I have code that parses NET_BUFFER_LIST/NET_BUFFER structures I need to debug and test, however WinDBG/Visual Studio , is just making this task impossibly difficult in kernel space, It’s making me want to sob uncontrollably and destroy things with my hands and fists, not to mention costing me countless hours and days of lost productivity.
Can I somehow serialize or mock or capture, NET_BUFFER and NET_BUFFER_LIST structures in a userspace , I need them to be realistic, and just jerry rigging some plausible scenarios by hand seems nearly impossible to do, due to how complex these structures are.
Driver debugging is just kicking my ass so badly.
A key attribute to succeeding in this space is persistence. Keep at it. If you are using WinDBG you can use the following commands to display information about NBLs.
- !ndiskd.nbl address
- !ndiskd.nbl address -data
Where address is a kernel memory address.
I’m currently investigating ndiskd, but what I’m missing is some way to see what is inside the frame to verify I parsed it correctly, is there some way to do that ?
Not sure what you mean by frame, but if you want to see what’s in the packet then the aforementioned commands will do that.
I meant to actually parse the bytes in the packet and display what kind of headers there is inside. That would be nice for verifying my own implementation agrees with it.