DriverEntry, it now looks like it break correctly
    but I still see asm listing, I also
    loaded the PDB file (checked build) of the
    driver (by using CTRL+S or .sympath pdbpath).

    BTW, is it possible to make windbg to save the config
    or do I have to insert the config on every debugging

    session ?

    Thanks!
    Mike.
    --- Gary Little <[email protected]> wrote:
    > First, make sure you are using the version 4.00.0018
    > of WinDbg. You can
    > download it from
    >
    > http://www.microsoft.com/ddk/debugging
    >
    > Second, be sure that your drivers PDB file is in the
    > symbol path. If needed
    > do a !reload.
    >
    > Gary G. Little
    > Broadband Storage, Inc.
    > [email protected]
    > [email protected]
    >
    > -----Original Message-----
    > From: Mike Malgin [mailto:[email protected]]
    > Sent: Monday, February 25, 2002 5:05 PM
    > To: Kernel Debugging Interest List
    > Subject: [windbg] RE: Breaking on my driver.
    >
    > Hi,
    >
    > Thanks for the help.
    >
    > I tried what you previously suggested, i
    > n windbg I did the following :
    > kd> bu MySerialDrv!DriverEntry.
    > kd> bl
    > 0 eu 0001 (0001)
    > (MySerialDrv!DriverEntry)
    > kd> g
    >
    > Now, I manually started the driver on the target
    > machine, the windbg was indeed break on a bp, but
    > it doesn't look like it break on the right one,
    > the below is the line which appear after I run my
    > driver
    >
    > nt!MiRemoveUnusedSegments+7d7:
    > 80459081 cc int 3
    > ....
    > some more asm...
    > After some "F10" clicks I saw my driver debug
    > output.
    >
    > I have another problem, I get some warnings
    > about some wrong symbols version
    > "*** WARNING: symbols timestamp is wrong 0x384d9b17
    >
    > 0x384d4cfd for ntoskrnl.exe"
    > Maybe someone can pour some light on this issue
    > as well ?
    >
    > Thanks,
    > -Mike.
    >
    > --- Gary Little <[email protected]> wrote:
    > > Start WinDbg, break into the system, and then
    > enter
    > > "bu
    > > yourDriver!DriverEntry". Start your driver.
    > >
    > > If you want to catch it during system boot, then
    > use
    > > Ctl+Alt+K in WinDbg to
    > > enter WinDbg early in the boot process and set the
    > > breakpoint as stated.
    > >
    > > Gary G. Little
    > > Broadband Storage, Inc.
    > > [email protected]
    > > [email protected]
    > >
    > > -----Original Message-----
    > > From: [email protected]
    > > [mailto:[email protected]]On Behalf
    > > Of Mike Malgin
    > > Sent: Monday, February 25, 2002 11:55 AM
    > > To: Kernel Debugging Interest List
    > > Subject: [windbg] Breaking on my driver.
    > >
    > > Hi,
    > >
    > > I'm new to WinDBG and I would like to know
    > > if someone can tell me how can I load my driver
    > > and set bp on one of my function( e.g,
    > DriverEntry
    > > etc.) ?
    > >
    > > Regards,
    > > -Mike.
    > >
    > > __________________________________________________
    > > Do You Yahoo!?
    > > Yahoo! Sports - Coverage of the 2002 Olympic Games
    > > http://sports.yahoo.com
    > >
    > > ---
    > > You are currently subscribed to windbg as:
    > > [email protected]
    > > To unsubscribe send a blank email to
    > %%email.unsub%%
    > >
    > > ---
    > > You are currently subscribed to windbg as:
    > > [email protected]
    > > To unsubscribe send a blank email to
    > %%email.unsub%%
    >
    >
    > __________________________________________________
    > Do You Yahoo!?
    > Yahoo! Sports - Coverage of the 2002 Olympic Games
    > http://sports.yahoo.com
    >
    > ---
    > You are currently subscribed to windbg as:
    > [email protected]
    > To unsubscribe send a blank email to %%email.unsub%%
    >
    > ---
    > You are currently subscribed to windbg as:
    > [email protected]
    > To unsubscribe send a blank email to
    %%email.unsub%%


    __________________________________________________
    Do You Yahoo!?
    Yahoo! Sports - Coverage of the 2002 Olympic Games
    http://sports.yahoo.com
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Save the workspace.

    Ctl+s does not necessarily load the symbols. You may need to do a !reload to
    fetch the symbols from the path you specified.

    Gary G. Little
    Broadband Storage, Inc.
    [email protected]
    [email protected]

    -----Original Message-----
    From: Mike Malgin [mailto:[email protected]]
    Sent: Tuesday, February 26, 2002 11:24 AM
    To: Kernel Debugging Interest List
    Subject: [windbg] RE: Breaking on my driver.

    Hi,

    The kernel symbol seems to work when I use the
    microsoft symbol server.

    I still have one problem when breaking on my
    DriverEntry, it now looks like it break correctly
    but I still see asm listing, I also
    loaded the PDB file (checked build) of the
    driver (by using CTRL+S or .sympath pdbpath).

    BTW, is it possible to make windbg to save the config
    or do I have to insert the config on every debugging

    session ?

