Breaking on my driver.

Hi,

I’m new to WinDBG and I would like to know
if someone can tell me how can I load my driver
and set bp on one of my function( e.g, DriverEntry
etc.) ?

Regards,
-Mike.


Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com

Start WinDbg, break into the system, and then enter “bu
yourDriver!DriverEntry”. Start your driver.

If you want to catch it during system boot, then use Ctl+Alt+K in WinDbg to
enter WinDbg early in the boot process and set the breakpoint as stated.

Gary G. Little
Broadband Storage, Inc.
xxxxx@broadstor.com
xxxxx@inland.net

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Mike Malgin
Sent: Monday, February 25, 2002 11:55 AM
To: Kernel Debugging Interest List
Subject: [windbg] Breaking on my driver.

Hi,

I’m new to WinDBG and I would like to know
if someone can tell me how can I load my driver
and set bp on one of my function( e.g, DriverEntry
etc.) ?

Regards,
-Mike.


Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com


You are currently subscribed to windbg as: xxxxx@inland.net
To unsubscribe send a blank email to %%email.unsub%%

Hi,

Thanks for the help.

I tried what you previously suggested, i
n windbg I did the following :
kd> bu MySerialDrv!DriverEntry.
kd> bl
0 eu 0001 (0001) (MySerialDrv!DriverEntry)
kd> g

Now, I manually started the driver on the target
machine, the windbg was indeed break on a bp, but
it doesn’t look like it break on the right one,
the below is the line which appear after I run my
driver

nt!MiRemoveUnusedSegments+7d7:
80459081 cc int 3

some more asm…
After some “F10” clicks I saw my driver debug output.

I have another problem, I get some warnings
about some wrong symbols version
“*** WARNING: symbols timestamp is wrong 0x384d9b17
0x384d4cfd for ntoskrnl.exe”
Maybe someone can pour some light on this issue
as well ?

Thanks,
-Mike.

— Gary Little wrote:
> Start WinDbg, break into the system, and then enter
> “bu
> yourDriver!DriverEntry”. Start your driver.
>
> If you want to catch it during system boot, then use
> Ctl+Alt+K in WinDbg to
> enter WinDbg early in the boot process and set the
> breakpoint as stated.
>
> Gary G. Little
> Broadband Storage, Inc.
> xxxxx@broadstor.com
> xxxxx@inland.net
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf
> Of Mike Malgin
> Sent: Monday, February 25, 2002 11:55 AM
> To: Kernel Debugging Interest List
> Subject: [windbg] Breaking on my driver.
>
> Hi,
>
> I’m new to WinDBG and I would like to know
> if someone can tell me how can I load my driver
> and set bp on one of my function( e.g, DriverEntry
> etc.) ?
>
> Regards,
> -Mike.
>
>
> Do You Yahoo!?
> Yahoo! Sports - Coverage of the 2002 Olympic Games
> http://sports.yahoo.com
>
> —
> You are currently subscribed to windbg as:
> xxxxx@inland.net
> To unsubscribe send a blank email to %%email.unsub%%
>
> —
> You are currently subscribed to windbg as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
%%email.unsub%%


Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com

First, make sure you are using the version 4.00.0018 of WinDbg. You can
download it from

http://www.microsoft.com/ddk/debugging

Second, be sure that your drivers PDB file is in the symbol path. If needed
do a !reload.

Gary G. Little
Broadband Storage, Inc.
xxxxx@broadstor.com
xxxxx@inland.net

-----Original Message-----
From: Mike Malgin [mailto:xxxxx@yahoo.com]
Sent: Monday, February 25, 2002 5:05 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: Breaking on my driver.

Hi,

Thanks for the help.

I tried what you previously suggested, i
n windbg I did the following :
kd> bu MySerialDrv!DriverEntry.
kd> bl
0 eu 0001 (0001) (MySerialDrv!DriverEntry)
kd> g

Now, I manually started the driver on the target
machine, the windbg was indeed break on a bp, but
it doesn’t look like it break on the right one,
the below is the line which appear after I run my
driver

nt!MiRemoveUnusedSegments+7d7:
80459081 cc int 3

some more asm…
After some “F10” clicks I saw my driver debug output.

I have another problem, I get some warnings
about some wrong symbols version
“*** WARNING: symbols timestamp is wrong 0x384d9b17
0x384d4cfd for ntoskrnl.exe”
Maybe someone can pour some light on this issue
as well ?

Thanks,
-Mike.

— Gary Little wrote:
> Start WinDbg, break into the system, and then enter
> “bu
> yourDriver!DriverEntry”. Start your driver.
>
> If you want to catch it during system boot, then use
> Ctl+Alt+K in WinDbg to
> enter WinDbg early in the boot process and set the
> breakpoint as stated.
>
> Gary G. Little
> Broadband Storage, Inc.
> xxxxx@broadstor.com
> xxxxx@inland.net
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf
> Of Mike Malgin
> Sent: Monday, February 25, 2002 11:55 AM
> To: Kernel Debugging Interest List
> Subject: [windbg] Breaking on my driver.
>
> Hi,
>
> I’m new to WinDBG and I would like to know
> if someone can tell me how can I load my driver
> and set bp on one of my function( e.g, DriverEntry
> etc.) ?
>
> Regards,
> -Mike.
>
>
> Do You Yahoo!?
> Yahoo! Sports - Coverage of the 2002 Olympic Games
> http://sports.yahoo.com
>
> —
> You are currently subscribed to windbg as:
> xxxxx@inland.net
> To unsubscribe send a blank email to %%email.unsub%%
>
> —
> You are currently subscribed to windbg as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
%%email.unsub%%


Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com


You are currently subscribed to windbg as: xxxxx@broadstor.com
To unsubscribe send a blank email to %%email.unsub%%

In addition you can add -n to the command line of windbg to get noisy
symbol loading. Helps in dianosing symbol problems.

You also should check out using the internet symbol server to get the OS
symbols.

-----Original Message-----
From: Gary Little [mailto:xxxxx@Broadstor.com]
Sent: Monday, February 25, 2002 5:16 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: Breaking on my driver.

First, make sure you are using the version 4.00.0018 of WinDbg. You can
download it from

http://www.microsoft.com/ddk/debugging

Second, be sure that your drivers PDB file is in the symbol path. If
needed do a !reload.

