Hello,
I’m new to Windbg and I’m having a problem that I’m hoping someone can
give me a quick hand with. The filespy sample that comes with the XP ifs
kit includes an extension dll that can be used to follow what’s happening.
I start windbg (host is W2k, target is XP) and I get into the KD command
line. I load the dll extension by typing ‘.load fspykd.dll’. Windbg
informs me that the extension DLL is loaded. To ensure it’s there I type
!help, and the list of possible commands is listed on the screen. Then
when I type !filenames 1, I get the following output.
HashTable: 00000000
FileObject Length FileName
Unable to read memory at 00000000
Am I missing a step somewhere? Does the application program need to be in
a certain state in order for me to get the output I want? Any help is
appreciated. Thanks
Mike
Are you sure the filespy.sys driver is loaded? Check !drivers.
If it is loaded, did you right-click on filespy.inf and choose the
Install option? Maybe it is not installed correctly.
-----Original Message-----
From: xxxxx@platypus.net [mailto:xxxxx@platypus.net]
Sent: Wednesday, July 31, 2002 11:59 PM
To: Kernel Debugging Interest List
Subject: [windbg] filespy dll extension included in IFS kit
Hello,
I’m new to Windbg and I’m having a problem that I’m hoping someone can
give me a quick hand with. The filespy sample that comes with the XP
ifs kit includes an extension dll that can be used to follow what’s
happening. I start windbg (host is W2k, target is XP) and I get into
the KD command line. I load the dll extension by typing ‘.load
fspykd.dll’. Windbg informs me that the extension DLL is loaded. To
ensure it’s there I type !help, and the list of possible commands is
listed on the screen. Then when I type !filenames 1, I get the
following output.
HashTable: 00000000
FileObject Length FileName
Unable to read memory at 00000000
Am I missing a step somewhere? Does the application program need to be
in a certain state in order for me to get the output I want? Any help
is appreciated. Thanks
Mike
You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%
Hi,
When I run !drivers I get the following output
f7629000 2480( 10 k) 800 ( 2 k) ndisuio.sys Sat Aug 18 06:53:53
2001
f7396000 25a00( 151 k) 4500 ( 18 k) mrxdav.sys Sat Aug 18 06:50:20
2001
f8a7d000 e00( 4 k) 980 ( 3 k) ParVdm.SYS Sat Aug 18 06:49:49
2001
f72a5000 48780( 290 k) 7f80 ( 32 k) srv.sys Sat Aug 18 11:32:06
2001
f8879000 43c0( 17 k) 2120 ( 9 k) filespy.sys Thu Aug 01 14:59:40
2002
With the last one showing that my filespy driver is loaded on the target
machine. I also got another error message that I must have missed
yesterday when I ran !filenames.
kd> !filenames 1
*** ERROR: Module load completed but symbols could not be loaded for
filespy.sys
HashTable: 00000000
FileObject Length FileName
Unable to read memory at 00000000
I checked and I have a filespy.pdb file in \WINNT\Symbols on the host
machine. I tried ‘ld filespy’ and windbg says the symbols are already
loaded. Any other suggestion?
Thanks
Mike
Make sure the filespy.pdb file is in your .sympath.
Type “.sympath+ c:\winnt\symbols” (or whatever is the correct path).
You can type .sympath by itself to see what your symbol path is set to.
-----Original Message-----
From: xxxxx@platypus.net [mailto:xxxxx@platypus.net]
Sent: Thursday, August 01, 2002 5:49 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: filespy dll extension included in IFS kit
Hi,
When I run !drivers I get the following output
f7629000 2480( 10 k) 800 ( 2 k) ndisuio.sys Sat Aug 18 06:53:53
2001
f7396000 25a00( 151 k) 4500 ( 18 k) mrxdav.sys Sat Aug 18 06:50:20
2001
f8a7d000 e00( 4 k) 980 ( 3 k) ParVdm.SYS Sat Aug 18 06:49:49
2001
f72a5000 48780( 290 k) 7f80 ( 32 k) srv.sys Sat Aug 18 11:32:06
2001
f8879000 43c0( 17 k) 2120 ( 9 k) filespy.sys Thu Aug 01 14:59:40
2002
With the last one showing that my filespy driver is loaded on the target
machine. I also got another error message that I must have missed
yesterday when I ran !filenames.
kd> !filenames 1
*** ERROR: Module load completed but symbols could not be loaded for
filespy.sys
HashTable: 00000000
FileObject Length FileName
Unable to read memory at 00000000
I checked and I have a filespy.pdb file in \WINNT\Symbols on the host
machine. I tried ‘ld filespy’ and windbg says the symbols are already
loaded. Any other suggestion?
Thanks
Mike
You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%
Hi, all
I would like to know about data structure of pool area on both W2K and NT4.
because when we have pool or pool header corrupt in terminal service
session, we can always see 0xa3000000 as first parameter for
nt!CtxFreeWinStationSubPool.
What is it pointed out? I think pool area will be managed as linked list,
though, I would like to know data structure of pool area exactly.
Thanks in advance,
Futoshi