WinDBG kernel-mode environment settings that can cause a Heisenbug

Hello,

I’m running into a bug somewhere in a kernel-mode driver I’m writing. However, I can’t debug it because it vanishes whenever a kernel-mode debugger is attached. What WinDBG/KD behavior might be causing this difference in execution? And how can I disable this behavior or work around it to debug the issue?

Thanks in advance,
Synthwave

On Oct 2, 2018, at 6:02 PM, Synthwave wrote:
>
> I’m running into a bug somewhere in a kernel-mode driver I’m writing. However, I can’t debug it because it vanishes whenever a kernel-mode debugger is attached. What WinDBG/KD behavior might be causing this difference in execution? And how can I disable this behavior or work around it to debug the issue?

The most common issue is subtle timing effects, especially if you have KdPrints in your driver. KdPrints with the debugger attached take a REALLY long time, computationally speaking. Do you have a lot of KdPrint traces?

Tim Roberts, timr@probo.com
Providenza & Boekelheide, Inc.

@Tim_Roberts said:

The most common issue is subtle timing effects, especially if you have KdPrints in your driver. KdPrints with the debugger attached take a REALLY long time, computationally speaking. Do you have a lot of KdPrint traces?

The problematic part of the code doesn’t have any KdPrints. The kernel-mode driver simply takes some data from user-mode, processes it, and writes it to some register. It also reads a register and brings the results back to user-mode. Could something else be causing timing issues?

I’m afraid… You’re going to have to describe the bug for us, in order for us to be able to help you.

You could start by explaining what you mean by “Writes it to some register”, maybe.

Peter

@Peter_Viscarola said:
I’m afraid… You’re going to have to describe the bug for us, in order for us to be able to help you.

You could start by explaining what you mean by “Writes it to some register”, maybe.

I’m not entirely sure what the cause of the bug is, because attempting to debug it makes it disappear. My driver deals with a device that has its own processor. It uses WRITE_REGISTER_ULONG() and READ_REGISTER_ULONG() to read and write memory-mapped registers on the device. It writes to a register to request tests, then writes to another register to request the results. My bug is that the tests don’t run properly without a kernel debugger attached.

However, I’ve been using some unconventional ways to debug it, and it seems like KeDelayExecutionThread() only delays execution when a debugger is attached, and fails to delay it when a debugger is detached. This could be causing the bug.

Do you know why that could be?


Edit: This might no longer be a WinDBG question at this point, so let me know if there’s a better place to post it.