Gary G. Little
Broadband Storage, Inc.
xxxxx@broadstor.com
xxxxx@inland.net

-----Original Message-----
From: Mike Malgin [mailto:xxxxx@yahoo.com]
Sent: Monday, February 25, 2002 5:05 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: Breaking on my driver.

Hi,

Thanks for the help.

I tried what you previously suggested, i
n windbg I did the following :
kd> bu MySerialDrv!DriverEntry.
kd> bl
0 eu 0001 (0001) (MySerialDrv!DriverEntry)
kd> g

Now, I manually started the driver on the target
machine, the windbg was indeed break on a bp, but
it doesn’t look like it break on the right one,
the below is the line which appear after I run my
driver

nt!MiRemoveUnusedSegments+7d7:
80459081 cc int 3

some more asm…
After some “F10” clicks I saw my driver debug output.

I have another problem, I get some warnings
about some wrong symbols version
“*** WARNING: symbols timestamp is wrong 0x384d9b17
0x384d4cfd for ntoskrnl.exe”
Maybe someone can pour some light on this issue
as well ?

Thanks,
-Mike.

— Gary Little wrote:
> Start WinDbg, break into the system, and then enter
> “bu
> yourDriver!DriverEntry”. Start your driver.
>
> If you want to catch it during system boot, then use
> Ctl+Alt+K in WinDbg to
> enter WinDbg early in the boot process and set the
> breakpoint as stated.
>
> Gary G. Little
> Broadband Storage, Inc.
> xxxxx@broadstor.com
> xxxxx@inland.net
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of Mike Malgin
> Sent: Monday, February 25, 2002 11:55 AM
> To: Kernel Debugging Interest List
> Subject: [windbg] Breaking on my driver.
>
> Hi,
>
> I’m new to WinDBG and I would like to know
> if someone can tell me how can I load my driver
> and set bp on one of my function( e.g, DriverEntry
> etc.) ?
>
> Regards,
> -Mike.
>
>
> Do You Yahoo!?
> Yahoo! Sports - Coverage of the 2002 Olympic Games
> http://sports.yahoo.com
>
> —
> You are currently subscribed to windbg as:
> xxxxx@inland.net
> To unsubscribe send a blank email to %%email.unsub%%
>
> —
> You are currently subscribed to windbg as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
%%email.unsub%%


Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com


You are currently subscribed to windbg as: xxxxx@broadstor.com To
unsubscribe send a blank email to %%email.unsub%%


You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%

Hi,

The kernel symbol seems to work when I use the
microsoft symbol server.

I still have one problem when breaking on my
DriverEntry, it now looks like it break correctly
but I still see asm listing, I also
loaded the PDB file (checked build) of the
driver (by using CTRL+S or .sympath pdbpath).

BTW, is it possible to make windbg to save the config
or do I have to insert the config on every debugging

session ?

Thanks!
Mike.
— Gary Little wrote:
> First, make sure you are using the version 4.00.0018
> of WinDbg. You can
> download it from
>
> http://www.microsoft.com/ddk/debugging
>
> Second, be sure that your drivers PDB file is in the
> symbol path. If needed
> do a !reload.
>
> Gary G. Little
> Broadband Storage, Inc.
> xxxxx@broadstor.com
> xxxxx@inland.net
>
> -----Original Message-----
> From: Mike Malgin [mailto:xxxxx@yahoo.com]
> Sent: Monday, February 25, 2002 5:05 PM
> To: Kernel Debugging Interest List
> Subject: [windbg] RE: Breaking on my driver.
>
> Hi,
>
> Thanks for the help.
>
> I tried what you previously suggested, i
> n windbg I did the following :
> kd> bu MySerialDrv!DriverEntry.
> kd> bl
> 0 eu 0001 (0001)
> (MySerialDrv!DriverEntry)
> kd> g
>
> Now, I manually started the driver on the target
> machine, the windbg was indeed break on a bp, but
> it doesn’t look like it break on the right one,
> the below is the line which appear after I run my
> driver
>
> nt!MiRemoveUnusedSegments+7d7:
> 80459081 cc int 3
> …
> some more asm…
> After some “F10” clicks I saw my driver debug
> output.
>
> I have another problem, I get some warnings
> about some wrong symbols version
> “*** WARNING: symbols timestamp is wrong 0x384d9b17
>
> 0x384d4cfd for ntoskrnl.exe”
> Maybe someone can pour some light on this issue
> as well ?
>
> Thanks,
> -Mike.
>
> — Gary Little wrote:
> > Start WinDbg, break into the system, and then
> enter
> > “bu
> > yourDriver!DriverEntry”. Start your driver.
> >
> > If you want to catch it during system boot, then
> use
> > Ctl+Alt+K in WinDbg to
> > enter WinDbg early in the boot process and set the
> > breakpoint as stated.
> >
> > Gary G. Little
> > Broadband Storage, Inc.
> > xxxxx@broadstor.com
> > xxxxx@inland.net
> >
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com]On Behalf
> > Of Mike Malgin
> > Sent: Monday, February 25, 2002 11:55 AM
> > To: Kernel Debugging Interest List
> > Subject: [windbg] Breaking on my driver.
> >
> > Hi,
> >
> > I’m new to WinDBG and I would like to know
> > if someone can tell me how can I load my driver
> > and set bp on one of my function( e.g,
> DriverEntry
> > etc.) ?
> >
> > Regards,
> > -Mike.
> >
> >
> > Do You Yahoo!?
> > Yahoo! Sports - Coverage of the 2002 Olympic Games
> > http://sports.yahoo.com
> >
> > —
> > You are currently subscribed to windbg as:
> > xxxxx@inland.net
> > To unsubscribe send a blank email to
> %%email.unsub%%
> >
> > —
> > You are currently subscribed to windbg as:
> > xxxxx@yahoo.com
> > To unsubscribe send a blank email to
> %%email.unsub%%
>
>
>

> Do You Yahoo!?
> Yahoo! Sports - Coverage of the 2002 Olympic Games
> http://sports.yahoo.com
>
> —
> You are currently subscribed to windbg as:
> xxxxx@broadstor.com
> To unsubscribe send a blank email to %%email.unsub%%
>
> —
> You are currently subscribed to windbg as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
%%email.unsub%%

__________________________________________________
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com

Save the workspace.

Ctl+s does not necessarily load the symbols. You may need to do a !reload to
fetch the symbols from the path you specified.

