Accessing registry of the target computer

Hello all,
I am trying to access the registry of the target computer which is running
Win2k.
I am using Windbg 6.0 and using !dreg command but I am getting following
error:
“No export dreg found” and if I use dreg instead of !dreg I get following
error.

Kd> dreg System\CurrentControlSet\Services\Tcpip!Start

00000000 ?? ?
^ Extra character error in ‘dreg
System\CurrentControlSet\Services\Tcpip!Start’

Thanks in advance
Ashish

When you type “dreg …” the debugger thinks you are typing one of the
d* commands to display memory. So what you typed makes no sense to the
parser and hence the error code.

When you run “!dreg …” the debugger correctly identifies it as an
extension command and searches the loaded extenstion dlls for it. It
says “No export” because it didn’t find a loaded dll which implements
the function. According to the docs !dreg is implemented in
ntsdexts.dll. So if you do a “.chain” and don’t see it then you need to
do a “.load ntsdexts” to get the debugger to load it. Doing a “!dreg”
after that will cause it to run.

The docs imply (as does that fact that it is implmemnted in
ntsdexts.dll) that the extension only works when doing user mode
debugging. So it is doubtful that you will get anything useful from
running this when doing kernel debugging. Which makes total sense
because the registry exists on disk and reading from the filesystem of a
machine halted for kernel debugging is problematic at best.

-----Original Message-----
From: xxxxx@Itronix.com [mailto:xxxxx@Itronix.com]
Sent: Sunday, May 19, 2002 8:11 PM
To: Kernel Debugging Interest List
Subject: [windbg] Accessing registry of the target computer

Hello all,
I am trying to access the registry of the target computer which is
running Win2k. I am using Windbg 6.0 and using !dreg command but I am
getting following
error:
“No export dreg found” and if I use dreg instead of !dreg I get
following error.

Kd> dreg System\CurrentControlSet\Services\Tcpip!Start

00000000 ?? ?
^ Extra character error in ‘dreg
System\CurrentControlSet\Services\Tcpip!Start’

Thanks in advance
Ashish


You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%

Mohan Venkat wrote:
I tried to follow your steps from the user-mode. Any idea why it still fails?

>>>>>>>>>>debugger commands start here<<<<<<<<<<<<

0:01> .chain
Extension DLL search Path:
D:\Program Files\Debugging Tools for Windows\winext;D:\Program Files\Debugging Tools for Windows\pri;D:\Program Files\Debugging Tools for Windows\W2KFre;D:\Program Files\Debugging Tools for Windows;D:\Perl\bin;D:\PROGRAM FILES\TCL\bin;D:\WINNT\system32;D:\WINNT;D:\WINNT\System32\Wbem;D:\Program Files\Microsoft SDK\Bin.;D:\Program Files\Microsoft SDK\Bin\WinNT.;D:\Program Files\Microsoft Visual Studio\Common\Tools\WinNT;D:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin;D:\Program Files\Microsoft Visual Studio\Common\Tools;D:\Program Files\Microsoft Visual Studio\VC98\bin;D:\Program Files\Microsoft SDK\Bin.;D:\Program Files\Microsoft SDK\Bin\WinNT.
Extension DLL chain:
dbghelp: image 6.0.0007.0, API 5.1.6, built Tue Mar 05 15:32:04 2002
[path: D:\Program Files\Debugging Tools for Windows\dbghelp.dll]
ext: image 6.0.0007.0, API 1.0.0, built Thu Mar 07 13:17:59 2002
[path: D:\Program Files\Debugging Tools for Windows\winext\ext.dll]
uext: image 6.0.0007.0, API 1.0.0, built Tue Mar 05 15:31:59 2002
[path: D:\Program Files\Debugging Tools for Windows\winext\uext.dll]
ntsdexts: image 5.00.2195.4513, built Tue Oct 16 11:00:55 2001
[path: D:\Program Files\Debugging Tools for Windows\W2KFre\ntsdexts.dll]
0:01> !dreg System\CurrentControlSet\Services\Tcpip!Start
No export reg found
0:01> .load ntsdexts
0:01> !dreg System\CurrentControlSet\Services\Tcpip!Start
No export reg found

>>>>>>>>>>debugger commands ends here<<<<<<<<<<<<

-----Original Message-----
From: Nathan Nesbit [mailto:xxxxx@windows.microsoft.com]
Sent: Sunday, May 19, 2002 8:35 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: Accessing registry of the target computer

When you type “dreg …” the debugger thinks you are typing one of the
d* commands to display memory. So what you typed makes no sense to the
parser and hence the error code.

When you run “!dreg …” the debugger correctly identifies it as an
extension command and searches the loaded extenstion dlls for it. It
says “No export” because it didn’t find a loaded dll which implements
the function. According to the docs !dreg is implemented in
ntsdexts.dll. So if you do a “.chain” and don’t see it then you need to
do a “.load ntsdexts” to get the debugger to load it. Doing a “!dreg”
after that will cause it to run.

The docs imply (as does that fact that it is implmemnted in
ntsdexts.dll) that the extension only works when doing user mode
debugging. So it is doubtful that you will get anything useful from
running this when doing kernel debugging. Which makes total sense
because the registry exists on disk and reading from the filesystem of a
machine halted for kernel debugging is problematic at best.

