Please answer my questions what you want(even though dont know
properly). Every answer is a guide for me.
Thanks,
...
Thanks Martin, but configuration is different that u said;
Host pc <--------------------------> Target pc
Win xp Win 7
32 bit 64 bit
No file complied all driver files
complied win wdk x64 chkbuilder
So i copy the driver codes and its outputs to the host pc and point them
for windbg. (Is it true?)
My windbg symbol source path ;
Symbol source path :
SRV*c:\symbols*Symbol information;
-> windows symbols
C:\osman\apco25_vpcc_device_driver\objchk_win7_amd64\amd64;
-> my driver symbols-1
C:\osman\apco25_vpcc_driver_generic_functions\objchk_win7_amd64\amd64;
-> my driver symbols-2
C:\osman\apco25_vpcb_driver_interfacke\Debug
-> my dll symbol file
And one more question, can wdk compiler make .map or .lst output? Do it
need any parameters?
Osman
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Martin O'Brien
Sent: Monday, March 21, 2011 8:00 AM
To: Kernel Debugging Interest List
Subject: RE: [windbg] finding error line
Well, what did you do exactly?
.sympath srv*c:\sym*Symbol information (where
'c:\sym' can be any writable local directory).
Generally, you if you have your symbols setup correctly and you are
debugging on the machine on which you built your driver, you shouldn't
have to set a '.srcpath.' In order to do this, you may need to add the
path your driver build directory to that '.sympath' command above. You
only point it to the root of your build directory, not the 'obj'
subdirectories.
Good luck,
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Osman TOKER
Sent: Sunday, March 20, 2011 8:00 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] finding error line
Pavel, thank u for info because i suspect .dll source codes, Don, i set
up the sysmbols as;
Source path = source files (.c, .h, etc) Symbol path = symbol files
(.pdb, .dbg) Image Path = executable binary images (.exe, .sys, .dll,
etc ) Is it true?
However i set up the files as above, i encounted - file not found
errors.
Osman
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Don Burn
Sent: Monday, March 21, 2011 1:53 AM
To: Kernel Debugging Interest List
Subject: RE: [windbg] finding error line
And if you set up the symbols and source file path, windbg will give you
the stack walk back and the line that the failure occurred. Without
this, your efforts are not going to do anything.
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Osman TOKER
Sent: Sunday, March 20, 2011 7:41 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] finding error line
yes, i have but it is not only a file, there are over 5000 lines about
apco25_vpcc_device_driver.sys and it is hard for me to know value of rax
and access address.
Note:my target pc ; win 7 x64
host pc; win xp x86
maybe i changes something(?).
thanks.
Osman
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of ??? gmail
Sent: Monday, March 21, 2011 12:58 AM
To: Kernel Debugging Interest List
Subject: RE: [windbg] finding error line
According to "!analyze -v" result, spco25_vpcc_device_driver has
problem. A value of rax is not able to access address. Do you have any
source code for it?
Best regards,
Taehwa.
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Osman TOKER
Sent: Monday, March 21, 2011 6:21 AM
To: Kernel Debugging Interest List
Subject: RE: [windbg] finding error line
Yes, i connected to target pc with null-modem cable.
Only i mean from the analyze, there is a problem about application(.dll
files) running under systemWOW64 directory, but where?
Here is !analyze -v results;
0: kd> !analyze -v
************************************************************************
****
***
*
*
* Bugcheck Analysis
*
*
*
************************************************************************
****
***
SYSTEM_SERVICE_EXCEPTION (3b)
An exception happened while executing a system service routine.
Arguments:
Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: fffff880053eb475, Address of the instruction which caused the
bugcheck
Arg3: fffff88007c10ee0, Address of the context record for the exception
that caused the bugcheck
Arg4: 0000000000000000, zero.
Debugging Details:
EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx"
referenced memory at "0x%08lx". The memory could not be "%s".
