cmkd extension

Hi,

I’m trying to use in windbg kd the cmkd.dll extension from http://www.codemachine.com/tool_cmkd.html

I get this error:

kd> !cmkd.help
The call to LoadLibrary(cmkd) failed, Win32 error 0n127
“The specified procedure could not be found.”
Please check your debugger configuration and/or network access.

and trying to load it

kd> !load C:\Programmi\Debugging Tools for Windows\winext\cmkd.dll
The call to LoadLibrary(C:\Programmi\Debugging Tools for Windows\winext\cmkd.dll) failed, Win32 error 0n127
“The specified procedure could not be found.”
Please check your debugger configuration and/or network access.

The system is x86 running Win XP Pro

Thanks for your help…

iirc it is for x64 only

On 12/6/12, xxxxx@alice.it wrote:
> Hi,
>
> I’m trying to use in windbg kd the cmkd.dll extension from
> http://www.codemachine.com/tool_cmkd.html
>
> I get this error:
>
> kd> !cmkd.help
> The call to LoadLibrary(cmkd) failed, Win32 error 0n127
> “The specified procedure could not be found.”
> Please check your debugger configuration and/or network access.
>
> and trying to load it
>
> kd> !load C:\Programmi\Debugging Tools for Windows\winext\cmkd.dll
> The call to LoadLibrary(C:\Programmi\Debugging Tools for
> Windows\winext\cmkd.dll) failed, Win32 error 0n127
> “The specified procedure could not be found.”
> Please check your debugger configuration and/or network access.
>
> The system is x86 running Win XP Pro
>
> Thanks for your help…
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

oops not x64 but some vista+ and vc8 dependency problem
it is linked to _except_4 which isnt available in xp etc etc

see the link at the bottom where jeffrey tan tries to struggle with it

see below

lkd> !process 0 0 windbg.exe
PROCESS 864c62e8 SessionId: 0 Cid: 0d50 Peb: 7ffd9000 ParentCid: 0788
DirBase: 0fc40340 ObjectTable: e2ff74e8 HandleCount: 48.
Image: windbg.exe

lkd> !process 0 17 windbg.exe

ChildEBP RetAddr Args to Child
cut
00a1da74 7c941ea3 c0000139 00f7e6d4 001b3570
ntdll!RtlRaiseStatus+0x26 (FPO: [Non-Fpo])
cut

00a1e1e8 0218bcc3 00a1e240 00000000 00000008
kernel32!LoadLibraryExW+0x18e (FPO: [Non-Fpo])

cut
00a1ef80 01029612 00000000 00a1ef98 00000001
windbg!ProcessCommand+0x156 (FPO: [Non-Fpo])

lkd> .process /p /r 864c62e8

lkd> du /c 80 00a1e240
00a1e240 “F:\windbg\WINXP\cmkd.dll”

00a1dab4 7c91cfdc 77c10000 00f7e7fa 00f7e6d4 ntdll!LdrpSnapThunk+0x398
(FPO: [Non-Fpo])

lkd> da 00f7e7fa
00f7e7fa “_except_handler4_common”

http://bytes.com/topic/net/answers/611031-vista-xp-msvcrt-dll-error

On 12/6/12, raj_r wrote:
> iirc it is for x64 only
>
> On 12/6/12, xxxxx@alice.it wrote:
>> Hi,
>>
>> I’m trying to use in windbg kd the cmkd.dll extension from
>> http://www.codemachine.com/tool_cmkd.html
>>
>> I get this error:
>>
>> kd> !cmkd.help
>> The call to LoadLibrary(cmkd) failed, Win32 error 0n127
>> “The specified procedure could not be found.”
>> Please check your debugger configuration and/or network access.
>>
>> and trying to load it
>>
>> kd> !load C:\Programmi\Debugging Tools for Windows\winext\cmkd.dll
>> The call to LoadLibrary(C:\Programmi\Debugging Tools for
>> Windows\winext\cmkd.dll) failed, Win32 error 0n127
>> “The specified procedure could not be found.”
>> Please check your debugger configuration and/or network access.
>>
>> The system is x86 running Win XP Pro
>>
>> Thanks for your help…
>>
>>
>> —
>> WINDBG is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>

Have you tried “dumpbin /exports” on the DLL file?
joe

Hi,

I’m trying to use in windbg kd the cmkd.dll extension from
http://www.codemachine.com/tool_cmkd.html

I get this error:

kd> !cmkd.help
The call to LoadLibrary(cmkd) failed, Win32 error 0n127
“The specified procedure could not be found.”
Please check your debugger configuration and/or network access.

and trying to load it

kd> !load C:\Programmi\Debugging Tools for Windows\winext\cmkd.dll
The call to LoadLibrary(C:\Programmi\Debugging Tools for
Windows\winext\cmkd.dll) failed, Win32 error 0n127
“The specified procedure could not be found.”
Please check your debugger configuration and/or network access.

