Hello everyone.
I tryed to setup a breakpoing with windbg under some IRP_MJ on a 3th party
driver ( i dont have the source).
im running livekd. connection windbg to it.
getting the address of the function with
!drvobj btkrnl 6
…
[0e] IRP_MJ_DEVICE_CONTROL f677443e +0xf677443e
…
then when i try to execute the bp command for setting my breakpoint
lkd> bp btkrnl!f677443e
^ Operation not supported by current debuggee error in 'bp
btkrnl!f67744
i spend hours seeking on google for anysolution but i cant find anything
it is a livekd limitation ? or im doing something wrong ??
thanks for your time.
-Nico
Express yourself instantly with MSN Messenger! Download today it’s FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
You can’t do live active debugging with livekd. You need a 2 machine setup for what you want to do.
d
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of rotterdam hooligan gabber uber alles
Sent: Tuesday, October 30, 2007 2:42 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Breakpoint on a driver major function with LiveKD
Hello everyone.
I tryed to setup a breakpoing with windbg under some IRP_MJ on a 3th party
driver ( i dont have the source).
im running livekd. connection windbg to it.
getting the address of the function with
!drvobj btkrnl 6
…
[0e] IRP_MJ_DEVICE_CONTROL f677443e +0xf677443e
…
then when i try to execute the bp command for setting my breakpoint
lkd> bp btkrnl!f677443e
^ Operation not supported by current debuggee error in 'bp
btkrnl!f67744
i spend hours seeking on google for anysolution but i cant find anything
it is a livekd limitation ? or im doing something wrong ??
thanks for your time.
-Nico
Express yourself instantly with MSN Messenger! Download today it’s FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
You can’t set breakpoints with LiveKD. If you were able to, you would
never be able to resume the machine. In order to do this sort of thing
on one machine, you either need SoftICE, which is no longer a product,
or you can get the same effect as long as you aren’t debugging actual
hardware by using VMWare and connecting WinDbg (kd) to the installation
running in the VM.
LiveKD is essentially useless for anything other than querying a very
limited set of system information. You definitely can’t debug a driver
with it.
Good luck,
mm
rotterdam hooligan gabber uber alles wrote:
Hello everyone.
I tryed to setup a breakpoing with windbg under some IRP_MJ on a 3th
party driver ( i dont have the source).
im running livekd. connection windbg to it.
getting the address of the function with
!drvobj btkrnl 6
…
[0e] IRP_MJ_DEVICE_CONTROL f677443e +0xf677443e
…
then when i try to execute the bp command for setting my breakpoint
lkd> bp btkrnl!f677443e
^ Operation not supported by current debuggee error in 'bp
btkrnl!f67744
i spend hours seeking on google for anysolution but i cant find anything
it is a livekd limitation ? or im doing something wrong ??
thanks for your time.
-Nico
Express yourself instantly with MSN Messenger! Download today it’s FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
rotterdam hooligan gabber uber alles wrote:
I tryed to setup a breakpoing with windbg under some IRP_MJ on a 3th
party driver ( i dont have the source).
im running livekd. connection windbg to it.
getting the address of the function with
!drvobj btkrnl 6
…
[0e] IRP_MJ_DEVICE_CONTROL f677443e +0xf677443e
…
then when i try to execute the bp command for setting my breakpoint
lkd> bp btkrnl!f677443e
^ Operation not supported by current debuggee error in 'bp
btkrnl!f67744
i spend hours seeking on google for anysolution but i cant find anything
it is a livekd limitation ? or im doing something wrong ??
With live kernel debugging, you cannot set breakpoints. It’s been
discussed here many times; I’m surprised you didn’t find it.
You need to use two-system debugging for this.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Sound like the good solution for me 
I will go with virtual PC. thanks for
your anwsers.
You can’t set breakpoints with LiveKD. If you were able to, you would
never be able to resume the machine. In order to do this sort of thing on
one machine, you either need SoftICE, which is no longer a product, or you
can get the same effect as long as you aren’t debugging actual hardware by
using VMWare and connecting WinDbg (kd) to the installation running in the
VM.
LiveKD is essentially useless for anything other than querying a very
limited set of system information. You definitely can’t debug a driver
with it.
Good luck,
mm
rotterdam hooligan gabber uber alles wrote:
>Hello everyone.
>I tryed to setup a breakpoing with windbg under some IRP_MJ on a 3th
>party driver ( i dont have the source).
>
>im running livekd. connection windbg to it.
>
>getting the address of the function with
>
>!drvobj btkrnl 6
>…
>[0e] IRP_MJ_DEVICE_CONTROL f677443e +0xf677443e
>…
>
>then when i try to execute the bp command for setting my breakpoint
>
>lkd> bp btkrnl!f677443e
> ^ Operation not supported by current debuggee error in 'bp
>btkrnl!f67744
>
>i spend hours seeking on google for anysolution but i cant find anything
>
>it is a livekd limitation ? or im doing something wrong ??