Gary G. Little
Broadband Storage, Inc.
xxxxx@broadstor.com
xxxxx@inland.net

-----Original Message-----
From: Mike Malgin [mailto:xxxxx@yahoo.com]
Sent: Tuesday, February 26, 2002 11:24 AM
To: Kernel Debugging Interest List
Subject: [windbg] RE: Breaking on my driver.

Hi,

The kernel symbol seems to work when I use the
microsoft symbol server.

I still have one problem when breaking on my
DriverEntry, it now looks like it break correctly
but I still see asm listing, I also
loaded the PDB file (checked build) of the
driver (by using CTRL+S or .sympath pdbpath).

BTW, is it possible to make windbg to save the config
or do I have to insert the config on every debugging

session ?

Thanks!
Mike.
— Gary Little wrote:
> First, make sure you are using the version 4.00.0018
> of WinDbg. You can
> download it from
>
> http://www.microsoft.com/ddk/debugging
>
> Second, be sure that your drivers PDB file is in the
> symbol path. If needed
> do a !reload.
>
> Gary G. Little
> Broadband Storage, Inc.
> xxxxx@broadstor.com
> xxxxx@inland.net
>
> -----Original Message-----
> From: Mike Malgin [mailto:xxxxx@yahoo.com]
> Sent: Monday, February 25, 2002 5:05 PM
> To: Kernel Debugging Interest List
> Subject: [windbg] RE: Breaking on my driver.
>
> Hi,
>
> Thanks for the help.
>
> I tried what you previously suggested, i
> n windbg I did the following :
> kd> bu MySerialDrv!DriverEntry.
> kd> bl
> 0 eu 0001 (0001)
> (MySerialDrv!DriverEntry)
> kd> g
>
> Now, I manually started the driver on the target
> machine, the windbg was indeed break on a bp, but
> it doesn’t look like it break on the right one,
> the below is the line which appear after I run my
> driver
>
> nt!MiRemoveUnusedSegments+7d7:
> 80459081 cc int 3
> …
> some more asm…
> After some “F10” clicks I saw my driver debug
> output.
>
> I have another problem, I get some warnings
> about some wrong symbols version
> “*** WARNING: symbols timestamp is wrong 0x384d9b17
>
> 0x384d4cfd for ntoskrnl.exe”
> Maybe someone can pour some light on this issue
> as well ?
>
> Thanks,
> -Mike.
>
> — Gary Little wrote:
> > Start WinDbg, break into the system, and then
> enter
> > “bu
> > yourDriver!DriverEntry”. Start your driver.
> >
> > If you want to catch it during system boot, then
> use
> > Ctl+Alt+K in WinDbg to
> > enter WinDbg early in the boot process and set the
> > breakpoint as stated.
> >
> > Gary G. Little
> > Broadband Storage, Inc.
> > xxxxx@broadstor.com
> > xxxxx@inland.net
> >
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com]On Behalf
> > Of Mike Malgin
> > Sent: Monday, February 25, 2002 11:55 AM
> > To: Kernel Debugging Interest List
> > Subject: [windbg] Breaking on my driver.
> >
> > Hi,
> >
> > I’m new to WinDBG and I would like to know
> > if someone can tell me how can I load my driver
> > and set bp on one of my function( e.g,
> DriverEntry
> > etc.) ?
> >
> > Regards,
> > -Mike.
> >
> >
> > Do You Yahoo!?
> > Yahoo! Sports - Coverage of the 2002 Olympic Games
> > http://sports.yahoo.com
> >
> > —
> > You are currently subscribed to windbg as:
> > xxxxx@inland.net
> > To unsubscribe send a blank email to
> %%email.unsub%%
> >
> > —
> > You are currently subscribed to windbg as:
> > xxxxx@yahoo.com
> > To unsubscribe send a blank email to
> %%email.unsub%%
>
>
>

> Do You Yahoo!?
> Yahoo! Sports - Coverage of the 2002 Olympic Games
> http://sports.yahoo.com
>
> —
> You are currently subscribed to windbg as:
> xxxxx@broadstor.com
> To unsubscribe send a blank email to %%email.unsub%%
>
> —
> You are currently subscribed to windbg as:
> xxxxx@yahoo.com
> To unsubscribe send a blank email to
%%email.unsub%%

__________________________________________________
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com


You are currently subscribed to windbg as: xxxxx@broadstor.com
To unsubscribe send a blank email to %%email.unsub%%

You should check out the:
Debugging in Source Mode
section of the help file. Also check out the section on Symbols… Many
of the questions you have are answered in the help file. As far as the
source-level debugging, you probably don’t have your source path setup
correctly.

As for the configuration, you should be able to save the configuration
(after you set it up) as a “workspace” by choosing the “Save Workspace”
or “Save Workspace As” options under the File menu. Then you can just
load the workspace when WinDBG starts. You can also have the workspace
loaded automatically by creating a shortcut to windbg and adding the
“-Wworkspacename” parameter to the command line.

sean

Mike Malgin wrote:

Hi,

The kernel symbol seems to work when I use the
microsoft symbol server.

I still have one problem when breaking on my
DriverEntry, it now looks like it break correctly
but I still see asm listing, I also
loaded the PDB file (checked build) of the
driver (by using CTRL+S or .sympath pdbpath).

BTW, is it possible to make windbg to save the config
or do I have to insert the config on every debugging

session ?

