I need to find a way to debug a crashdump “satellite” driver of a virtual miniport. So far I could not get it to print by StorPortDebugPrint, or set a breakpoint. Once crashdump process starts, it runs on high IRQL, and the debugger can’t break into it. I’m using 1394 connection.
I’ve done this with serial, and even there you have a challenge.
Basically, you are going to have do some walking of the functions from the
bugcheck display in Windbg, you will find that the system disables the
debugger. Fortunately at least for the older systems (I haven’t tried it
on newer systems) you will find that the system sets a global that indicates
stop debugging, what you need to do is is reset the value of the global once
the system set it.
The first time I did the walk it took me an hour or two to find the flag,
after that put a breakpoint just before the flag is set then single step,
adn reset the flag.
–
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
wrote in message news:xxxxx@ntdev…
>I need to find a way to debug a crashdump “satellite” driver of a virtual
>miniport. So far I could not get it to print by StorPortDebugPrint, or set
>a breakpoint. Once crashdump process starts, it runs on high IRQL, and the
>debugger can’t break into it. I’m using 1394 connection.
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 5377 (20100818)
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>
Information from ESET NOD32 Antivirus, version of virus signature database 5377 (20100818)
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
You can set breakpoints. You have to copy your miniport .sys and .pdb to the
appropriate named dmp entities to match the images in the kernel. Set the
breakpoints before invoking a crash.
I’ve never tried this with 1394 but I have absolutely gotten it to work with
serial.
Mark Roddy
On Wed, Aug 18, 2010 at 2:54 PM, wrote:
> I need to find a way to debug a crashdump “satellite” driver of a virtual
> miniport. So far I could not get it to print by StorPortDebugPrint, or set a
> breakpoint. Once crashdump process starts, it runs on high IRQL, and the
> debugger can’t break into it. I’m using 1394 connection.
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
I am using virtual COM to debug my miniport driver in crash stack. You can have a try to use ‘bp dump_!’ to set a breakpoint. It can work from WinXP to Win7 in my box.
Are you debuging Storport Virtual Miniport driver? I know that there is bug in port driver to support SVM driver crash dump feature.
Thanks
Wayne
Date: Wed, 18 Aug 2010 16:33:43 -0400
Subject: Re: [ntdev] crashdump driver debugging?
From: xxxxx@hollistech.com
To: xxxxx@lists.osr.com
You can set breakpoints. You have to copy your miniport .sys and .pdb to the appropriate named dmp entities to match the images in the kernel. Set the breakpoints before invoking a crash.
I’ve never tried this with 1394 but I have absolutely gotten it to work with serial.
Mark Roddy
On Wed, Aug 18, 2010 at 2:54 PM, wrote:
I need to find a way to debug a crashdump “satellite” driver of a virtual miniport. So far I could not get it to print by StorPortDebugPrint, or set a breakpoint. Once crashdump process starts, it runs on high IRQL, and the debugger can’t break into it. I’m using 1394 connection.
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
I can’t recall the name at the moment, but on some older platforms there’s a
global variable you may need to set to avoid triggering a checksum failure
on the dump stack if you use bp. Using a hardware breakpoint should avoid
that though (ba e1 foo!bar).
-scott
–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com