Hi there, I am connected to a kernel and I am writing a debug extension for a driver, I have loaded the symbols for the driver and there's this global structure x which contains a pointer to an instance of a class y. I can dereference this pointer, typecast the pointer as the instance y and read it fine from the watch window of windg. But I have trouble doing it through the debug extension I am writing, I can read the symbol address for x using IDebugSymbols3::GetOffsetByName and get the pointer value using ReadTypedDataVirtual but am unable to access this instance of y since its not exactly a . Does anyone know how I can access this variable(instance of y) since it doesn't actually have a symbol name? Thanks, I am trying to use dbgeng.h
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!||Kernel Debugging||30 Mar 2020||OSR Seminar Space|
|Developing Minifilters||20 Apr 2020||LIVE ONLINE|
|Writing WDF Drivers||11 May 2020||LIVE ONLINE|
|Internals & Software Drivers||28 Sept 2020||Dulles, VA|