Thanks!
Mike.
— Gary Little wrote:
>
>>First, make sure you are using the version 4.00.0018
>>of WinDbg. You can
>>download it from
>>
>>http://www.microsoft.com/ddk/debugging
>>
>>Second, be sure that your drivers PDB file is in the
>>symbol path. If needed
>>do a !reload.
>>
>>Gary G. Little
>>Broadband Storage, Inc.
>>xxxxx@broadstor.com
>>xxxxx@inland.net
>>
>>-----Original Message-----
>>From: Mike Malgin [mailto:xxxxx@yahoo.com]
>>Sent: Monday, February 25, 2002 5:05 PM
>>To: Kernel Debugging Interest List
>>Subject: [windbg] RE: Breaking on my driver.
>>
>>Hi,
>>
>> Thanks for the help.
>>
>> I tried what you previously suggested, i
>> n windbg I did the following :
>> kd> bu MySerialDrv!DriverEntry.
>> kd> bl
>> 0 eu 0001 (0001)
>>(MySerialDrv!DriverEntry)
>> kd> g
>>
>> Now, I manually started the driver on the target
>> machine, the windbg was indeed break on a bp, but
>> it doesn’t look like it break on the right one,
>> the below is the line which appear after I run my
>> driver
>>
>> nt!MiRemoveUnusedSegments+7d7:
>> 80459081 cc int 3
>> …
>> some more asm…
>> After some “F10” clicks I saw my driver debug
>>output.
>>
>> I have another problem, I get some warnings
>> about some wrong symbols version
>> “*** WARNING: symbols timestamp is wrong 0x384d9b17
>>
>> 0x384d4cfd for ntoskrnl.exe”
>> Maybe someone can pour some light on this issue
>> as well ?
>>
>>Thanks,
>>-Mike.
>>
>>— Gary Little wrote:
>>
>>>Start WinDbg, break into the system, and then
>>>
>>enter
>>
>>>“bu
>>>yourDriver!DriverEntry”. Start your driver.
>>>
>>>If you want to catch it during system boot, then
>>>
>>use
>>
>>>Ctl+Alt+K in WinDbg to
>>>enter WinDbg early in the boot process and set the
>>>breakpoint as stated.
>>>
>>>Gary G. Little
>>>Broadband Storage, Inc.
>>>xxxxx@broadstor.com
>>>xxxxx@inland.net
>>>
>>>-----Original Message-----
>>>From: xxxxx@lists.osr.com
>>>[mailto:xxxxx@lists.osr.com]On Behalf
>>>Of Mike Malgin
>>>Sent: Monday, February 25, 2002 11:55 AM
>>>To: Kernel Debugging Interest List
>>>Subject: [windbg] Breaking on my driver.
>>>
>>>Hi,
>>>
>>> I’m new to WinDBG and I would like to know
>>> if someone can tell me how can I load my driver
>>> and set bp on one of my function( e.g,
>>>
>>DriverEntry
>>
>>> etc.) ?
>>>
>>>Regards,
>>>-Mike.
>>>
>>>
>>>Do You Yahoo!?
>>>Yahoo! Sports - Coverage of the 2002 Olympic Games
>>>http://sports.yahoo.com
>>>
>>>—
>>>You are currently subscribed to windbg as:
>>>xxxxx@inland.net
>>>To unsubscribe send a blank email to
>>>
>>%%email.unsub%%
>>
>>>—
>>>You are currently subscribed to windbg as:
>>>xxxxx@yahoo.com
>>>To unsubscribe send a blank email to
>>>
>>%%email.unsub%%
>>
>>
>>

>>Do You Yahoo!?
>>Yahoo! Sports - Coverage of the 2002 Olympic Games
>>http://sports.yahoo.com
>>
>>—
>>You are currently subscribed to windbg as:
>>xxxxx@broadstor.com
>>To unsubscribe send a blank email to %%email.unsub%%
>>
>>—
>>You are currently subscribed to windbg as:
>>xxxxx@yahoo.com
>>To unsubscribe send a blank email to
>>
>%%email.unsub%%
>
>
> __________________________________________________
>Do You Yahoo!?
>Yahoo! Sports - Coverage of the 2002 Olympic Games
>http://sports.yahoo.com
>
>—
>You are currently subscribed to windbg as: xxxxx@stg.com
>To unsubscribe send a blank email to %%email.unsub%%
>

Hello,

Well, you’re right, most of the info appear on the
help file.
The problem is that I read and then DO as the help
file describe but it doesn’t work.

I set the pdb path, the source path, did “!reload”
(several times!)
set a break point using “bu SerialDrv!DriverEntry”
then I press “g”, break on the DriverEntry
of the SerialDrv, but I still see ASM listing.
A good sign (I think) is when I do
kd> bl
0 e [e:\projects\SerialDrv\main.c @ 1099] 0001
(0001) SerialDrv!DriverEntry

I also tried to look at “locals window” which shows
my DRIVER_OBJECT, reg path info.
(same results appear also when tring to break on
other routines)

I also checked the mode of WinDbg which is on "source

mode on" the “.sympath” and “.srcpath” also seems to
return the right path.

Thanks,
Mike.

