Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Changing the order in which debuggers are called

margo84margo84 Member Posts: 2

Hello everybody!
I understand, when a user-mode program calls DebugBreak, the following possible actions will occur:
1. If a user-mode debugger is attached, the program will break into the debugger. This means that the program will pause and the debugger will become active.
2. If a user-mode debugger is not attached, but kernel-mode debugging was enabled at boot time, the entire computer will break into the kernel debugger. If a kernel debugger is not attached, the computer will freeze and await a kernel debugger.
This issue was discussed in detail in the thread: https://community.osr.com/discussion/262745/debugbreak-int-3-and-process-command
I have an application that has its own user mode debugger attached. This application can only function with its user mode debugger. I need to trace this application. I cannot connect a user-mode debugger to it, since it already has its own debugger. Kernel debugging mode also cannot be used, since breakpoints are processed first by the user-mode debugger and the root-mode debugger is not called.
The question arises. Is there any way to change the priority of calling debuggers? I want the kernel mode debugger to always be called first, followed by the user mode debugger (if available).

Comments

  • rod_widdowsonrod_widdowson Member - All Emails Posts: 1,266
    edited January 1

    Not the answer to your question but are you aware of the /noumex BCDEDIT setting?

  • margo84margo84 Member Posts: 2

    Thanks for the answer. The option /noumex is intended for a slightly different action. It rather produces the opposite of the desired effect. Moreover: "The /noumex parameter is effective only when there is no user-mode debugger attached to the process"
    So it doesn't suit me.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 13-17 May 2024 Live, Online
Developing Minifilters 1-5 Apr 2024 Live, Online
Internals & Software Drivers 11-15 Mar 2024 Live, Online
Writing WDF Drivers 20-24 May 2024 Live, Online