    Thanks!
    Mike.
    --- Gary Little <[email protected]> wrote:
    > First, make sure you are using the version 4.00.0018
    > of WinDbg. You can
    > download it from
    >
    > http://www.microsoft.com/ddk/debugging
    >
    > Second, be sure that your drivers PDB file is in the
    > symbol path. If needed
    > do a !reload.
    >
    > Gary G. Little
    > Broadband Storage, Inc.
    > [email protected]
    > [email protected]
    >
    > -----Original Message-----
    > From: Mike Malgin [mailto:[email protected]]
    > Sent: Monday, February 25, 2002 5:05 PM
    > To: Kernel Debugging Interest List
    > Subject: [windbg] RE: Breaking on my driver.
    >
    > Hi,
    >
    > Thanks for the help.
    >
    > I tried what you previously suggested, i
    > n windbg I did the following :
    > kd> bu MySerialDrv!DriverEntry.
    > kd> bl
    > 0 eu 0001 (0001)
    > (MySerialDrv!DriverEntry)
    > kd> g
    >
    > Now, I manually started the driver on the target
    > machine, the windbg was indeed break on a bp, but
    > it doesn't look like it break on the right one,
    > the below is the line which appear after I run my
    > driver
    >
    > nt!MiRemoveUnusedSegments+7d7:
    > 80459081 cc int 3
    > ....
    > some more asm...
    > After some "F10" clicks I saw my driver debug
    > output.
    >
    > I have another problem, I get some warnings
    > about some wrong symbols version
    > "*** WARNING: symbols timestamp is wrong 0x384d9b17
    >
    > 0x384d4cfd for ntoskrnl.exe"
    > Maybe someone can pour some light on this issue
    > as well ?
    >
    > Thanks,
    > -Mike.
    >
    > --- Gary Little <[email protected]> wrote:
    > > Start WinDbg, break into the system, and then
    > enter
    > > "bu
    > > yourDriver!DriverEntry". Start your driver.
    > >
    > > If you want to catch it during system boot, then
    > use
    > > Ctl+Alt+K in WinDbg to
    > > enter WinDbg early in the boot process and set the
    > > breakpoint as stated.
    > >
    > > Gary G. Little
    > > Broadband Storage, Inc.
    > > [email protected]
    > > x[email protected]
    > >
    > > -----Original Message-----
    > > From: [email protected]
    > > [mailto:[email protected]]On Behalf
    > > Of Mike Malgin
    > > Sent: Monday, February 25, 2002 11:55 AM
    > > To: Kernel Debugging Interest List
    > > Subject: [windbg] Breaking on my driver.
    > >
    > > Hi,
    > >
    > > I'm new to WinDBG and I would like to know
    > > if someone can tell me how can I load my driver
    > > and set bp on one of my function( e.g,
    > DriverEntry
    > > etc.) ?
    > >
    > > Regards,
    > > -Mike.
    > >
    > > __________________________________________________
    > > Do You Yahoo!?
    > > Yahoo! Sports - Coverage of the 2002 Olympic Games
    > > http://sports.yahoo.com
    > >
    > > ---
    > > You are currently subscribed to windbg as:
    > > [email protected]
    > > To unsubscribe send a blank email to
    > %%email.unsub%%
    > >
    > > ---
    > > You are currently subscribed to windbg as:
    > > [email protected]
    > > To unsubscribe send a blank email to
    > %%email.unsub%%
    >
    >
    > __________________________________________________
    > Do You Yahoo!?
    > Yahoo! Sports - Coverage of the 2002 Olympic Games
    > http://sports.yahoo.com
    >
    > ---
    > You are currently subscribed to windbg as:
    > [email protected]
    > To unsubscribe send a blank email to %%email.unsub%%
    >
    > ---
    > You are currently subscribed to windbg as:
    > [email protected]
    > To unsubscribe send a blank email to
    %%email.unsub%%


    __________________________________________________
    Do You Yahoo!?
    Yahoo! Sports - Coverage of the 2002 Olympic Games
    http://sports.yahoo.com

    ---
    You are currently subscribed to windbg as: [email protected]
    To unsubscribe send a blank email to %%email.unsub%%
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    You should check out the:
    Debugging in Source Mode
    section of the help file. Also check out the section on Symbols... Many
    of the questions you have are answered in the help file. As far as the
    source-level debugging, you probably don't have your source path setup
    correctly.

    As for the configuration, you should be able to save the configuration
    (after you set it up) as a "workspace" by choosing the "Save Workspace"
    or "Save Workspace As" options under the File menu. Then you can just
    load the workspace when WinDBG starts. You can also have the workspace
    loaded automatically by creating a shortcut to windbg and adding the
    "-Wworkspacename" parameter to the command line.

    sean

    Mike Malgin wrote:

    >Hi,
    >
    > The kernel symbol seems to work when I use the
    > microsoft symbol server.
    >
    > I still have one problem when breaking on my
    > DriverEntry, it now looks like it break correctly
    > but I still see asm listing, I also
    > loaded the PDB file (checked build) of the
    > driver (by using CTRL+S or .sympath pdbpath).
    >
    > BTW, is it possible to make windbg to save the config
    > or do I have to insert the config on every debugging
    >
    > session ?
    >
    >Thanks!
    >Mike.
    >--- Gary Little wrote:
    >
    >>First, make sure you are using the version 4.00.0018
    >>of WinDbg. You can
    >>download it from
    >>
    >>http://www.microsoft.com/ddk/debugging
    >>
    >>Second, be sure that your drivers PDB file is in the
    >>symbol path. If needed
    >>do a !reload.
    >>
    >>Gary G. Little
    >>Broadband Storage, Inc.
    >>[email protected]
    >>[email protected]
    >>
    >>-----Original Message-----
    >>From: Mike Malgin [mailto:[email protected]]
    >>Sent: Monday, February 25, 2002 5:05 PM
    >>To: Kernel Debugging Interest List
    >>Subject: [windbg] RE: Breaking on my driver.
    >>
    >>Hi,
    >>
    >> Thanks for the help.
    >>
    >> I tried what you previously suggested, i
    >> n windbg I did the following :
    >> kd> bu MySerialDrv!DriverEntry.
    >> kd> bl
    >> 0 eu 0001 (0001)
    >>(MySerialDrv!DriverEntry)
    >> kd> g
    >>
    >> Now, I manually started the driver on the target
    >> machine, the windbg was indeed break on a bp, but
    >> it doesn't look like it break on the right one,
    >> the below is the line which appear after I run my
    >> driver
    >>
    >> nt!MiRemoveUnusedSegments+7d7:
    >> 80459081 cc int 3
    >> ....
    >> some more asm...
    >> After some "F10" clicks I saw my driver debug
    >>output.
    >>
    >> I have another problem, I get some warnings
    >> about some wrong symbols version
    >> "*** WARNING: symbols timestamp is wrong 0x384d9b17
    >>
    >> 0x384d4cfd for ntoskrnl.exe"
    >> Maybe someone can pour some light on this issue
    >> as well ?
    >>
    >>Thanks,
    >>-Mike.
    >>
    >>--- Gary Little wrote:
    >>
    >>>Start WinDbg, break into the system, and then
    >>>
    >>enter
    >>
    >>>"bu
    >>>yourDriver!DriverEntry". Start your driver.
    >>>
    >>>If you want to catch it during system boot, then
    >>>
    >>use
    >>
    >>>Ctl+Alt+K in WinDbg to
    >>>enter WinDbg early in the boot process and set the
    >>>breakpoint as stated.
    >>>
    >>>Gary G. Little
    >>>Broadband Storage, Inc.
    >>>[email protected]
    >>>[email protected]
    >>>
    >>>-----Original Message-----
    >>>From: [email protected]
    >>>[mailto:[email protected]]On Behalf
    >>>Of Mike Malgin
    >>>Sent: Monday, February 25, 2002 11:55 AM
    >>>To: Kernel Debugging Interest List
    >>>Subject: [windbg] Breaking on my driver.
    >>>
    >>>Hi,
    >>>
    >>> I'm new to WinDBG and I would like to know
    >>> if someone can tell me how can I load my driver
    >>> and set bp on one of my function( e.g,
    >>>
    >>DriverEntry
    >>
    >>> etc.) ?
    >>>
    >>>Regards,
    >>>-Mike.
    >>>
    >>>__________________________________________________
    >>>Do You Yahoo!?
    >>>Yahoo! Sports - Coverage of the 2002 Olympic Games
    >>>http://sports.yahoo.com
    >>>
    >>>---
    >>>You are currently subscribed to windbg as:
    >>>[email protected]
    >>>To unsubscribe send a blank email to
    >>>
    >>%%email.unsub%%
    >>
    >>>---
    >>>You are currently subscribed to windbg as:
    >>>[email protected]
    >>>To unsubscribe send a blank email to
    >>>
    >>%%email.unsub%%
    >>
    >>
    >>__________________________________________________
    >>Do You Yahoo!?
    >>Yahoo! Sports - Coverage of the 2002 Olympic Games
    >>http://sports.yahoo.com
    >>
    >>---
    >>You are currently subscribed to windbg as:
    >>[email protected]
    >>To unsubscribe send a blank email to %%email.unsub%%
    >>
    >>---
    >>You are currently subscribed to windbg as:
    >>[email protected]
    >>To unsubscribe send a blank email to
    >>
    >%%email.unsub%%
    >
    >
    >__________________________________________________
    >Do You Yahoo!?
    >Yahoo! Sports - Coverage of the 2002 Olympic Games
    >http://sports.yahoo.com
    >
    >---
    >You are currently subscribed to windbg as: [email protected]
    >To unsubscribe send a blank email to %%email.unsub%%
    >
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Hello,

    Well, you're right, most of the info appear on the
    help file.
    The problem is that I read and then DO as the help
    file describe but it doesn't work.

    I set the pdb path, the source path, did "!reload"
    (several times!)
    set a break point using "bu SerialDrv!DriverEntry"
    then I press "g", break on the DriverEntry
    of the SerialDrv, but I still see ASM listing.
    A good sign (I think) is when I do
    kd> bl
    0 e [e:\projects\SerialDrv\main.c @ 1099] 0001
    (0001) SerialDrv!DriverEntry

    I also tried to look at "locals window" which shows
    my DRIVER_OBJECT, reg path info.
    (same results appear also when tring to break on
    other routines)

    I also checked the mode of WinDbg which is on "source

    mode on" the ".sympath" and ".srcpath" also seems to
    return the right path.

    Thanks,
    Mike.