— Sean Bullington wrote:
> You should check out the:
> Debugging in Source Mode
> section of the help file. Also check out the section
> on Symbols… Many
> of the questions you have are answered in the help
> file. As far as the
> source-level debugging, you probably don’t have your
> source path setup
> correctly.
>
> As for the configuration, you should be able to save
> the configuration
> (after you set it up) as a “workspace” by choosing
> the “Save Workspace”
> or “Save Workspace As” options under the File menu.
> Then you can just
> load the workspace when WinDBG starts. You can also
> have the workspace
> loaded automatically by creating a shortcut to
> windbg and adding the
> “-Wworkspacename” parameter to the command line.
>
> sean
>
> Mike Malgin wrote:
>
> >Hi,
> >
> > The kernel symbol seems to work when I use the
> > microsoft symbol server.
> >
> > I still have one problem when breaking on my
> > DriverEntry, it now looks like it break correctly
> > but I still see asm listing, I also
> > loaded the PDB file (checked build) of the
> > driver (by using CTRL+S or .sympath pdbpath).
> >
> > BTW, is it possible to make windbg to save the
> config
> > or do I have to insert the config on every
> debugging
> >
> > session ?
> >
> >Thanks!
> >Mike.
> >— Gary Little wrote:
> >
> >>First, make sure you are using the version
> 4.00.0018
> >>of WinDbg. You can
> >>download it from
> >>
> >>http://www.microsoft.com/ddk/debugging
> >>
> >>Second, be sure that your drivers PDB file is in
> the
> >>symbol path. If needed
> >>do a !reload.
> >>
> >>Gary G. Little
> >>Broadband Storage, Inc.
> >>xxxxx@broadstor.com
> >>xxxxx@inland.net
> >>
> >>-----Original Message-----
> >>From: Mike Malgin [mailto:xxxxx@yahoo.com]
> >>Sent: Monday, February 25, 2002 5:05 PM
> >>To: Kernel Debugging Interest List
> >>Subject: [windbg] RE: Breaking on my driver.
> >>
> >>Hi,
> >>
> >> Thanks for the help.
> >>
> >> I tried what you previously suggested, i
> >> n windbg I did the following :
> >> kd> bu MySerialDrv!DriverEntry.
> >> kd> bl
> >> 0 eu 0001 (0001)
> >>(MySerialDrv!DriverEntry)
> >> kd> g
> >>
> >> Now, I manually started the driver on the target
> >> machine, the windbg was indeed break on a bp, but
> >> it doesn’t look like it break on the right one,
> >> the below is the line which appear after I run my
> >> driver
> >>
> >> nt!MiRemoveUnusedSegments+7d7:
> >> 80459081 cc int 3
> >> …
> >> some more asm…
> >> After some “F10” clicks I saw my driver debug
> >>output.
> >>
> >> I have another problem, I get some warnings
> >> about some wrong symbols version
> >> “*** WARNING: symbols timestamp is wrong
> 0x384d9b17
> >>
> >> 0x384d4cfd for ntoskrnl.exe”
> >> Maybe someone can pour some light on this issue
> >> as well ?
> >>
> >>Thanks,
> >>-Mike.
> >>
> >>— Gary Little wrote:
> >>
> >>>Start WinDbg, break into the system, and then
> >>>
> >>enter
> >>
> >>>“bu
> >>>yourDriver!DriverEntry”. Start your driver.
> >>>
> >>>If you want to catch it during system boot, then
> >>>
> >>use
> >>
> >>>Ctl+Alt+K in WinDbg to
> >>>enter WinDbg early in the boot process and set
> the
> >>>breakpoint as stated.
> >>>
> >>>Gary G. Little
> >>>Broadband Storage, Inc.
> >>>xxxxx@broadstor.com
> >>>xxxxx@inland.net
> >>>
> >>>-----Original Message-----
> >>>From: xxxxx@lists.osr.com
> >>>[mailto:xxxxx@lists.osr.com]On
> Behalf
> >>>Of Mike Malgin
> >>>Sent: Monday, February 25, 2002 11:55 AM
> >>>To: Kernel Debugging Interest List
> >>>Subject: [windbg] Breaking on my driver.
> >>>
> >>>Hi,
> >>>
> >>> I’m new to WinDBG and I would like to know
> >>> if someone can tell me how can I load my driver
> >>> and set bp on one of my function( e.g,
> >>>
> >>DriverEntry
> >>
> >>> etc.) ?
> >>>
> >>>Regards,
> >>>-Mike.
> >>>
>
>>>
> >>>Do You Yahoo!?
> >>>Yahoo! Sports - Coverage of the 2002 Olympic
> Games
> >>>http://sports.yahoo.com
> >>>
> >>>—
> >>>You are currently subscribed to windbg as:
> >>>xxxxx@inland.net
> >>>To unsubscribe send a blank email to
> >>>
> >>%%email.unsub%%
> >>
> >>>—
> >>>You are currently subscribed to windbg as:
> >>>xxxxx@yahoo.com
> >>>To unsubscribe send a blank email to
> >>>
> >>%%email.unsub%%
> >>
> >>
> >>

> >>Do You Yahoo!?
> >>Yahoo! Sports - Coverage of the 2002 Olympic Games
> >>http://sports.yahoo.com
> >>
> >>—
> >>You are currently subscribed to windbg as:
> >>xxxxx@broadstor.com
> >>To unsubscribe send a blank email to
> %%email.unsub%%
> >>
> >>—
> >>You are currently subscribed to windbg as:
> >>xxxxx@yahoo.com
> >>To unsubscribe send a blank email to
> >>
> >%%email.unsub%%
> >
> >
> >
> >Do You Yahoo!?
> >Yahoo! Sports - Coverage of the 2002 Olympic Games
> >http://sports.yahoo.com
> >
> >—
> >You are currently subscribed to windbg as:
> xxxxx@stg.com
>
=== message truncated ===


Do You Yahoo!?
Yahoo! Greetings - Send FREE e-cards for every occasion!
http://greetings.yahoo.com

Sounds like your symbols are correct.

Does .srcpath point to the tree where your sources are. i.e. if your
sources are in e:\projects is that what you have?

One note, if you are connecting to a remote debugger then you need to
use .lsrcpath instead of .srcpath.

-----Original Message-----
From: Mike Malgin [mailto:xxxxx@yahoo.com]
Sent: Tuesday, February 26, 2002 1:53 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: Breaking on my driver.

Hello,

Well, you’re right, most of the info appear on the
help file.
The problem is that I read and then DO as the help
file describe but it doesn’t work.

I set the pdb path, the source path, did “!reload”
(several times!)
set a break point using “bu SerialDrv!DriverEntry”
then I press “g”, break on the DriverEntry
of the SerialDrv, but I still see ASM listing.
A good sign (I think) is when I do
kd> bl
0 e [e:\projects\SerialDrv\main.c @ 1099] 0001
(0001) SerialDrv!DriverEntry

I also tried to look at “locals window” which shows
my DRIVER_OBJECT, reg path info.
(same results appear also when tring to break on
other routines)

I also checked the mode of WinDbg which is on "source

mode on" the “.sympath” and “.srcpath” also seems to
return the right path.

Thanks,
Mike.