-----Original Message-----
From: xxxxx@Itronix.com [mailto:xxxxx@Itronix.com]
Sent: Sunday, May 19, 2002 8:11 PM
To: Kernel Debugging Interest List
Subject: [windbg] Accessing registry of the target computer

Hello all,
I am trying to access the registry of the target computer which is
running Win2k. I am using Windbg 6.0 and using !dreg command but I am
getting following
error:
“No export dreg found” and if I use dreg instead of !dreg I get
following error.

Kd> dreg System\CurrentControlSet\Services\Tcpip!Start

00000000 ?? ?
^ Extra character error in ‘dreg
System\CurrentControlSet\Services\Tcpip!Start’

Thanks in advance
Ashish


You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%


You are currently subscribed to windbg as: xxxxx@veritas.com
To unsubscribe send a blank email to %%email.unsub%%

---------------------------------
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience

---------------------------------
Do You Yahoo!?
LAUNCH - Your Yahoo! Music Experience

Nathan thanks for the reply, .chain command showed the path to ntsdexts.dll,
but I still tried .load command and it works.
Nathan and I am able to see all Registry Keys
Ashish

-----Original Message-----
From: Nathan Nesbit [mailto:xxxxx@windows.microsoft.com]
Sent: Sunday, May 19, 2002 8:35 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: Accessing registry of the target computer

When you type “dreg …” the debugger thinks you are typing one of the
d* commands to display memory. So what you typed makes no sense to the
parser and hence the error code.

When you run “!dreg …” the debugger correctly identifies it as an
extension command and searches the loaded extenstion dlls for it. It says
“No export” because it didn’t find a loaded dll which implements the
function. According to the docs !dreg is implemented in ntsdexts.dll. So
if you do a “.chain” and don’t see it then you need to do a “.load ntsdexts”
to get the debugger to load it. Doing a “!dreg” after that will cause it to
run.

The docs imply (as does that fact that it is implmemnted in
ntsdexts.dll) that the extension only works when doing user mode debugging.
So it is doubtful that you will get anything useful from running this when
doing kernel debugging. Which makes total sense because the registry exists
on disk and reading from the filesystem of a machine halted for kernel
debugging is problematic at best.

-----Original Message-----
From: xxxxx@Itronix.com [mailto:xxxxx@Itronix.com]
Sent: Sunday, May 19, 2002 8:11 PM
To: Kernel Debugging Interest List
Subject: [windbg] Accessing registry of the target computer

Hello all,
I am trying to access the registry of the target computer which is running
Win2k. I am using Windbg 6.0 and using !dreg command but I am getting
following
error:
“No export dreg found” and if I use dreg instead of !dreg I get following
error.

Kd> dreg System\CurrentControlSet\Services\Tcpip!Start

00000000 ?? ?
^ Extra character error in ‘dreg
System\CurrentControlSet\Services\Tcpip!Start’

Thanks in advance
Ashish


You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%


You are currently subscribed to windbg as: xxxxx@itronix.com To unsubscribe
send a blank email to %%email.unsub%%

I was surprised that you said you could get registry values. So I
looked at the source for dreg. It simply uses the registry APIs to get
the data. So the registry values you are seeing are for the machine
running Windbg.

-----Original Message-----
From: xxxxx@Itronix.com [mailto:xxxxx@Itronix.com]
Sent: Monday, May 20, 2002 10:41 AM
To: Kernel Debugging Interest List
Subject: [windbg] RE: Accessing registry of the target computer

Nathan thanks for the reply, .chain command showed the path to
ntsdexts.dll, but I still tried .load command and it works. Nathan and I
am able to see all Registry Keys Ashish

-----Original Message-----
From: Nathan Nesbit [mailto:xxxxx@windows.microsoft.com]
Sent: Sunday, May 19, 2002 8:35 PM
To: Kernel Debugging Interest List
Subject: [windbg] RE: Accessing registry of the target computer

When you type “dreg …” the debugger thinks you are typing one of the
d* commands to display memory. So what you typed makes no sense to the
parser and hence the error code.

When you run “!dreg …” the debugger correctly identifies it as an
extension command and searches the loaded extenstion dlls for it. It
says “No export” because it didn’t find a loaded dll which implements
the function. According to the docs !dreg is implemented in
ntsdexts.dll. So if you do a “.chain” and don’t see it then you need to
do a “.load ntsdexts” to get the debugger to load it. Doing a “!dreg”
after that will cause it to run.

The docs imply (as does that fact that it is implmemnted in
ntsdexts.dll) that the extension only works when doing user mode
debugging. So it is doubtful that you will get anything useful from
running this when doing kernel debugging. Which makes total sense
because the registry exists on disk and reading from the filesystem of a
machine halted for kernel debugging is problematic at best.

-----Original Message-----
From: xxxxx@Itronix.com [mailto:xxxxx@Itronix.com]
Sent: Sunday, May 19, 2002 8:11 PM
To: Kernel Debugging Interest List
Subject: [windbg] Accessing registry of the target computer

Hello all,
I am trying to access the registry of the target computer which is
running Win2k. I am using Windbg 6.0 and using !dreg command but I am
getting following
error:
“No export dreg found” and if I use dreg instead of !dreg I get
following error.

Kd> dreg System\CurrentControlSet\Services\Tcpip!Start

00000000 ?? ?
^ Extra character error in ‘dreg
System\CurrentControlSet\Services\Tcpip!Start’

Thanks in advance
Ashish


You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%


You are currently subscribed to windbg as: xxxxx@itronix.com To
unsubscribe send a blank email to %%email.unsub%%


You are currently subscribed to windbg as: xxxxx@microsoft.com To
unsubscribe send a blank email to %%email.unsub%%