    --- Sean Bullington <[email protected]> wrote:
    > You should check out the:
    > Debugging in Source Mode
    > section of the help file. Also check out the section
    > on Symbols... Many
    > of the questions you have are answered in the help
    > file. As far as the
    > source-level debugging, you probably don't have your
    > source path setup
    > correctly.
    >
    > As for the configuration, you should be able to save
    > the configuration
    > (after you set it up) as a "workspace" by choosing
    > the "Save Workspace"
    > or "Save Workspace As" options under the File menu.
    > Then you can just
    > load the workspace when WinDBG starts. You can also
    > have the workspace
    > loaded automatically by creating a shortcut to
    > windbg and adding the
    > "-Wworkspacename" parameter to the command line.
    >
    > sean
    >
    > Mike Malgin wrote:
    >
    > >Hi,
    > >
    > > The kernel symbol seems to work when I use the
    > > microsoft symbol server.
    > >
    > > I still have one problem when breaking on my
    > > DriverEntry, it now looks like it break correctly
    > > but I still see asm listing, I also
    > > loaded the PDB file (checked build) of the
    > > driver (by using CTRL+S or .sympath pdbpath).
    > >
    > > BTW, is it possible to make windbg to save the
    > config
    > > or do I have to insert the config on every
    > debugging
    > >
    > > session ?
    > >
    > >Thanks!
    > >Mike.
    > >--- Gary Little <[email protected]> wrote:
    > >
    > >>First, make sure you are using the version
    > 4.00.0018
    > >>of WinDbg. You can
    > >>download it from
    > >>
    > >>http://www.microsoft.com/ddk/debugging
    > >>
    > >>Second, be sure that your drivers PDB file is in
    > the
    > >>symbol path. If needed
    > >>do a !reload.
    > >>
    > >>Gary G. Little
    > >>Broadband Storage, Inc.
    > >>[email protected]
    > >>[email protected]
    > >>
    > >>-----Original Message-----
    > >>From: Mike Malgin [mailto:[email protected]]
    > >>Sent: Monday, February 25, 2002 5:05 PM
    > >>To: Kernel Debugging Interest List
    > >>Subject: [windbg] RE: Breaking on my driver.
    > >>
    > >>Hi,
    > >>
    > >> Thanks for the help.
    > >>
    > >> I tried what you previously suggested, i
    > >> n windbg I did the following :
    > >> kd> bu MySerialDrv!DriverEntry.
    > >> kd> bl
    > >> 0 eu 0001 (0001)
    > >>(MySerialDrv!DriverEntry)
    > >> kd> g
    > >>
    > >> Now, I manually started the driver on the target
    > >> machine, the windbg was indeed break on a bp, but
    > >> it doesn't look like it break on the right one,
    > >> the below is the line which appear after I run my
    > >> driver
    > >>
    > >> nt!MiRemoveUnusedSegments+7d7:
    > >> 80459081 cc int 3
    > >> ....
    > >> some more asm...
    > >> After some "F10" clicks I saw my driver debug
    > >>output.
    > >>
    > >> I have another problem, I get some warnings
    > >> about some wrong symbols version
    > >> "*** WARNING: symbols timestamp is wrong
    > 0x384d9b17
    > >>
    > >> 0x384d4cfd for ntoskrnl.exe"
    > >> Maybe someone can pour some light on this issue
    > >> as well ?
    > >>
    > >>Thanks,
    > >>-Mike.
    > >>
    > >>--- Gary Little <[email protected]> wrote:
    > >>
    > >>>Start WinDbg, break into the system, and then
    > >>>
    > >>enter
    > >>
    > >>>"bu
    > >>>yourDriver!DriverEntry". Start your driver.
    > >>>
    > >>>If you want to catch it during system boot, then
    > >>>
    > >>use
    > >>
    > >>>Ctl+Alt+K in WinDbg to
    > >>>enter WinDbg early in the boot process and set
    > the
    > >>>breakpoint as stated.
    > >>>
    > >>>Gary G. Little
    > >>>Broadband Storage, Inc.
    > >>>[email protected]
    > >>>[email protected]
    > >>>
    > >>>-----Original Message-----
    > >>>From: [email protected]
    > >>>[mailto:[email protected]]On
    > Behalf
    > >>>Of Mike Malgin
    > >>>Sent: Monday, February 25, 2002 11:55 AM
    > >>>To: Kernel Debugging Interest List
    > >>>Subject: [windbg] Breaking on my driver.
    > >>>
    > >>>Hi,
    > >>>
    > >>> I'm new to WinDBG and I would like to know
    > >>> if someone can tell me how can I load my driver
    > >>> and set bp on one of my function( e.g,
    > >>>
    > >>DriverEntry
    > >>
    > >>> etc.) ?
    > >>>
    > >>>Regards,
    > >>>-Mike.
    > >>>
    >
    >>>__________________________________________________
    > >>>Do You Yahoo!?
    > >>>Yahoo! Sports - Coverage of the 2002 Olympic
    > Games
    > >>>http://sports.yahoo.com
    > >>>
    > >>>---
    > >>>You are currently subscribed to windbg as:
    > >>>[email protected]
    > >>>To unsubscribe send a blank email to
    > >>>
    > >>%%email.unsub%%
    > >>
    > >>>---
    > >>>You are currently subscribed to windbg as:
    > >>>[email protected]
    > >>>To unsubscribe send a blank email to
    > >>>
    > >>%%email.unsub%%
    > >>
    > >>
    > >>__________________________________________________
    > >>Do You Yahoo!?
    > >>Yahoo! Sports - Coverage of the 2002 Olympic Games
    > >>http://sports.yahoo.com
    > >>
    > >>---
    > >>You are currently subscribed to windbg as:
    > >>[email protected]
    > >>To unsubscribe send a blank email to
    > %%email.unsub%%
    > >>
    > >>---
    > >>You are currently subscribed to windbg as:
    > >>[email protected]
    > >>To unsubscribe send a blank email to
    > >>
    > >%%email.unsub%%
    > >
    > >
    > >__________________________________________________
    > >Do You Yahoo!?
    > >Yahoo! Sports - Coverage of the 2002 Olympic Games
    > >http://sports.yahoo.com
    > >
    > >---
    > >You are currently subscribed to windbg as:
    > [email protected]
    >
    === message truncated ===


    __________________________________________________
    Do You Yahoo!?
    Yahoo! Greetings - Send FREE e-cards for every occasion!
    http://greetings.yahoo.com
  • Nathan_NesbitNathan_Nesbit Member Posts: 194
    Sounds like your symbols are correct.

    Does .srcpath point to the tree where your sources are. i.e. if your
    sources are in e:\projects is that what you have?

    One note, if you are connecting to a remote debugger then you need to
    use .lsrcpath instead of .srcpath.

    -----Original Message-----
    From: Mike Malgin [mailto:[email protected]]
    Sent: Tuesday, February 26, 2002 1:53 PM
    To: Kernel Debugging Interest List
    Subject: [windbg] RE: Breaking on my driver.


    Hello,

    Well, you're right, most of the info appear on the
    help file.
    The problem is that I read and then DO as the help
    file describe but it doesn't work.