— Sean Bullington wrote:
> You should check out the:
> Debugging in Source Mode
> section of the help file. Also check out the section
> on Symbols… Many
> of the questions you have are answered in the help
> file. As far as the
> source-level debugging, you probably don’t have your
> source path setup
> correctly.
>
> As for the configuration, you should be able to save
> the configuration
> (after you set it up) as a “workspace” by choosing
> the “Save Workspace”
> or “Save Workspace As” options under the File menu.
> Then you can just
> load the workspace when WinDBG starts. You can also
> have the workspace
> loaded automatically by creating a shortcut to
> windbg and adding the
> “-Wworkspacename” parameter to the command line.
>
> sean
>
> Mike Malgin wrote:
>
> >Hi,
> >
> > The kernel symbol seems to work when I use the
> > microsoft symbol server.
> >
> > I still have one problem when breaking on my
> > DriverEntry, it now looks like it break correctly
> > but I still see asm listing, I also
> > loaded the PDB file (checked build) of the
> > driver (by using CTRL+S or .sympath pdbpath).
> >
> > BTW, is it possible to make windbg to save the
> config
> > or do I have to insert the config on every
> debugging
> >
> > session ?
> >
> >Thanks!
> >Mike.
> >— Gary Little wrote:
> >
> >>First, make sure you are using the version
> 4.00.0018
> >>of WinDbg. You can
> >>download it from
> >>
> >>http://www.microsoft.com/ddk/debugging
> >>
> >>Second, be sure that your drivers PDB file is in
> the
> >>symbol path. If needed
> >>do a !reload.
> >>
> >>Gary G. Little
> >>Broadband Storage, Inc.
> >>xxxxx@broadstor.com
> >>xxxxx@inland.net
> >>
> >>-----Original Message-----
> >>From: Mike Malgin [mailto:xxxxx@yahoo.com]
> >>Sent: Monday, February 25, 2002 5:05 PM
> >>To: Kernel Debugging Interest List
> >>Subject: [windbg] RE: Breaking on my driver.
> >>
> >>Hi,
> >>
> >> Thanks for the help.
> >>
> >> I tried what you previously suggested, i
> >> n windbg I did the following :
> >> kd> bu MySerialDrv!DriverEntry.
> >> kd> bl
> >> 0 eu 0001 (0001)
> >>(MySerialDrv!DriverEntry)
> >> kd> g
> >>
> >> Now, I manually started the driver on the target
> >> machine, the windbg was indeed break on a bp, but
> >> it doesn’t look like it break on the right one,
> >> the below is the line which appear after I run my
> >> driver
> >>
> >> nt!MiRemoveUnusedSegments+7d7:
> >> 80459081 cc int 3
> >> …
> >> some more asm…
> >> After some “F10” clicks I saw my driver debug
> >>output.
> >>
> >> I have another problem, I get some warnings
> >> about some wrong symbols version
> >> “*** WARNING: symbols timestamp is wrong
> 0x384d9b17
> >>
> >> 0x384d4cfd for ntoskrnl.exe”
> >> Maybe someone can pour some light on this issue
> >> as well ?
> >>
> >>Thanks,
> >>-Mike.
> >>
> >>— Gary Little wrote:
> >>
> >>>Start WinDbg, break into the system, and then
> >>>
> >>enter
> >>
> >>>“bu
> >>>yourDriver!DriverEntry”. Start your driver.
> >>>
> >>>If you want to catch it during system boot, then
> >>>
> >>use
> >>
> >>>Ctl+Alt+K in WinDbg to
> >>>enter WinDbg early in the boot process and set
> the
> >>>breakpoint as stated.
> >>>
> >>>Gary G. Little
> >>>Broadband Storage, Inc.
> >>>xxxxx@broadstor.com
> >>>xxxxx@inland.net
> >>>
> >>>-----Original Message-----
> >>>From: xxxxx@lists.osr.com
> >>>[mailto:xxxxx@lists.osr.com]On
> Behalf
> >>>Of Mike Malgin
> >>>Sent: Monday, February 25, 2002 11:55 AM
> >>>To: Kernel Debugging Interest List
> >>>Subject: [windbg] Breaking on my driver.
> >>>
> >>>Hi,
> >>>
> >>> I’m new to WinDBG and I would like to know
> >>> if someone can tell me how can I load my driver
> >>> and set bp on one of my function( e.g,
> >>>
> >>DriverEntry
> >>
> >>> etc.) ?
> >>>
> >>>Regards,
> >>>-Mike.
> >>>
>
>>>
> >>>Do You Yahoo!?
> >>>Yahoo! Sports - Coverage of the 2002 Olympic
> Games
> >>>http://sports.yahoo.com
> >>>
> >>>—
> >>>You are currently subscribed to windbg as: xxxxx@inland.net
> >>>To unsubscribe send a blank email to
> >>>
> >>%%email.unsub%%
> >>
> >>>—
> >>>You are currently subscribed to windbg as: xxxxx@yahoo.com
> >>>To unsubscribe send a blank email to
> >>>
> >>%%email.unsub%%
> >>
> >>
> >>

> >>Do You Yahoo!?
> >>Yahoo! Sports - Coverage of the 2002 Olympic Games
> >>http://sports.yahoo.com
> >>
> >>—
> >>You are currently subscribed to windbg as: xxxxx@broadstor.com
> >>To unsubscribe send a blank email to
> %%email.unsub%%
> >>
> >>—
> >>You are currently subscribed to windbg as: xxxxx@yahoo.com
> >>To unsubscribe send a blank email to
> >>
> >%%email.unsub%%
> >
> >
> >
> >Do You Yahoo!?
> >Yahoo! Sports - Coverage of the 2002 Olympic Games
> >http://sports.yahoo.com
> >
> >—
> >You are currently subscribed to windbg as:
> xxxxx@stg.com
>
=== message truncated ===


Do You Yahoo!?
Yahoo! Greetings - Send FREE e-cards for every occasion!
http://greetings.yahoo.com


You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%

Hi,

I turned on noisy mode, which gave me the following
output, as far as I understand it looks like
it has some problem with the time stamp, I don’t know

what cause this problem because I rebuilt the
project, copied the driver to the target system and
then started its execution.

kd> .reload
Connected to Windows 2000 2195 x86 compatible target,
ptr64 FALSE
DBGHELP: ntoskrnl.exe is stripped. Searching for dbg
file.
SYMSRV:
c:\websymbols\ntoskrnl.dbg\384D9B17190900\ntoskrnl.dbg

  • OK.
    DBGHELP:
    c:\websymbols\ntoskrnl.dbg\384D9B17190900\ntoskrnl.dbg
  • OK.
    SYMSRV:
    c:\websymbols\ntoskrnl.pdb\38237D2054\ntoskrnl.pdb -
    OK.
    DBGHELP:
    c:\websymbols\ntoskrnl.pdb\38237D2054\ntoskrnl.pdb -
    opened.
    DBGHELP: nt - public symbols -
    c:\websymbols\ntoskrnl.pdb\38237D2054\ntoskrnl.pdb.
    Loading Kernel Symbols
    …DBGHELP:
    SERIALDRV.SYS missing debug info. Searching for pdb
    anyway.
    DBGHELP: Can’t use symbol server for SERIALDRV.pdb -
    no header information available.
    DBGHELP:
    e:\projects\serial\objchk\i386\symbols\SYS\SERIALDRV.pdb
  • file not found.
    DBGHELP:
    e:\projects\serial\objchk\i386\SYS\SERIALDRV.SYS.pdb -
    file not found.
    DBGHELP: e:\projects\serial\objchk\i386\SERIALDRV.pdb
  • unknown pdb sig opened.
    DBGHELP: C:\Program Files\Debugging Tools for
    Windows\SERIALDRV.SYS - file not found.
    DBGHELP: e:\projects\serial\objchk\i386\SERIALDRV.sys
  • mismatched timestamp
    DBGHELP: SERIALDRV.SYS not found in
    e:\projects\serial\objchk\i386.
    DBGHELP: SERIALDRV - private symbols -
    e:\projects\serial\objchk\i386\SERIALDRV.pdb.

