Ethernet kernel debug WinXp SP3

Dear OSR community

I want to kernel debug a WinXp target using an ethernet connection. However I didn?t found anything about how to modify boot.ini . It appeared to me that only later versions of windows e.g. vista are offerning kernel debug via ethernet. Can anyone confirm this or if not I would be very happy if anyone could give a link or hint how to proper set up boot.ini

Best Regards,
Matthias

KDNET debugging is supported on Windows 8/WS2012, and Windows 8.1/WS2012R2.

It is not supported on earlier releases of Windows. Neither Windows 7, Windows Vista, or Windows XP.

Joe.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@alumni.tu-berlin.de
Sent: Saturday, September 20, 2014 12:33 PM
To: Kernel Debugging Interest List
Subject: [windbg] Ethernet kernel debug WinXp SP3

Dear OSR community

I want to kernel debug a WinXp target using an ethernet connection. However I didn?t found anything about how to modify boot.ini . It appeared to me that only later versions of windows e.g. vista are offerning kernel debug via ethernet. Can anyone confirm this or if not I would be very happy if anyone could give a link or hint how to proper set up boot.ini

Best Regards,
Matthias


WINDBG is sponsored by OSR

OSR is hiring!! Info at http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

@Joe: Thank you very much for responding to my question. I set up a null modem instead and it worked so far.

Regarding kernel debugging I have another question. I want to put in a breakpoint for
CreateWindowExA in User32. After loading kernel-symbols on the remote (which also worked hopefully) I tried: bp USER32!CreateWindowExA

Windbg: Bp expression ?user32!CreateWindowExA? could not be resolved, adding deferred bp.
After calling CreateWindowExA on the target nothings breaks.

I also tried: bp CreateWindowExA and windbg strated searching several ?.sys files ? it also didn?t worked.

I would be very happy if someone could give a hint how to properly set up a breakpoint for the user32 function: CreateWindowExA.

Best Regards,
Matthias

All of the routines you mentioned below are user mode routines. The easiest way to get breakpoints set on them, is to install the debugger package to your target (test) machine, and just use windbg.exe to debug an application. Use windbg as your user mode debugger.

Most people don’t need to use the kernel debugger to debug user mode code, and you should only do it, if you have to for some reason. It is actually quite painful to try to debug user mode code from the kernel debugger. I wouldn’t even go there if I were you.

It is much easier to debug user mode code using the user mode debugger, not the kernel debugger.

Launch the application you want to run under the debugger. (windbg fullpathtoyourapplication.exe)

Then user mode breakpoints will work just as you might expect.

Joe.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@alumni.tu-berlin.de
Sent: Saturday, September 20, 2014 3:41 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Ethernet kernel debug WinXp SP3

@Joe: Thank you very much for responding to my question. I set up a null modem instead and it worked so far.

Regarding kernel debugging I have another question. I want to put in a breakpoint for CreateWindowExA in User32. After loading kernel-symbols on the remote (which also worked hopefully) I tried: bp USER32!CreateWindowExA

Windbg: Bp expression ?user32!CreateWindowExA? could not be resolved, adding deferred bp.
After calling CreateWindowExA on the target nothings breaks.

I also tried: bp CreateWindowExA and windbg strated searching several ?.sys files ? it also didn?t worked.

I would be very happy if someone could give a hint how to properly set up a breakpoint for the user32 function: CreateWindowExA.

Best Regards,
Matthias


WINDBG is sponsored by OSR

OSR is hiring!! Info at http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

@Joe Thank you ! I tried instead to load my executable directly with windbg. To set the breakpoint I used

bp CreateWindowExA

instead of

bp USER32!CreateWindowExA

The breakpoint worked well - now I can figure out, why under some reasons CreateWindowExA crashes my executable. Thank you very much for helping me to properly set up windbg.

Best Regards,
Matthias

Just FYI for more information on working with user mode state from a kernel
mode connection check this article:

https://www.osronline.com/article.cfm?article=576

In terms of figuring out why your call to CreateWindowsEx is crashing your
application, as Joe said run your code under a user mode debugger. Also try
running your application with Application Verifier enabled:

http://www.microsoft.com/en-us/download/details.aspx?id=20028

-scott
OSR
@OSRDrivers

wrote in message news:xxxxx@windbg…

@Joe Thank you ! I tried instead to load my executable directly with
windbg. To set the breakpoint I used

bp CreateWindowExA

instead of

bp USER32!CreateWindowExA

The breakpoint worked well - now I can figure out, why under some reasons
CreateWindowExA crashes my executable. Thank you very much for helping me to
properly set up windbg.

Best Regards,
Matthias