    I set the pdb path, the source path, did "!reload"
    (several times!)
    set a break point using "bu SerialDrv!DriverEntry"
    then I press "g", break on the DriverEntry
    of the SerialDrv, but I still see ASM listing.
    A good sign (I think) is when I do
    kd> bl
    0 e [e:\projects\SerialDrv\main.c @ 1099] 0001
    (0001) SerialDrv!DriverEntry

    I also tried to look at "locals window" which shows
    my DRIVER_OBJECT, reg path info.
    (same results appear also when tring to break on
    other routines)

    I also checked the mode of WinDbg which is on "source

    mode on" the ".sympath" and ".srcpath" also seems to
    return the right path.

    Thanks,
    Mike.



    --- Sean Bullington <[email protected]> wrote:
    > You should check out the:
    > Debugging in Source Mode
    > section of the help file. Also check out the section
    > on Symbols... Many
    > of the questions you have are answered in the help
    > file. As far as the
    > source-level debugging, you probably don't have your
    > source path setup
    > correctly.
    >
    > As for the configuration, you should be able to save
    > the configuration
    > (after you set it up) as a "workspace" by choosing
    > the "Save Workspace"
    > or "Save Workspace As" options under the File menu.
    > Then you can just
    > load the workspace when WinDBG starts. You can also
    > have the workspace
    > loaded automatically by creating a shortcut to
    > windbg and adding the
    > "-Wworkspacename" parameter to the command line.
    >
    > sean
    >
    > Mike Malgin wrote:
    >
    > >Hi,
    > >
    > > The kernel symbol seems to work when I use the
    > > microsoft symbol server.
    > >
    > > I still have one problem when breaking on my
    > > DriverEntry, it now looks like it break correctly
    > > but I still see asm listing, I also
    > > loaded the PDB file (checked build) of the
    > > driver (by using CTRL+S or .sympath pdbpath).
    > >
    > > BTW, is it possible to make windbg to save the
    > config
    > > or do I have to insert the config on every
    > debugging
    > >
    > > session ?
    > >
    > >Thanks!
    > >Mike.
    > >--- Gary Little <[email protected]> wrote:
    > >
    > >>First, make sure you are using the version
    > 4.00.0018
    > >>of WinDbg. You can
    > >>download it from
    > >>
    > >>http://www.microsoft.com/ddk/debugging
    > >>
    > >>Second, be sure that your drivers PDB file is in
    > the
    > >>symbol path. If needed
    > >>do a !reload.
    > >>
    > >>Gary G. Little
    > >>Broadband Storage, Inc.
    > >>[email protected]
    > >>[email protected]
    > >>
    > >>-----Original Message-----
    > >>From: Mike Malgin [mailto:[email protected]]
    > >>Sent: Monday, February 25, 2002 5:05 PM
    > >>To: Kernel Debugging Interest List
    > >>Subject: [windbg] RE: Breaking on my driver.
    > >>
    > >>Hi,
    > >>
    > >> Thanks for the help.
    > >>
    > >> I tried what you previously suggested, i
    > >> n windbg I did the following :
    > >> kd> bu MySerialDrv!DriverEntry.
    > >> kd> bl
    > >> 0 eu 0001 (0001)
    > >>(MySerialDrv!DriverEntry)
    > >> kd> g
    > >>
    > >> Now, I manually started the driver on the target
    > >> machine, the windbg was indeed break on a bp, but
    > >> it doesn't look like it break on the right one,
    > >> the below is the line which appear after I run my
    > >> driver
    > >>
    > >> nt!MiRemoveUnusedSegments+7d7:
    > >> 80459081 cc int 3
    > >> ....
    > >> some more asm...
    > >> After some "F10" clicks I saw my driver debug
    > >>output.
    > >>
    > >> I have another problem, I get some warnings
    > >> about some wrong symbols version
    > >> "*** WARNING: symbols timestamp is wrong
    > 0x384d9b17
    > >>
    > >> 0x384d4cfd for ntoskrnl.exe"
    > >> Maybe someone can pour some light on this issue
    > >> as well ?
    > >>
    > >>Thanks,
    > >>-Mike.
    > >>
    > >>--- Gary Little <[email protected]> wrote:
    > >>
    > >>>Start WinDbg, break into the system, and then
    > >>>
    > >>enter
    > >>
    > >>>"bu
    > >>>yourDriver!DriverEntry". Start your driver.
    > >>>
    > >>>If you want to catch it during system boot, then
    > >>>
    > >>use
    > >>
    > >>>Ctl+Alt+K in WinDbg to
    > >>>enter WinDbg early in the boot process and set
    > the
    > >>>breakpoint as stated.
    > >>>
    > >>>Gary G. Little
    > >>>Broadband Storage, Inc.
    > >>>[email protected]
    > >>>[email protected]
    > >>>
    > >>>-----Original Message-----
    > >>>From: [email protected]
    > >>>[mailto:[email protected]]On
    > Behalf
    > >>>Of Mike Malgin
    > >>>Sent: Monday, February 25, 2002 11:55 AM
    > >>>To: Kernel Debugging Interest List
    > >>>Subject: [windbg] Breaking on my driver.
    > >>>
    > >>>Hi,
    > >>>
    > >>> I'm new to WinDBG and I would like to know
    > >>> if someone can tell me how can I load my driver
    > >>> and set bp on one of my function( e.g,
    > >>>
    > >>DriverEntry
    > >>
    > >>> etc.) ?
    > >>>
    > >>>Regards,
    > >>>-Mike.
    > >>>
    >
    >>>__________________________________________________
    > >>>Do You Yahoo!?
    > >>>Yahoo! Sports - Coverage of the 2002 Olympic
    > Games
    > >>>http://sports.yahoo.com
    > >>>
    > >>>---
    > >>>You are currently subscribed to windbg as: [email protected]
    > >>>To unsubscribe send a blank email to
    > >>>
    > >>%%email.unsub%%
    > >>
    > >>>---
    > >>>You are currently subscribed to windbg as: [email protected]
    > >>>To unsubscribe send a blank email to
    > >>>
    > >>%%email.unsub%%
    > >>
    > >>
    > >>__________________________________________________
    > >>Do You Yahoo!?
    > >>Yahoo! Sports - Coverage of the 2002 Olympic Games
    > >>http://sports.yahoo.com
    > >>
    > >>---
    > >>You are currently subscribed to windbg as: [email protected]
    > >>To unsubscribe send a blank email to
    > %%email.unsub%%
    > >>
    > >>---
    > >>You are currently subscribed to windbg as: [email protected]
    > >>To unsubscribe send a blank email to
    > >>
    > >%%email.unsub%%
    > >
    > >
    > >__________________________________________________
    > >Do You Yahoo!?
    > >Yahoo! Sports - Coverage of the 2002 Olympic Games
    > >http://sports.yahoo.com
    > >
    > >---
    > >You are currently subscribed to windbg as:
    > [email protected]
    >
    === message truncated ===


    __________________________________________________
    Do You Yahoo!?
    Yahoo! Greetings - Send FREE e-cards for every occasion!
    http://greetings.yahoo.com

    ---
    You are currently subscribed to windbg as: [email protected] To
    unsubscribe send a blank email to %%email.unsub%%
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Hi,

    I turned on noisy mode, which gave me the following
    output, as far as I understand it looks like
    it has some problem with the time stamp, I don't know

    what cause this problem because I rebuilt the
    project, copied the driver to the target system and
    then started its execution.
    --------------------------------------
    kd> .reload
    Connected to Windows 2000 2195 x86 compatible target,
    ptr64 FALSE
    DBGHELP: ntoskrnl.exe is stripped. Searching for dbg
    file.
    SYMSRV:
    c:\websymbols\ntoskrnl.dbg\384D9B17190900\ntoskrnl.dbg
    - OK.
    DBGHELP:
    c:\websymbols\ntoskrnl.dbg\384D9B17190900\ntoskrnl.dbg
    - OK.
    SYMSRV:
    c:\websymbols\ntoskrnl.pdb\38237D2054\ntoskrnl.pdb -
    OK.
    DBGHELP:
    c:\websymbols\ntoskrnl.pdb\38237D2054\ntoskrnl.pdb -
    opened.
    DBGHELP: nt - public symbols -
    c:\websymbols\ntoskrnl.pdb\38237D2054\ntoskrnl.pdb.
    Loading Kernel Symbols
    .................................................................................DBGHELP:
    SERIALDRV.SYS missing debug info. Searching for pdb
    anyway.
    DBGHELP: Can't use symbol server for SERIALDRV.pdb -
    no header information available.
    DBGHELP:
    e:\projects\serial\objchk\i386\symbols\SYS\SERIALDRV.pdb
    - file not found.
    DBGHELP:
    e:\projects\serial\objchk\i386\SYS\SERIALDRV.SYS.pdb -
    file not found.
    DBGHELP: e:\projects\serial\objchk\i386\SERIALDRV.pdb
    - unknown pdb sig opened.
    DBGHELP: C:\Program Files\Debugging Tools for
    Windows\SERIALDRV.SYS - file not found.
    DBGHELP: e:\projects\serial\objchk\i386\SERIALDRV.sys
    - mismatched timestamp
    DBGHELP: SERIALDRV.SYS not found in
    e:\projects\serial\objchk\i386.
    DBGHELP: SERIALDRV - private symbols -
    e:\projects\serial\objchk\i386\SERIALDRV.pdb.

    Loading unloaded module list
    No unloaded module list present
    Loading User Symbols
    PEB address is NULL !
    -----------------------------------------------------
    Thanks!
    Mike.
    --- Mike Malgin <[email protected]> wrote:
    > Hello,
    >
    > Well, you're right, most of the info appear on the
    > help file.
    > The problem is that I read and then DO as the help
    > file describe but it doesn't work.
    >
    > I set the pdb path, the source path, did "!reload"
    > (several times!)
    > set a break point using "bu SerialDrv!DriverEntry"
    > then I press "g", break on the DriverEntry
    > of the SerialDrv, but I still see ASM listing.
    > A good sign (I think) is when I do
    > kd> bl
    > 0 e [e:\projects\SerialDrv\main.c @ 1099] 0001
    > (0001) SerialDrv!DriverEntry
    >
    > I also tried to look at "locals window" which shows
    > my DRIVER_OBJECT, reg path info.
    > (same results appear also when tring to break on
    > other routines)
    >
    > I also checked the mode of WinDbg which is on
    > "source
    >
    > mode on" the ".sympath" and ".srcpath" also seems to
    > return the right path.
    >
    > Thanks,
    > Mike.
    >
    >
    >
    > --- Sean Bullington <[email protected]> wrote:
    > > You should check out the:
    > > Debugging in Source Mode
    > > section of the help file. Also check out the
    > section
    > > on Symbols... Many
    > > of the questions you have are answered in the help
    > > file. As far as the
    > > source-level debugging, you probably don't have
    > your
    > > source path setup
    > > correctly.
    > >
    > > As for the configuration, you should be able to
    > save
    > > the configuration
    > > (after you set it up) as a "workspace" by choosing
    > > the "Save Workspace"
    > > or "Save Workspace As" options under the File
    > menu.
    > > Then you can just
    > > load the workspace when WinDBG starts. You can
    > also
    > > have the workspace
    > > loaded automatically by creating a shortcut to
    > > windbg and adding the
    > > "-Wworkspacename" parameter to the command line.
    > >
    > > sean
    > >
    > > Mike Malgin wrote:
    > >
    > > >Hi,
    > > >
    > > > The kernel symbol seems to work when I use the
    > > > microsoft symbol server.
    > > >
    > > > I still have one problem when breaking on my
    > > > DriverEntry, it now looks like it break
    > correctly
    > > > but I still see asm listing, I also
    > > > loaded the PDB file (checked build) of the
    > > > driver (by using CTRL+S or .sympath pdbpath).
    > > >
    > > > BTW, is it possible to make windbg to save the
    > > config
    > > > or do I have to insert the config on every
    > > debugging
    > > >
    > > > session ?
    > > >
    > > >Thanks!
    > > >Mike.
    > > >--- Gary Little <[email protected]> wrote:
    > > >
    > > >>First, make sure you are using the version
    > > 4.00.0018
    > > >>of WinDbg. You can
    > > >>download it from
    > > >>
    > > >>http://www.microsoft.com/ddk/debugging
    > > >>
    > > >>Second, be sure that your drivers PDB file is in
    > > the
    > > >>symbol path. If needed
    > > >>do a !reload.
    > > >>
    > > >>Gary G. Little
    > > >>Broadband Storage, Inc.
    > > >>[email protected]
    > > >>[email protected]
    > > >>
    > > >>-----Original Message-----
    > > >>From: Mike Malgin [mailto:[email protected]]
    > > >>Sent: Monday, February 25, 2002 5:05 PM
    > > >>To: Kernel Debugging Interest List
    > > >>Subject: [windbg] RE: Breaking on my driver.
    > > >>
    > > >>Hi,
    > > >>
    > > >> Thanks for the help.
    > > >>
    > > >> I tried what you previously suggested, i
    > > >> n windbg I did the following :
    > > >> kd> bu MySerialDrv!DriverEntry.
    > > >> kd> bl
    > > >> 0 eu 0001 (0001)
    > > >>(MySerialDrv!DriverEntry)
    > > >> kd> g
    > > >>
    > > >> Now, I manually started the driver on the
    > target
    > > >> machine, the windbg was indeed break on a bp,
    > but
    > > >> it doesn't look like it break on the right one,
    > > >> the below is the line which appear after I run
    > my
    > > >> driver
    > > >>
    > > >> nt!MiRemoveUnusedSegments+7d7:
    > > >> 80459081 cc int 3
    > > >> ....
    > > >> some more asm...
    > > >> After some "F10" clicks I saw my driver debug
    > > >>output.
    > > >>
    > > >> I have another problem, I get some warnings
    > > >> about some wrong symbols version
    > > >> "*** WARNING: symbols timestamp is wrong
    > > 0x384d9b17
    > > >>
    > > >> 0x384d4cfd for ntoskrnl.exe"
    > > >> Maybe someone can pour some light on this issue
    > > >> as well ?
    > > >>
    > > >>Thanks,
    > > >>-Mike.
    > > >>
    > > >>--- Gary Little <[email protected]> wrote:
    > > >>
    > > >>>Start WinDbg, break into the system, and then
    > > >>>
    > > >>enter
    > > >>
    > > >>>"bu
    > > >>>yourDriver!DriverEntry". Start your driver.
    > > >>>
    > > >>>If you want to catch it during system boot,
    > then
    > > >>>
    > > >>use
    > > >>
    > > >>>Ctl+Alt+K in WinDbg to
    > > >>>enter WinDbg early in the boot process and set
    > > the
    > > >>>breakpoint as stated.
    > > >>>
    > > >>>Gary G. Little
    > > >>>Broadband Storage, Inc.
    > > >>>[email protected]
    > > >>>[email protected]
    > > >>>
    > > >>>-----Original Message-----
    > > >>>From: [email protected]
    > > >>>[mailto:[email protected]]On
    > > Behalf
    > > >>>Of Mike Malgin
    > > >>>Sent: Monday, February 25, 2002 11:55 AM
    > > >>>To: Kernel Debugging Interest List
    > > >>>Subject: [windbg] Breaking on my driver.
    > > >>>
    > > >>>Hi,
    > > >>>
    > > >>> I'm new to WinDBG and I would like to know
    > > >>> if someone can tell me how can I load my
    > driver
    > > >>> and set bp on one of my function( e.g,
    > > >>>
    > > >>DriverEntry
    > > >>
    > > >>> etc.) ?
    > > >>>
    > > >>>Regards,
    > > >>>-Mike.
    > > >>>
    > >
    >
    >>>__________________________________________________
    > > >>>Do You Yahoo!?
    >
    === message truncated ===


    __________________________________________________
    Do You Yahoo!?
    Yahoo! Greetings - Send FREE e-cards for every occasion!
    http://greetings.yahoo.com
  • OSR_Community_UserOSR_Community_User Member Posts: 110,217
    Hi Nathan,

    No, my .srcpath point directly to the directory
    where my sources are, to wit,
    .srcpath=e:\projects\serial\, were all the sources
    are under the serial directory
    (i.e., "e:\projects\serial\XXX.c/h" )

    Thanks!
    Mike.