Loading unloaded module list
No unloaded module list present
Loading User Symbols
PEB address is NULL !

Thanks!
Mike.
— Mike Malgin wrote:
> Hello,
>
> Well, you’re right, most of the info appear on the
> help file.
> The problem is that I read and then DO as the help
> file describe but it doesn’t work.
>
> I set the pdb path, the source path, did “!reload”
> (several times!)
> set a break point using “bu SerialDrv!DriverEntry”
> then I press “g”, break on the DriverEntry
> of the SerialDrv, but I still see ASM listing.
> A good sign (I think) is when I do
> kd> bl
> 0 e [e:\projects\SerialDrv\main.c @ 1099] 0001
> (0001) SerialDrv!DriverEntry
>
> I also tried to look at “locals window” which shows
> my DRIVER_OBJECT, reg path info.
> (same results appear also when tring to break on
> other routines)
>
> I also checked the mode of WinDbg which is on
> “source
>
> mode on” the “.sympath” and “.srcpath” also seems to
> return the right path.
>
> Thanks,
> Mike.
>
>
>
> — Sean Bullington wrote:
> > You should check out the:
> > Debugging in Source Mode
> > section of the help file. Also check out the
> section
> > on Symbols… Many
> > of the questions you have are answered in the help
> > file. As far as the
> > source-level debugging, you probably don’t have
> your
> > source path setup
> > correctly.
> >
> > As for the configuration, you should be able to
> save
> > the configuration
> > (after you set it up) as a “workspace” by choosing
> > the “Save Workspace”
> > or “Save Workspace As” options under the File
> menu.
> > Then you can just
> > load the workspace when WinDBG starts. You can
> also
> > have the workspace
> > loaded automatically by creating a shortcut to
> > windbg and adding the
> > “-Wworkspacename” parameter to the command line.
> >
> > sean
> >
> > Mike Malgin wrote:
> >
> > >Hi,
> > >
> > > The kernel symbol seems to work when I use the
> > > microsoft symbol server.
> > >
> > > I still have one problem when breaking on my
> > > DriverEntry, it now looks like it break
> correctly
> > > but I still see asm listing, I also
> > > loaded the PDB file (checked build) of the
> > > driver (by using CTRL+S or .sympath pdbpath).
> > >
> > > BTW, is it possible to make windbg to save the
> > config
> > > or do I have to insert the config on every
> > debugging
> > >
> > > session ?
> > >
> > >Thanks!
> > >Mike.
> > >— Gary Little wrote:
> > >
> > >>First, make sure you are using the version
> > 4.00.0018
> > >>of WinDbg. You can
> > >>download it from
> > >>
> > >>http://www.microsoft.com/ddk/debugging
> > >>
> > >>Second, be sure that your drivers PDB file is in
> > the
> > >>symbol path. If needed
> > >>do a !reload.
> > >>
> > >>Gary G. Little
> > >>Broadband Storage, Inc.
> > >>xxxxx@broadstor.com
> > >>xxxxx@inland.net
> > >>
> > >>-----Original Message-----
> > >>From: Mike Malgin [mailto:xxxxx@yahoo.com]
> > >>Sent: Monday, February 25, 2002 5:05 PM
> > >>To: Kernel Debugging Interest List
> > >>Subject: [windbg] RE: Breaking on my driver.
> > >>
> > >>Hi,
> > >>
> > >> Thanks for the help.
> > >>
> > >> I tried what you previously suggested, i
> > >> n windbg I did the following :
> > >> kd> bu MySerialDrv!DriverEntry.
> > >> kd> bl
> > >> 0 eu 0001 (0001)
> > >>(MySerialDrv!DriverEntry)
> > >> kd> g
> > >>
> > >> Now, I manually started the driver on the
> target
> > >> machine, the windbg was indeed break on a bp,
> but
> > >> it doesn’t look like it break on the right one,
> > >> the below is the line which appear after I run
> my
> > >> driver
> > >>
> > >> nt!MiRemoveUnusedSegments+7d7:
> > >> 80459081 cc int 3
> > >> …
> > >> some more asm…
> > >> After some “F10” clicks I saw my driver debug
> > >>output.
> > >>
> > >> I have another problem, I get some warnings
> > >> about some wrong symbols version
> > >> “*** WARNING: symbols timestamp is wrong
> > 0x384d9b17
> > >>
> > >> 0x384d4cfd for ntoskrnl.exe”
> > >> Maybe someone can pour some light on this issue
> > >> as well ?
> > >>
> > >>Thanks,
> > >>-Mike.
> > >>
> > >>— Gary Little wrote:
> > >>
> > >>>Start WinDbg, break into the system, and then
> > >>>
> > >>enter
> > >>
> > >>>“bu
> > >>>yourDriver!DriverEntry”. Start your driver.
> > >>>
> > >>>If you want to catch it during system boot,
> then
> > >>>
> > >>use
> > >>
> > >>>Ctl+Alt+K in WinDbg to
> > >>>enter WinDbg early in the boot process and set
> > the
> > >>>breakpoint as stated.
> > >>>
> > >>>Gary G. Little
> > >>>Broadband Storage, Inc.
> > >>>xxxxx@broadstor.com
> > >>>xxxxx@inland.net
> > >>>
> > >>>-----Original Message-----
> > >>>From: xxxxx@lists.osr.com
> > >>>[mailto:xxxxx@lists.osr.com]On
> > Behalf
> > >>>Of Mike Malgin
> > >>>Sent: Monday, February 25, 2002 11:55 AM
> > >>>To: Kernel Debugging Interest List
> > >>>Subject: [windbg] Breaking on my driver.
> > >>>
> > >>>Hi,
> > >>>
> > >>> I’m new to WinDBG and I would like to know
> > >>> if someone can tell me how can I load my
> driver
> > >>> and set bp on one of my function( e.g,
> > >>>
> > >>DriverEntry
> > >>
> > >>> etc.) ?
> > >>>
> > >>>Regards,
> > >>>-Mike.
> > >>>
> >
>
>>>
> > >>>Do You Yahoo!?
>
=== message truncated ===


Do You Yahoo!?
Yahoo! Greetings - Send FREE e-cards for every occasion!
http://greetings.yahoo.com

Hi Nathan,

No, my .srcpath point directly to the directory
where my sources are, to wit,
.srcpath=e:\projects\serial, were all the sources
are under the serial directory
(i.e., “e:\projects\serial\XXX.c/h” )

Thanks!
Mike.