The system is x86 running Win XP Pro

Thanks for your help…

---

WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

On 12/6/12, xxxxx@flounder.com wrote:
> Have you tried “dumpbin /exports” on the DLL file?
> joe

can you elaborate how /exports can help analyze the problem

or if you meant /imports

how that can provide any explanation to the problem in hand ?

i mean how can one come to a conclusion that this dll is not meant for this
os&|bitness&|platform&|… with either /exports or / imports ?

He probably means/imports, but I’d use depends (wdk/tools/other/amd64,).
It will do a better job if it’s trying to use some manifest crap.

Mm
On Dec 6, 2012 8:19 PM, “raj_r” wrote:

> On 12/6/12, xxxxx@flounder.com wrote:
> > Have you tried “dumpbin /exports” on the DLL file?
> > joe
>
> can you elaborate how /exports can help analyze the problem
>
> or if you meant /imports
>
> how that can provide any explanation to the problem in hand ?
>
> i mean how can one come to a conclusion that this dll is not meant for this
> os&|bitness&|platform&|… with either /exports or / imports ?
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

but I’d use depends (wdk/tools/other/amd64,).
yeah depends can mark the improper imports in color

but iirc depends was missing in wdk / vc installations after vc6

did it make a comeback ?

C:\>cd WinDDK

C:\WinDDK>dir /s /b depends*.*
File Not Found

C:\WinDDK>

C:\Program Files>dir /s /b depends*.*
C:\Program Files\GnuWin32\contrib\coreutils\5.3.0\depends-GnuWin32.lst
C:\Program Files\Microsoft Visual Studio\Common\Tools\DEPENDS.CNT
C:\Program Files\Microsoft Visual Studio\Common\Tools\DEPENDS.EXE
C:\Program Files\Microsoft Visual Studio\Common\Tools\DEPENDS.HLP

C:\Program Files>

On 12/7/12, Martin O’Brien wrote:
> He probably means/imports, but I’d use depends (wdk/tools/other/amd64,).
> It will do a better job if it’s trying to use some manifest crap.
>
> Mm
> On Dec 6, 2012 8:19 PM, “raj_r” wrote:
>
>> On 12/6/12, xxxxx@flounder.com wrote:
>> > Have you tried “dumpbin /exports” on the DLL file?
>> > joe
>>
>> can you elaborate how /exports can help analyze the problem
>>
>> or if you meant /imports
>>
>> how that can provide any explanation to the problem in hand ?
>>
>> i mean how can one come to a conclusion that this dll is not meant for
>> this
>> os&|bitness&|platform&|… with either /exports or / imports ?
>>
>> —
>> WINDBG is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer

It’s on my machine:

dir c:\WinDDK\7600.16385.1\tools\Other\amd64\
Volume in drive C has no label.
Volume Serial Number is C662-DD46

Directory of c:\WinDDK\7600.16385.1\tools\Other\amd64

11/27/2012 02:52 PM

.
11/27/2012 02:52 PM ..
02/08/2010 08:11 PM 33,280 ComputerHardwareIds.exe
01/18/2010 04:24 PM 164,468 Depends.chm
02/08/2010 07:30 PM 13,824 Depends.dll
02/08/2010 09:08 PM 589,312 Depends.exe
02/08/2010 09:09 PM 15,872 drivers.exe
02/08/2010 08:05 PM 237,568 KernRate.exe
02/08/2010 08:05 PM 324,122 kernrate.htm
01/15/2010 10:07 PM 612,352 msdis150.dll
02/08/2010 09:09 PM 34,304 poolmon.exe
02/08/2010 08:05 PM 351,232 WinError.exe
10 File(s) 2,376,334 bytes
2 Dir(s) 79,050,051,584 bytes free

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of raj_r
Sent: Friday, December 07, 2012 12:24 AM
To: Kernel Debugging Interest List
Subject: Re: [windbg] cmkd extension

but I'd use depends (wdk/tools/other/amd64,).
yeah depends can mark the improper imports in color

but iirc depends was missing in wdk / vc installations after vc6

did it make a comeback ?

C:\>cd WinDDK

C:\WinDDK>dir /s /b depends*.*
File Not Found

C:\WinDDK>

C:\Program Files>dir /s /b depends*.*
C:\Program Files\GnuWin32\contrib\coreutils\5.3.0\depends-GnuWin32.lst
C:\Program Files\Microsoft Visual Studio\Common\Tools\DEPENDS.CNT C:\Program
Files\Microsoft Visual Studio\Common\Tools\DEPENDS.EXE C:\Program
Files\Microsoft Visual Studio\Common\Tools\DEPENDS.HLP

C:\Program Files>

On 12/7/12, Martin O'Brien wrote:
> He probably means/imports, but I'd use depends (wdk/tools/other/amd64,).
> It will do a better job if it's trying to use some manifest crap.
>
> Mm
> On Dec 6, 2012 8:19 PM, "raj_r" wrote:
>
>> On 12/6/12, xxxxx@flounder.com wrote:
>> > Have you tried "dumpbin /exports" on the DLL file?
>> > joe
>>
>> can you elaborate how /exports can help analyze the problem
>>
>> or if you meant /imports
>>
>> how that can provide any explanation to the problem in hand ?
>>
>> i mean how can one come to a conclusion that this dll is not meant
>> for this os&|bitness&|platform&|.......... with either /exports or /
>> imports ?
>>
>> ---
>> WINDBG is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
> ---
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer

---
WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

This issue has been fixed in the latest version of CMKD.dll v1.2.6.0.
You can download it http://codemachine.com/tool_cmkd.html

raj,

can you help me in understanding the steps of your analysis…(see below) ?

Thanks!

********************************
lkd> !process 0 0 windbg.exe
PROCESS 864c62e8 SessionId: 0 Cid: 0d50 Peb: 7ffd9000 ParentCid: 0788
DirBase: 0fc40340 ObjectTable: e2ff74e8 HandleCount: 48. Image: windbg.exe

lkd> !process 0 17 windbg.exe
ChildEBP RetAddr Args to Child

cut

00a1da74 7c941ea3 c0000139 00f7e6d4 001b3570
ntdll!RtlRaiseStatus+0x26 (FPO: [Non-Fpo])

cut

00a1e1e8 0218bcc3 00a1e240 00000000 00000008
kernel32!LoadLibraryExW+0x18e (FPO: [Non-Fpo])

cut

00a1ef80 01029612 00000000 00a1ef98 00000001
windbg!ProcessCommand+0x156 (FPO: [Non-Fpo])

lkd> .process /p /r 864c62e8

lkd> du /c 80 00a1e240
00a1e240 “F:\windbg\WINXP\cmkd.dll”

00a1dab4 7c91cfdc 77c10000 00f7e7fa 00f7e6d4 ntdll!LdrpSnapThunk+0x398
(FPO: [Non-Fpo])

lkd> da 00f7e7fa
00f7e7fa “_except_handler4_common”

On 12/10/12, xxxxx@alice.it wrote:
> raj,
>
> can you help me in understanding the steps of your analysis…(see below)
> ?
>
> Thanks!

load windbg on windbg and load the cmkd.dll and check the string
passed to loadlibrary and ldrsnapthunk

run the following command from a command prompt

c:> windbg -QY -c “sxe *;g” windbg -QY -kl -c “.load cmkdo.dll;”

(cmkdo = renamed old cmkd i hope you downloaded the new fixed one and
saved the old one so you can follow what i post below)

the above command will spawn a windbg debugging another windbg doing
an local debugging session

-Qy is to suppress the do you want blah blah dialogs

-c "sxe *;g " sets and event filter that catches the first chance
exceptions in parent windbg

-c load cmkdo.dll loads the dll in child windbg which will result in
a 0xc0000139 exception
which will be caught by the parent and break

do kb for stack
find the frame where loadlib is done and confirm if it is cmkdo.dll
(unicode string so du XXXXXX

then find the frame which has LdrSnapThunk and do da on the argument

if all went right LoadLib will be at frame no 9 and LdrSnapThunk will
be at frame no 1

09 00a1e1e8 0218bcc3 00a1e240 00000000 00000008
kernel32!LoadLibraryExW+0x18e (FPO: [Non-Fpo])

01 00a1dab4 7c91cfdc 77c10000 00f7e7fa 00f7e6d4
ntdll!LdrpSnapThunk+0x398 (FPO: [Non-Fpo])

the argument to LoadLib is a1e240 and ForLdrSnapThunk is f7e7fa

doing

0:001> da 00f7e7fa ; du 00a1e240

gets you the the module and the failing import

00f7e7fa “_except_handler4_common”

00a1e240 “f:\windbg\612windbg\WINXP\cmkdo.”
00a1e280 “dll”

Thanks…

the first time I tried, I got a dialog box message from windbg instance doing the local kernel debugging session…

“Unable to debug the local kernel, Win32 error 0n87…The parameter is incorrect.”

anyway the second time I tried I continued clicking File->Kernel Debug->local (tab)…and the first windbg instance caught the exception allowing to perform the steps described…

Now, is the dialog message expected ?

On 12/12/12, xxxxx@alice.it wrote:

> Now, is the dialog message expected ?

no

i just ran the script again from command prompt and i don’t see any dialog box

windbg -QY -c ‘sxe -c “kb” *;g’ windbg -QY -kl -c “.load cmkdo.dll;”