    --- Nathan Nesbit <[email protected]>
    wrote:
    > Sounds like your symbols are correct.
    >
    > Does .srcpath point to the tree where your sources
    > are. i.e. if your
    > sources are in e:\projects is that what you have?
    >
    > One note, if you are connecting to a remote debugger
    > then you need to
    > use .lsrcpath instead of .srcpath.
    >
    > -----Original Message-----
    > From: Mike Malgin [mailto:[email protected]]
    > Sent: Tuesday, February 26, 2002 1:53 PM
    > To: Kernel Debugging Interest List
    > Subject: [windbg] RE: Breaking on my driver.
    >
    >
    > Hello,
    >
    > Well, you're right, most of the info appear on the
    > help file.
    > The problem is that I read and then DO as the help
    > file describe but it doesn't work.
    >
    > I set the pdb path, the source path, did "!reload"
    > (several times!)
    > set a break point using "bu SerialDrv!DriverEntry"
    > then I press "g", break on the DriverEntry
    > of the SerialDrv, but I still see ASM listing.
    > A good sign (I think) is when I do
    > kd> bl
    > 0 e [e:\projects\SerialDrv\main.c @ 1099] 0001
    > (0001) SerialDrv!DriverEntry
    >
    > I also tried to look at "locals window" which shows
    > my DRIVER_OBJECT, reg path info.
    > (same results appear also when tring to break on
    > other routines)
    >
    > I also checked the mode of WinDbg which is on
    > "source
    >
    > mode on" the ".sympath" and ".srcpath" also seems to
    > return the right path.
    >
    > Thanks,
    > Mike.
    >
    >
    >
    > --- Sean Bullington <[email protected]> wrote:
    > > You should check out the:
    > > Debugging in Source Mode
    > > section of the help file. Also check out the
    > section
    > > on Symbols... Many
    > > of the questions you have are answered in the help
    > > file. As far as the
    > > source-level debugging, you probably don't have
    > your
    > > source path setup
    > > correctly.
    > >
    > > As for the configuration, you should be able to
    > save
    > > the configuration
    > > (after you set it up) as a "workspace" by choosing
    > > the "Save Workspace"
    > > or "Save Workspace As" options under the File
    > menu.
    > > Then you can just
    > > load the workspace when WinDBG starts. You can
    > also
    > > have the workspace
    > > loaded automatically by creating a shortcut to
    > > windbg and adding the
    > > "-Wworkspacename" parameter to the command line.
    > >
    > > sean
    > >
    > > Mike Malgin wrote:
    > >
    > > >Hi,
    > > >
    > > > The kernel symbol seems to work when I use the
    > > > microsoft symbol server.
    > > >
    > > > I still have one problem when breaking on my
    > > > DriverEntry, it now looks like it break
    > correctly
    > > > but I still see asm listing, I also
    > > > loaded the PDB file (checked build) of the
    > > > driver (by using CTRL+S or .sympath pdbpath).
    > > >
    > > > BTW, is it possible to make windbg to save the
    > > config
    > > > or do I have to insert the config on every
    > > debugging
    > > >
    > > > session ?
    > > >
    > > >Thanks!
    > > >Mike.
    > > >--- Gary Little <[email protected]> wrote:
    > > >
    > > >>First, make sure you are using the version
    > > 4.00.0018
    > > >>of WinDbg. You can
    > > >>download it from
    > > >>
    > > >>http://www.microsoft.com/ddk/debugging
    > > >>
    > > >>Second, be sure that your drivers PDB file is in
    > > the
    > > >>symbol path. If needed
    > > >>do a !reload.
    > > >>
    > > >>Gary G. Little
    > > >>Broadband Storage, Inc.
    > > >>[email protected]
    > > >>[email protected]
    > > >>
    > > >>-----Original Message-----
    > > >>From: Mike Malgin [mailto:[email protected]]
    > > >>Sent: Monday, February 25, 2002 5:05 PM
    > > >>To: Kernel Debugging Interest List
    > > >>Subject: [windbg] RE: Breaking on my driver.
    > > >>
    > > >>Hi,
    > > >>
    > > >> Thanks for the help.
    > > >>
    > > >> I tried what you previously suggested, i
    > > >> n windbg I did the following :
    > > >> kd> bu MySerialDrv!DriverEntry.
    > > >> kd> bl
    > > >> 0 eu 0001 (0001)
    > > >>(MySerialDrv!DriverEntry)
    > > >> kd> g
    > > >>
    > > >> Now, I manually started the driver on the
    > target
    > > >> machine, the windbg was indeed break on a bp,
    > but
    > > >> it doesn't look like it break on the right one,
    > > >> the below is the line which appear after I run
    > my
    > > >> driver
    > > >>
    > > >> nt!MiRemoveUnusedSegments+7d7:
    > > >> 80459081 cc int 3
    > > >> ....
    > > >> some more asm...
    > > >> After some "F10" clicks I saw my driver debug
    > > >>output.
    > > >>
    > > >> I have another problem, I get some warnings
    > > >> about some wrong symbols version
    > > >> "*** WARNING: symbols timestamp is wrong
    > > 0x384d9b17
    > > >>
    > > >> 0x384d4cfd for ntoskrnl.exe"
    > > >> Maybe someone can pour some light on this issue
    > > >> as well ?
    > > >>
    > > >>Thanks,
    > > >>-Mike.
    > > >>
    > > >>--- Gary Little <[email protected]> wrote:
    > > >>
    > > >>>Start WinDbg, break into the system, and then
    > > >>>
    > > >>enter
    > > >>
    > > >>>"bu
    > > >>>yourDriver!DriverEntry". Start your driver.
    > > >>>
    > > >>>If you want to catch it during system boot,
    > then
    > > >>>
    > > >>use
    > > >>
    > > >>>Ctl+Alt+K in WinDbg to
    > > >>>enter WinDbg early in the boot process and set
    > > the
    > > >>>breakpoint as stated.
    > > >>>
    > > >>>Gary G. Little
    > > >>>Broadband Storage, Inc.
    > > >>>[email protected]
    > > >>>[email protected]
    > > >>>
    > > >>>-----Original Message-----
    > > >>>From: [email protected]
    > > >>>[mailto:[email protected]]On
    > > Behalf
    > > >>>Of Mike Malgin
    > > >>>Sent: Monday, February 25, 2002 11:55 AM
    > > >>>To: Kernel Debugging Interest List
    > > >>>Subject: [windbg] Breaking on my driver.
    > > >>>
    >
    === message truncated ===


    __________________________________________________
    Do You Yahoo!?
    Yahoo! Greetings - Send FREE e-cards for every occasion!
    http://greetings.yahoo.com
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 24 January 2022 Live, Online
Internals & Software Drivers 7 February 2022 Live, Online
Kernel Debugging 21 March 2022 Live, Online
Developing Minifilters 23 May 2022 Live, Online