Debugging with WinDbg - kernel mode

Lucas_Bracher · November 25, 2006, 8:30am

Hi there!
I read that WinDbg only debugs in kernel-mode when you have 2 computers. Does exist a way to do that using only one?

Thank you!

Você quer respostas para suas perguntas? Ou você sabe muito e quer compartilhar seu conhecimento? Experimente o Yahoo! Respostas!

Don_Burn_1 · November 25, 2006, 8:48am

Basically for anything real the answer is no, unless you count the option
of 2 virtual machines. Note VM’s are not good for debugging most drivers
with real hardware.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

“Lucas Bracher” wrote in message
news:xxxxx@ntdev…
> Hi there!
> I read that WinDbg only debugs in kernel-mode when you have 2 computers.
> Does exist a way to do that using only one?
>
> Thank you!
>
>
> ---------------------------------
> Você quer respostas para suas perguntas? Ou você sabe muito e quer
> compartilhar seu conhecimento? Experimente o Yahoo! Respostas!

OSR_Community_User · November 25, 2006, 12:26pm

> WinDbg only debugs in kernel-mode when you have 2 computers.

Does exist a way to do that using only one?
If (if!) your driver is a software-only or a FS filter or an FSD or something like that, you can use your own box as a host plus a virtual machine installed on it.

There are 2 choices: VMWare and VirtualPC (later Virtual Server) from Microsoft.

Both are free, both run inside a usual window on your desktop.

In short, the idea in both cases is that the serial port, say, COM1, of these virtual machines is redirected to a pipe that is accessible from the host box, and you instruct windbg that runs on a host to work with this pipe instead of (host’s) COM1 (as you would in case of two physical boxes connected by a physical wire).

This host+VM construct may help, but is not always applicable (think of a real device and a driver for it - you can’t insert it into a VM).

If and when it is applicable, it works like a charm: virtualized COM is very fast, you can freeze VM’s state and save it etc.

Just don’t forget about ifs.

----- Original Message -----
From: Lucas Bracher
To: Windows System Software Devs Interest List
Sent: Saturday, November 25, 2006 8:30 AM
Subject: [ntdev] Debugging with WinDbg - kernel mode

Hi there!
I read that WinDbg only debugs in kernel-mode when you have 2 computers. Does exist a way to do that using only one?

Thank you!

Voc? quer respostas para suas perguntas? Ou voc? sabe muito e quer compartilhar seu conhecimento? Experimente o Yahoo! Respostas! — Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · November 26, 2006, 5:43am

So as mentioned above you can use Host + VMVare for debugging. For this, here are the settings
http://silverstr.ufies.org/lotr0/windbg-vmware.html

Cody_Wu · November 27, 2006, 3:56am

Hi Don,

Isn’t there a mode called Local Kernel Debugging? But it’s very limited.

Best regards,
Cody

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Saturday, November 25, 2006 9:48 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Debugging with WinDbg - kernel mode

Basically for anything real the answer is no, unless you count the option
of 2 virtual machines. Note VM’s are not good for debugging most drivers
with real hardware.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

“Lucas Bracher” wrote in message
news:xxxxx@ntdev…
> Hi there!
> I read that WinDbg only debugs in kernel-mode when you have 2 computers.
> Does exist a way to do that using only one?
>
> Thank you!
>
>
> ---------------------------------
> Voc? quer respostas para suas perguntas? Ou voc? sabe muito e quer
> compartilhar seu conhecimento? Experimente o Yahoo! Respostas!

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Don_Burn_1 · November 27, 2006, 8:00am

That’s why I said for anything real. People debug with OSR’s DebugMon but
I sure wouldn’t do it, and Local doesn’t offer much more.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

“Wu, Cody” wrote in message news:xxxxx@ntdev…
Hi Don,

Isn’t there a mode called Local Kernel Debugging? But it’s very limited.

Best regards,
Cody

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Saturday, November 25, 2006 9:48 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Debugging with WinDbg - kernel mode

Basically for anything real the answer is no, unless you count the option
of 2 virtual machines. Note VM’s are not good for debugging most drivers
with real hardware.

–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
http://www.windrvr.com
Remove StopSpam from the email to reply

“Lucas Bracher” wrote in message
news:xxxxx@ntdev…
> Hi there!
> I read that WinDbg only debugs in kernel-mode when you have 2 computers.
> Does exist a way to do that using only one?
>
> Thank you!
>
>
> ---------------------------------
> Você quer respostas para suas perguntas? Ou você sabe muito e quer
> compartilhar seu conhecimento? Experimente o Yahoo! Respostas!

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · November 27, 2006, 8:17am

> People debug with OSR’s DebugMon
The OP may look at LiveKd, if all he needs is a snapshot of a system.

Mike_Kemp · November 27, 2006, 8:55am

Hi Lucas

As a newcomer myself, take it from me that you need two computers and that
after you have set it up you’ll never look back! This is because with one
machine, once the driver has crashed the system you have to spend ages
saving crash dumps, rebooting and discovering corrupted files. It takes less
time to sort out the necessary leads for two machines and read the
documentation. It’s also useful that you can move to different target
machines if you find one that shows a problem that another doesn’t. It’s
also useful to be able to load different versions of windows on different
disks/partitions to vary the crash params. It’s also quite cheap to have a
spaghetti PC (no crate) running a test version of windows (if you have MSDN
licence)! - Mike

----- Original Message -----
From: Lucas Bracher
To: Windows System Software Devs Interest List
Sent: Saturday, November 25, 2006 1:30 PM
Subject: [ntdev] Debugging with WinDbg - kernel mode

Hi there!
I read that WinDbg only debugs in kernel-mode when you have 2 computers.
Does exist a way to do that using only one?

Thank you!

OSR_Community_User · November 27, 2006, 3:51pm

I don’t think that you can even get it anymore, as it is discontinued,
but if you really have the need and it is available, SoftICE is (was)
the only real answer to this question. Obviously, even in the best case
scenario, you would be investing in a very expensive product that is
going to disappear very shortly, if it hasn’t already, but you can do
almost everything with it, unless you are working on a boot driver
(which poses with problems with initialization and unload routines).

mm

>> xxxxx@sintefex.com 2006-11-27 08:54 >>>
Hi Lucas

As a newcomer myself, take it from me that you need two computers and
that
after you have set it up you’ll never look back! This is because with
one
machine, once the driver has crashed the system you have to spend ages

saving crash dumps, rebooting and discovering corrupted files. It takes
less
time to sort out the necessary leads for two machines and read the
documentation. It’s also useful that you can move to different target
machines if you find one that shows a problem that another doesn’t.
It’s
also useful to be able to load different versions of windows on
different
disks/partitions to vary the crash params. It’s also quite cheap to
have a
spaghetti PC (no crate) running a test version of windows (if you have
MSDN
licence)! - Mike

----- Original Message -----
From: Lucas Bracher
To: Windows System Software Devs Interest List
Sent: Saturday, November 25, 2006 1:30 PM
Subject: [ntdev] Debugging with WinDbg - kernel mode

Hi there!
I read that WinDbg only debugs in kernel-mode when you have 2
computers.
Does exist a way to do that using only one?

Thank you!

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer