thanks for replying ladislav
i understand it shouldn;t be possible logically thinking about it
but i was surprised to see RemoveExtension returning S_OK
but it returns S_OK without removing the extension
doing a .chain still shows that the extension is executing
so i used another variation
m_Control->Execute ( DEBUG_CONTROL_THIS_CLIENT,“.unload path to self”
DEBUG_EXEC_DEFAULT);
this unloads the dll and rightly and crashes windbg due to invalid eip
on return
yes i am modifying the resources on the fly
i have about 1100 pairs of data (dword + fixed length unicode string)
in resources prior to compiling
i have an extension command which can add the 1101th to Nth entry to
the resources dynamically during execution
at present i start with two identical copy of the extension one
executing inside windbg other dll non executing
when i execute add resource the added resource is modified in the
second non executing copy of the dll
wnen the resources have been updated i unload the executing dll using
.unload command from windbg command window run a copy command in
cmd.exe overwriting the first dll with updated second dll and reload
the extesion
now i was wondering if i can automate this behavior from an extension dll itself
code
ULONG64 Handle = NULL;
HRESULT Status = S_OK;
if ((Status =
m_Control->AddExtension(“f:\windbg\612windbg\winext\Decode_Iocontrolcode.dll”,NULL,&Handle))
!= S_OK)
{
Dml(“AddExtension Failed returned %x\n”,Status);
}
if (( Status - m_Control->RemoveExtension(Handle)) != S_OK)
{
Dml(“RemoveExtension Failed returned %x\n”,Status);
}
Dml("m_Control->RemoveExtension returned with %x GetLastError
retuned %x\n ",Status, GetLastError());
result
see RemoveExtension reuring S_OK
0:000> !addioctl 0xd4ee4
hmod = 10000000 hRes = 1000c048 hResData = 1000c070 SizeofRes =
40740 ResChar = I
there are 1091
Entries in the list
hadnle = d0003c 0
m_Control->RemoveExtension returned with 0 GetLastError retuned 0
c0c08048 NLB_IOCTL_REGISTER_HOOK
c0c08054 NLB_PUBLIC_IOCTL_CLIENT_STICKINESS_NOTIFY
d4ee4 this is the badbodoo ioctl
resources were updated to dummy dll in winext Directory unload
overwrite and reload this extension for updated ioctl list
0:000> !addioctl 0xd4ee4
hmod = 10000000 hRes = 1000c048 hResData = 1000c070 SizeofRes =
40740 ResChar = I
there are 1091
Entries in the list
hadnle = d0003c 0
m_Control->RemoveExtension returned with 0 GetLastError retuned 0
c0c08048 NLB_IOCTL_REGISTER_HOOK
c0c08054 NLB_PUBLIC_IOCTL_CLIENT_STICKINESS_NOTIFY
d4ee4 this is the badbodoo ioctl
resources were updated to dummy dll in winext Directory unload
overwrite and reload this extension for updated ioctl list
On 8/31/13, Ladislav Zezula wrote:
>> i am looking for a way to do it from a currently executing extension dll
>
> You cannot. Think about it - unloading your extension (aka your DLL
> from within Windbg.exe process) will release the image memory, and
> when the code execution flow returns from RemoveExtension, what should
> it execute?
>
> Also - from what I understand, you are atrying to unload your DLL,
> change resources to it, then load it back. Why on earth you want to
> change DLL resources on the fly? (assuming I understand it correctly)
>
> L.
>
>
>
> —
> WINDBG is sponsored by OSR
>
> OSR is hiring!! Info at http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>