Here’s an annoying little problem:
An NT service running on Win2K Pro SP2 is throwing an unhandled
“unspecified software exception” (0x00000000) at system shutdown. I’d
like to debug this in user mode, but Windows terminates all processes,
including user-mode debuggers, at shutdown. I can hit to break into
kernel debugger, but by then it’s too late (offending function out of
scope, thread context lost).
So I tried running NTSD (-d) under control of a kernel debugger (WinDbg
via serial), but Windows terminates the NTSD process before the exception
occurs. I’ve considered launching NTSD as a service and keeping it loaded
by making my service depend on it, but there’d be a load-order problem
(plus I’d have to write a little SCM glue code).
So my questions are: Is there a way to run a user-mode debugger late into
Windows shutdown? Does anyone know a better way to handle this (other
than WinICE :-)?
– CCP
Here is an idea:
Put a __try/__except in your service’s “main” function. In the
except block call DebugBreak(). Then run with windbg attached to the
machine as the kernel debugger.
When the exception occurs the DebugBreak will be called and halt
the machine and break into the kernel debugger. You can then use Windbg
to do some debugging.
Using a kernel debugger to debug user mode apps is not ideal,
but it is better than nothing.
-----Original Message-----
From: xxxxx@acm.org [mailto:xxxxx@acm.org]
Sent: Wednesday, May 08, 2002 1:04 AM
To: Kernel Debugging Interest List
Subject: [windbg] User-mode debugging at system shutdown
Here’s an annoying little problem:
An NT service running on Win2K Pro SP2 is throwing an unhandled
“unspecified software exception” (0x00000000) at system shutdown. I’d
like to debug this in user mode, but Windows terminates all processes,
including user-mode debuggers, at shutdown. I can hit to break
into kernel debugger, but by then it’s too late (offending function out
of scope, thread context lost).
So I tried running NTSD (-d) under control of a kernel debugger (WinDbg
via serial), but Windows terminates the NTSD process before the
exception occurs. I’ve considered launching NTSD as a service and
keeping it loaded by making my service depend on it, but there’d be a
load-order problem (plus I’d have to write a little SCM glue code).
So my questions are: Is there a way to run a user-mode debugger late
into Windows shutdown? Does anyone know a better way to handle this
(other than WinICE :-)?
– CCP
—
You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%
Thanks, for the tip, that’s a definite improvement over what I ended up doing (putting _asm int 3 in the suspected functions) before I had a chance to read your mail. I’ll be sure to use this technique next time.
– CCP
----- Original Message -----
From: Nathan Nesbit
To: Kernel Debugging Interest List
Sent: Wednesday, May 08, 2002 8:32 AM
Subject: [windbg] RE: User-mode debugging at system shutdown
Here is an idea:
Put a __try/__except in your service’s “main” function. In the
except block call DebugBreak(). Then run with windbg attached to the
machine as the kernel debugger.
When the exception occurs the DebugBreak will be called and halt
the machine and break into the kernel debugger. You can then use Windbg
to do some debugging.
Using a kernel debugger to debug user mode apps is not ideal,
but it is better than nothing.
-----Original Message-----
From: xxxxx@acm.org [mailto:xxxxx@acm.org]
Sent: Wednesday, May 08, 2002 1:04 AM
To: Kernel Debugging Interest List
Subject: [windbg] User-mode debugging at system shutdown
Here’s an annoying little problem:
An NT service running on Win2K Pro SP2 is throwing an unhandled
“unspecified software exception” (0x00000000) at system shutdown. I’d
like to debug this in user mode, but Windows terminates all processes,
including user-mode debuggers, at shutdown. I can hit to break
into kernel debugger, but by then it’s too late (offending function out
of scope, thread context lost).
So I tried running NTSD (-d) under control of a kernel debugger (WinDbg
via serial), but Windows terminates the NTSD process before the
exception occurs. I’ve considered launching NTSD as a service and
keeping it loaded by making my service depend on it, but there’d be a
load-order problem (plus I’d have to write a little SCM glue code).
So my questions are: Is there a way to run a user-mode debugger late
into Windows shutdown? Does anyone know a better way to handle this
(other than WinICE :-)?
– CCP
—
You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%
—
You are currently subscribed to windbg as: xxxxx@acm.org
To unsubscribe send a blank email to %%email.unsub%%
Nathan,
Yes using WinDbg is not ideal, but by far easier than trying to find all those frigging DLLs needed to get Remote Debugging from Visual Studio .ANY-FLAVIOUR. Why they never included a consistent method for installing it on a remote machine I’ll never understand. How about a ZIP file with a BAT? Or at least a directory named “Files Needed For Remote Debugging”.
Please note that I didn’t say VS RD didn’t work — I said it was a pain in the butt to get on the remote machine.
Gary G. Little
xxxxx@broadstor.com
xxxxx@inland.net
“Chris Pearson” wrote in message news:xxxxx@windbg…
Thanks, for the tip, that’s a definite improvement over what I ended up doing (putting _asm int 3 in the suspected functions) before I had a chance to read your mail. I’ll be sure to use this technique next time.
– CCP
----- Original Message -----
From: Nathan Nesbit
To: Kernel Debugging Interest List
Sent: Wednesday, May 08, 2002 8:32 AM
Subject: [windbg] RE: User-mode debugging at system shutdown
Here is an idea:
Put a try/ except in your service’s “main” function. In the
except block call DebugBreak(). Then run with windbg attached to the
machine as the kernel debugger.
When the exception occurs the DebugBreak will be called and halt
the machine and break into the kernel debugger. You can then use Windbg
to do some debugging.
Using a kernel debugger to debug user mode apps is not ideal,
but it is better than nothing.
-----Original Message-----
From: xxxxx@acm.org [mailto:xxxxx@acm.org]
Sent: Wednesday, May 08, 2002 1:04 AM
To: Kernel Debugging Interest List
Subject: [windbg] User-mode debugging at system shutdown
Here’s an annoying little problem:
An NT service running on Win2K Pro SP2 is throwing an unhandled
“unspecified software exception” (0x00000000) at system shutdown. I’d
like to debug this in user mode, but Windows terminates all processes,
including user-mode debuggers, at shutdown. I can hit to break
into kernel debugger, but by then it’s too late (offending function out
of scope, thread context lost).
So I tried running NTSD (-d) under control of a kernel debugger (WinDbg
via serial), but Windows terminates the NTSD process before the
exception occurs. I’ve considered launching NTSD as a service and
keeping it loaded by making my service depend on it, but there’d be a
load-order problem (plus I’d have to write a little SCM glue code).
So my questions are: Is there a way to run a user-mode debugger late
into Windows shutdown? Does anyone know a better way to handle this
(other than WinICE :-)?
– CCP
—
You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%
—
You are currently subscribed to windbg as: xxxxx@acm.org
To unsubscribe send a blank email to %%email.unsub%%