— Nathan Nesbit
wrote:
> Sounds like your symbols are correct.
>
> Does .srcpath point to the tree where your sources
> are. i.e. if your
> sources are in e:\projects is that what you have?
>
> One note, if you are connecting to a remote debugger
> then you need to
> use .lsrcpath instead of .srcpath.
>
> -----Original Message-----
> From: Mike Malgin [mailto:xxxxx@yahoo.com]
> Sent: Tuesday, February 26, 2002 1:53 PM
> To: Kernel Debugging Interest List
> Subject: [windbg] RE: Breaking on my driver.
>
>
> Hello,
>
> Well, you’re right, most of the info appear on the
> help file.
> The problem is that I read and then DO as the help
> file describe but it doesn’t work.
>
> I set the pdb path, the source path, did “!reload”
> (several times!)
> set a break point using “bu SerialDrv!DriverEntry”
> then I press “g”, break on the DriverEntry
> of the SerialDrv, but I still see ASM listing.
> A good sign (I think) is when I do
> kd> bl
> 0 e [e:\projects\SerialDrv\main.c @ 1099] 0001
> (0001) SerialDrv!DriverEntry
>
> I also tried to look at “locals window” which shows
> my DRIVER_OBJECT, reg path info.
> (same results appear also when tring to break on
> other routines)
>
> I also checked the mode of WinDbg which is on
> “source
>
> mode on” the “.sympath” and “.srcpath” also seems to
> return the right path.
>
> Thanks,
> Mike.
>
>
>
> — Sean Bullington wrote:
> > You should check out the:
> > Debugging in Source Mode
> > section of the help file. Also check out the
> section
> > on Symbols… Many
> > of the questions you have are answered in the help
> > file. As far as the
> > source-level debugging, you probably don’t have
> your
> > source path setup
> > correctly.
> >
> > As for the configuration, you should be able to
> save
> > the configuration
> > (after you set it up) as a “workspace” by choosing
> > the “Save Workspace”
> > or “Save Workspace As” options under the File
> menu.
> > Then you can just
> > load the workspace when WinDBG starts. You can
> also
> > have the workspace
> > loaded automatically by creating a shortcut to
> > windbg and adding the
> > “-Wworkspacename” parameter to the command line.
> >
> > sean
> >
> > Mike Malgin wrote:
> >
> > >Hi,
> > >
> > > The kernel symbol seems to work when I use the
> > > microsoft symbol server.
> > >
> > > I still have one problem when breaking on my
> > > DriverEntry, it now looks like it break
> correctly
> > > but I still see asm listing, I also
> > > loaded the PDB file (checked build) of the
> > > driver (by using CTRL+S or .sympath pdbpath).
> > >
> > > BTW, is it possible to make windbg to save the
> > config
> > > or do I have to insert the config on every
> > debugging
> > >
> > > session ?
> > >
> > >Thanks!
> > >Mike.
> > >— Gary Little wrote:
> > >
> > >>First, make sure you are using the version
> > 4.00.0018
> > >>of WinDbg. You can
> > >>download it from
> > >>
> > >>http://www.microsoft.com/ddk/debugging
> > >>
> > >>Second, be sure that your drivers PDB file is in
> > the
> > >>symbol path. If needed
> > >>do a !reload.
> > >>
> > >>Gary G. Little
> > >>Broadband Storage, Inc.
> > >>xxxxx@broadstor.com
> > >>xxxxx@inland.net
> > >>
> > >>-----Original Message-----
> > >>From: Mike Malgin [mailto:xxxxx@yahoo.com]
> > >>Sent: Monday, February 25, 2002 5:05 PM
> > >>To: Kernel Debugging Interest List
> > >>Subject: [windbg] RE: Breaking on my driver.
> > >>
> > >>Hi,
> > >>
> > >> Thanks for the help.
> > >>
> > >> I tried what you previously suggested, i
> > >> n windbg I did the following :
> > >> kd> bu MySerialDrv!DriverEntry.
> > >> kd> bl
> > >> 0 eu 0001 (0001)
> > >>(MySerialDrv!DriverEntry)
> > >> kd> g
> > >>
> > >> Now, I manually started the driver on the
> target
> > >> machine, the windbg was indeed break on a bp,
> but
> > >> it doesn’t look like it break on the right one,
> > >> the below is the line which appear after I run
> my
> > >> driver
> > >>
> > >> nt!MiRemoveUnusedSegments+7d7:
> > >> 80459081 cc int 3
> > >> …
> > >> some more asm…
> > >> After some “F10” clicks I saw my driver debug
> > >>output.
> > >>
> > >> I have another problem, I get some warnings
> > >> about some wrong symbols version
> > >> “*** WARNING: symbols timestamp is wrong
> > 0x384d9b17
> > >>
> > >> 0x384d4cfd for ntoskrnl.exe”
> > >> Maybe someone can pour some light on this issue
> > >> as well ?
> > >>
> > >>Thanks,
> > >>-Mike.
> > >>
> > >>— Gary Little wrote:
> > >>
> > >>>Start WinDbg, break into the system, and then
> > >>>
> > >>enter
> > >>
> > >>>“bu
> > >>>yourDriver!DriverEntry”. Start your driver.
> > >>>
> > >>>If you want to catch it during system boot,
> then
> > >>>
> > >>use
> > >>
> > >>>Ctl+Alt+K in WinDbg to
> > >>>enter WinDbg early in the boot process and set
> > the
> > >>>breakpoint as stated.
> > >>>
> > >>>Gary G. Little
> > >>>Broadband Storage, Inc.
> > >>>xxxxx@broadstor.com
> > >>>xxxxx@inland.net
> > >>>
> > >>>-----Original Message-----
> > >>>From: xxxxx@lists.osr.com
> > >>>[mailto:xxxxx@lists.osr.com]On
> > Behalf
> > >>>Of Mike Malgin
> > >>>Sent: Monday, February 25, 2002 11:55 AM
> > >>>To: Kernel Debugging Interest List
> > >>>Subject: [windbg] Breaking on my driver.
> > >>>
>
=== message truncated ===

__________________________________________________
Do You Yahoo!?
Yahoo! Greetings - Send FREE e-cards for every occasion!
http://greetings.yahoo.com