>
>thanks for your time.
>
>-Nico
>
>_________________________________________________________________
>Express yourself instantly with MSN Messenger! Download today it’s FREE!
>http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Express yourself instantly with MSN Messenger! Download today it’s FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Martin O’Brien wrote:
LiveKD is essentially useless for anything other than querying a very
limited set of system information. You definitely can’t debug a
driver with it.
I know what you are saying here, but I’ve found LiveKD to be a very
useful tool in some cases. As long as my driver spews useful addresses
in its debug output, I can go examine the data structures in memory and
find out useful stuff. Plus, I can dump the KMDF in-flight recorder log
and find out WDFREQUEST and WDFQUEUE addresses, and do useful things
with them.
It all depends.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
That is a pretty cool use of livekd 
d
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Tim Roberts
Sent: Tuesday, October 30, 2007 3:19 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Breakpoint on a driver major function with LiveKD
Martin O’Brien wrote:
LiveKD is essentially useless for anything other than querying a very
limited set of system information. You definitely can’t debug a
driver with it.
I know what you are saying here, but I’ve found LiveKD to be a very
useful tool in some cases. As long as my driver spews useful addresses
in its debug output, I can go examine the data structures in memory and
find out useful stuff. Plus, I can dump the KMDF in-flight recorder log
and find out WDFREQUEST and WDFQUEUE addresses, and do useful things
with them.
It all depends.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Fair enough. Can’t say that I had ever considered either of those, and
they indeed are pretty cool. Do you do this at a client site where
WinDbg is not convenient/practical/possible, or do you use this during
development? If the later, why instead of WinDbg? I’m always
interested in learning how people use tools in ways that I don’t or
hadn’t even considered.
Just curious,
mm
Doron Holan wrote:
That is a pretty cool use of livekd
d
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Tim Roberts
Sent: Tuesday, October 30, 2007 3:19 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Breakpoint on a driver major function with LiveKD
Martin O’Brien wrote:
> LiveKD is essentially useless for anything other than querying a very
> limited set of system information. You definitely can’t debug a
> driver with it.
I know what you are saying here, but I’ve found LiveKD to be a very
useful tool in some cases. As long as my driver spews useful addresses
in its debug output, I can go examine the data structures in memory and
find out useful stuff. Plus, I can dump the KMDF in-flight recorder log
and find out WDFREQUEST and WDFQUEUE addresses, and do useful things
with them.
It all depends.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Martin O’Brien wrote:
Fair enough. Can’t say that I had ever considered either of those,
and they indeed are pretty cool. Do you do this at a client site
where WinDbg is not convenient/practical/possible, or do you use this
during development? If the later, why instead of WinDbg? I’m always
interested in learning how people use tools in ways that I don’t or
hadn’t even considered.
During the early stages of development, I use a two-system setup, just
because there’s a lot of debugging to do. After that, it’s just more
convenient to boot up one system instead of two. I can use DebugView
and avoid the performance penalty of tracing via WinDbg. And, it gets
me closer to the client’s environment; they aren’t going to have WinDbg
connected.
It’s mostly just personal preference, I think.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Tim Roberts wrote:
Martin O’Brien wrote:
> Fair enough. Can’t say that I had ever considered either of those,
> and they indeed are pretty cool. Do you do this at a client site
> where WinDbg is not convenient/practical/possible, or do you use this
> during development? If the later, why instead of WinDbg? I’m always
> interested in learning how people use tools in ways that I don’t or
> hadn’t even considered.
During the early stages of development, I use a two-system setup, just
because there’s a lot of debugging to do. After that, it’s just more
convenient to boot up one system instead of two. I can use DebugView
and avoid the performance penalty of tracing via WinDbg. And, it gets
me closer to the client’s environment; they aren’t going to have WinDbg
connected.
It’s mostly just personal preference, I think.
Thanks, Tim. I was missing the DebugView part. While overall much,
much happier since switching to WinDbg about three years ago, even
leaving out that it is no longer a product, there are a few things that
I really miss about it, and the ability to run something far enough
along to be workably stable for something like the scenario you describe
is one of them. Debugging over IP was occasionally a fabulous, and
there are a few other random scenarios, but this is the one I really
miss sometimes, mostly because it was so much more responsive than
WinDbg, albeit much more work to configure, and no fun at all if the
driver wasn’t pretty stable.
While debuggers can do a lot of nice things, in the end, I know for my
own code at least, pretty much I’m a KdPrint person when it comes to tools.
Thanks,
mm