Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Sept/Oct 2019 Issue of The NT Insider available


Download PDF here: http://insider.osr.com/2019/ntinsider_2019_01.pdf

It’s a particularly BIG issue, too: 40 pages of technical goodness, ranging from WDF to Minifilters. Check it out.
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

WinDbg dt help

fredantomfredantom Member Posts: 8
edited October 15 in WINDBG

I'm trying to view the data structure of _DEVICE_OBJECT > DeviceExtension ... As seen below.

But how would i now go about getting the structure of DeviceExtension?
(I tried to do "dt nt!_DEVICE_OBJECT -b" but It doesn't get the structure of DeviceExtension)

Comments

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,131

    The type of the DeviceExtension is up to each individual driver. The DEVICE_OBJECT holds an opaque pointer to it as a convenience, but there's no standard for what it contains. That's why it is shown as a void*.

    If this is your driver, then you know the type of the device extension, and you can use "dt yourdriver!MY_DEVICE_CONTEXT" to view it.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • fredantomfredantom Member Posts: 8
    edited October 15

    @Tim_Roberts said:
    The type of the DeviceExtension is up to each individual driver. The DEVICE_OBJECT holds an opaque pointer to it as a convenience, but there's no standard for what it contains. That's why it is shown as a void*.

    If this is your driver, then you know the type of the device extension, and you can use "dt yourdriver!MY_DEVICE_CONTEXT" to view it.

    How would I get the structure if it wasn't my driver? For example: "dt somedriver!X" then what should x be if I had no insight to how the driver was written?

    As seen here:

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,467

    How would I get the structure if it wasn't my driver

    Well, you don't. The data structure definition isn't even necessarily public.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • fredantomfredantom Member Posts: 8

    @Peter_Viscarola_(OSR) said:

    How would I get the structure if it wasn't my driver

    Well, you don't. The data structure definition isn't even necessarily public.

    Peter

    What if you knew the type of the device (+0x048 DeviceType : Uint4B) would it then be possible to somehow reverse the structure of DeviceExtension?

    For example: #define FILE_DEVICE_DISK 0x00000007 (https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/specifying-device-types)

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,131

    Absolutely not. You have to have the symbols for the driver. There is no other way.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • fredantomfredantom Member Posts: 8

    @Tim_Roberts said:
    Absolutely not. You have to have the symbols for the driver. There is no other way.

    But, then I'm right back to my second question: How can I get the DeviceExtension of a driver that isn't mine in windbg (look at second screenshot i posted).

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,131

    Is there something unclear about "you don't" and "there is no other way"?

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,467

    How can I get the DeviceExtension of a driver that isn't mine in windbg

    You can not. The content and format of a DeviceExtension is up to the developer who writes the driver. It’s not standard. It’s not documented. It’s not available. It’s private.

    Have a nice day.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
Writing WDF Drivers 21 Oct 2019 OSR Seminar Space & ONLINE
Internals & Software Drivers 18 Nov 2019 Dulles, VA
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 27 Apr 2020 OSR Seminar Space & ONLINE