Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
can not break on a memory region created by MapViewOfFile
I have a user mode executable which setup a file mapping by following steps
1. CreateFileMapping (file handle is INVALID_HANDLE_VALUE)
2. MapViewOfFile (got a memory address)
I set a memory write break point on the returned address
ba w 4 addr
the debugger never break on this break point, but the content of the breaking region do changed. So how to break in this situation ? Many thanks!!
Howdy, Stranger!
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Kernel Debugging | 13-17 May 2024 | Live, Online |
| Developing Minifilters | 1-5 Apr 2024 | Live, Online |
| Internals & Software Drivers | 11-15 Mar 2024 | Live, Online |
| Writing WDF Drivers | 26 Feb - 1 Mar 2024 | Live, Online |
Comments
Remember, that only breaks on those exact 4 bytes. Are you literally changing the first four bytes? Also remember that this only traps writes to this virtual address within this process. If the region is being written in another process, that will use a different virtual address and won't be trapped.
Tim Roberts, [email protected]
Providenza & Boekelheide, Inc.
got it. This is my case I've never met before. Thank you.