Hi,
I would like to know how to set break point at my driver entry. Also is there a way i can check how much memory my driver is using ?
bu !DriverEntry before the driver is loaded. A lm kvm Name> will give you starting and ending address. Looking at pool tags can
show you how much memory you have allocated since you know how big each tag
allocates.
wrote in message news:xxxxx@windbg…
Hi,
I would like to know how to set break point at my driver entry. Also is
there a way i can check how much memory my driver is using ?
If this is a debug build and you want to stop each time your driver loads
you can add KdBreakPoint() at the start of your driver entry routine. You
have to recompile, of course.
Regards,
George.
I prefer the compiler intrinsic [__debugbreak();] You can stop in your
driver instead of the OS. It also allows you to edit the image to replace
the ‘CC’ with a ‘90’ which disables the breakpoint if you don’t need it
again in a place that is frequently executed.
“George M. Garner Jr.” wrote in message news:xxxxx@windbg…
If this is a debug build and you want to stop each time your driver loads
you can add KdBreakPoint() at the start of your driver entry routine. You
have to recompile, of course.
Regards,
George.
you can also try “sxe ld:”. It should break at driver
entry.
On Wed, Nov 10, 2010 at 10:02 AM, David Craig wrote:
> I prefer the compiler intrinsic [__debugbreak();] You can stop in your
> driver instead of the OS. It also allows you to edit the image to replace
> the ‘CC’ with a ‘90’ which disables the breakpoint if you don’t need it
> again in a place that is frequently executed.
>
>
> “George M. Garner Jr.” wrote in message news:xxxxx@windbg…
>
>
> If this is a debug build and you want to stop each time your driver loads
> you can add KdBreakPoint() at the start of your driver entry routine. You
> have to recompile, of course.
>
> Regards,
>
> George.
>
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
“David Craig” wrote in message news:xxxxx@windbg…
> I prefer the compiler intrinsic [__debugbreak();] You can stop in your
> driver instead of the OS.
FYI they’ve “fixed” this for most builds in the more recent WDKs.
#if (NTDDI_VERSION >= NTDDI_WIN2K)
#if (_MSC_FULL_VER >= 150030729) && !defined(IMPORT_NATIVE_DBG_BREAK)
#define DbgBreakPoint__debugbreak
#else
__analysis_noreturn
VOID
NTAPI
DbgBreakPoint(
VOID
);
#endif
-scott
–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
“David Craig” wrote in message news:xxxxx@windbg…
> I prefer the compiler intrinsic [__debugbreak();] You can stop in your
> driver instead of the OS. It also allows you to edit the image to replace
> the ‘CC’ with a ‘90’ which disables the breakpoint if you don’t need it
> again in a place that is frequently executed.
>
>
> “George M. Garner Jr.” wrote in message news:xxxxx@windbg…
>
> If this is a debug build and you want to stop each time your driver loads
> you can add KdBreakPoint() at the start of your driver entry routine. You
> have to recompile, of course.
>
> Regards,
>
> George.
>
>
>
>“Sarbojit Sarkar” wrote in message
>news:xxxxx@windbg…
>you can also try “sxe ld:”. It should break at driver
>entry.
That actually breaks in the O/S before driver entry is called. At that point
you could set a breakpoint on driver entry though.
-scott
–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
Ya, I though Mr. J 
wants to break before getting driver entry call for
his driver.
On Wed, Nov 10, 2010 at 4:44 PM, Scott Noone wrote:
> “Sarbojit Sarkar” wrote in message
>> news:xxxxx@windbg…
>>
>> you can also try “sxe ld:”. It should break at driver
>> entry.
>>
>
> That actually breaks in the O/S before driver entry is called. At that
> point
> you could set a breakpoint on driver entry though.
>
>
> -scott
>
> –
> Scott Noone
> Consulting Associate
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
I never noticed this change. I just got tired on breaking into the OS and
when compiling projects with a later version of the compiler I would use the
intrinsic. I remember in a couple of cases where I had to use defined
blocks to make it conditional based upon the compiler version. It is nice
to know and worthy of a note of appreciation.
“Scott Noone” wrote in message news:xxxxx@windbg…
“David Craig” wrote in message news:xxxxx@windbg…
> I prefer the compiler intrinsic [__debugbreak();] You can stop in your
> driver instead of the OS.
FYI they’ve “fixed” this for most builds in the more recent WDKs.
#if (NTDDI_VERSION >= NTDDI_WIN2K)
#if (_MSC_FULL_VER >= 150030729) && !defined(IMPORT_NATIVE_DBG_BREAK)
#define DbgBreakPoint__debugbreak
#else
__analysis_noreturn
VOID
NTAPI
DbgBreakPoint(
VOID
);
#endif
-scott
–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
“David Craig” wrote in message news:xxxxx@windbg…
> I prefer the compiler intrinsic [__debugbreak();] You can stop in your
> driver instead of the OS. It also allows you to edit the image to replace
> the ‘CC’ with a ‘90’ which disables the breakpoint if you don’t need it
> again in a place that is frequently executed.
>
>
> “George M. Garner Jr.” wrote in message news:xxxxx@windbg…
>
> If this is a debug build and you want to stop each time your driver loads
> you can add KdBreakPoint() at the start of your driver entry routine. You
> have to recompile, of course.
>
> Regards,
>
> George.
>
>
>
You can also set the debugger to break on first symbol load (which in my experience hits EVERY time unlike the initial break point), and just do a bu yourdriver!DriverEntry.
That works for me, and doesn’t require hard coding any break points.
To set kd to break on first symbol load, hit ctrl-k twice after firing it up.
For winload hit ctrl-alt-k twice.
Joe.
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of David Craig
Sent: Wednesday, November 10, 2010 8:00 AM
To: Kernel Debugging Interest List
Subject: Re:[windbg] debugging command to set break point at my driver entry
I never noticed this change. I just got tired on breaking into the OS and
when compiling projects with a later version of the compiler I would use the
intrinsic. I remember in a couple of cases where I had to use defined
blocks to make it conditional based upon the compiler version. It is nice
to know and worthy of a note of appreciation.
“Scott Noone” wrote in message news:xxxxx@windbg…
“David Craig” wrote in message news:xxxxx@windbg…
> I prefer the compiler intrinsic [__debugbreak();] You can stop in your
> driver instead of the OS.
FYI they’ve “fixed” this for most builds in the more recent WDKs.
#if (NTDDI_VERSION >= NTDDI_WIN2K)
#if (_MSC_FULL_VER >= 150030729) && !defined(IMPORT_NATIVE_DBG_BREAK)
#define DbgBreakPoint__debugbreak
#else
__analysis_noreturn
VOID
NTAPI
DbgBreakPoint(
VOID
);
#endif
-scott
–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
“David Craig” wrote in message news:xxxxx@windbg…
> I prefer the compiler intrinsic [__debugbreak();] You can stop in your
> driver instead of the OS. It also allows you to edit the image to replace
> the ‘CC’ with a ‘90’ which disables the breakpoint if you don’t need it
> again in a place that is frequently executed.
>
>
> “George M. Garner Jr.” wrote in message news:xxxxx@windbg…
>
> If this is a debug build and you want to stop each time your driver loads
> you can add KdBreakPoint() at the start of your driver entry routine. You
> have to recompile, of course.
>
> Regards,
>
> George.
>
>
>
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
“Scott Noone” wrote in message news:xxxxx@windbg…
> FYI they’ve “fixed” this for most builds in the more recent WDKs.
Learning something new every day… Thanks.
– pa
> FYI they’ve “fixed” this for most builds in the more recent WDKs.
So *thats* why it changed in Vista. I noticed and never bothered to track
it down - I guess I assumed that they had fixed it in a far more imaginative
manner…