FAULTING_IP:
apco25_vpcc_device_driver+7475
fffff880`053eb475 428b0480 mov eax,dword ptr [rax+r8*4]
CONTEXT: fffff88007c10ee0 -- (.cxr 0xfffff88007c10ee0)
rax=0000000004400000 rbx=fffffa80040abe98 rcx=fffffa80041978c0
rdx=0000000000000000 rsi=fffffa8002cc7590 rdi=fffffa80040abc60
rip=fffff880053eb475 rsp=fffff88007c118b0 rbp=fffffa80040abee0
r8=0000000000000000 r9=fffff88007c1197c r10=00000000002220b0
r11=fffffa80040abe98 r12=000000000000001c r13=0000000000000001
r14=0000000000000001 r15=fffffa8002eebe30
iopl=0 nv up ei ng nz ac pe cy
cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b
efl=00010293
apco25_vpcc_device_driver+0x7475:
fffff880053eb475 428b0480 mov eax,dword ptr [rax+r8\*4] ds:002b:0000000004400000=????????
Resetting default scope
DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT
BUGCHECK_STR: 0x3B
PROCESS_NAME: Telsiz Santral
CURRENT_IRQL: 2
LAST_CONTROL_TRANSFER: from fffff880053ead16 to fffff880053eb475
STACK_TEXT:
fffff88007c118b0 fffff880053ead16 : fffffa8002eeb1b0 fffffa80041978c0 fffffa80041978c0 fffff88007c1197c :
apco25_vpcc_device_driver+0x7475 fffff88007c118e0 fffff880053f9825 :
fffffa8002eeb060 fffffa80040abc60 fffffa8002cc7590 fffffa80040abc60
: apco25_vpcc_device_driver+0x6d16 fffff88007c119b0 fffff80002b97547 :
fffffa8004178990 fffff88007c11ca0 fffffa8000000000 fffffa8004178990
:
ksthunk!CKernelFilterDevice::DispatchIrp+0x11d
fffff88007c11a10 fffff80002b97da6 : fffffa8004093b30 0000000000000000 0000000000000000 0000000000000000 :
nt!IopXxxControlFile+0x607 fffff88007c11b40 fffff8000287d993 :
fffffa8004093b30 0000000000000001 fffffa80036f3a10 fffff80002b92254
: nt!NtDeviceIoControlFile+0x56 fffff88007c11bb0 00000000758d2dd9 :
00000000758d2932 0000000077e30190
0000000000000023 0000000000000003 : nt!KiSystemServiceCopyEnd+0x13
000000000796f0f8 00000000758d2932 : 0000000077e30190 0000000000000023
0000000000000003 0000000007bdfff0 : wow64cpu!CpupSyscallStub+0x9
000000000796f100 0000000074b7d07e : 0000000000000000 00000000758d1920 0000000000000000 0000000000000000 :
wow64cpu!DeviceIoctlFileFault+0x31
000000000796f1c0 0000000074b7c549 : 0000000000000000 0000000000000000 0000000000000000 0000000000000000 :
wow64!RunCpuSimulation+0xa 000000000796f210 0000000077cbbd67 :
0000000000000000 000000007efdf000 000000007efa7000 0000000000000000
: wow64!Wow64LdrpInitialize+0x429 000000000796f760 0000000077c72ace :
000000000796f820 0000000000000000 000000007efdf000 0000000000000000
: ntdll! ?? ::FNODOBFM::string'+0x2b064 000000000796f7d0
0000000000000000 : 0000000000000000 0000000000000000 0000000000000000 00000000`00000000 : ntdll!LdrInitializeThunk+0xe
FOLLOWUP_IP:
apco25_vpcc_device_driver+7475
fffff880`053eb475 428b0480 mov eax,dword ptr [rax+r8*4]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: apco25_vpcc_device_driver+7475
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: apco25_vpcc_device_driver
IMAGE_NAME: apco25_vpcc_device_driver.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4d83e9cc
STACK_COMMAND: .cxr 0xfffff88007c10ee0 ; kb
FAILURE_BUCKET_ID: X64_0x3B_apco25_vpcc_device_driver+7475
BUCKET_ID: X64_0x3B_apco25_vpcc_device_driver+7475
Followup: MachineOwner
Osman
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Sunday, March 20, 2011 10:59 PM
To: Kernel Debugging Interest List
Subject: Re: [windbg] finding error line
So, you have WinDbg running on a host and connected to a target?
Excellent!
You can now run "!analyze -v", without the quotes, and either analyze it
yourself, or cut and paste it here. WinDbg does have good help, which is
available locally.
Gary G. Little
----- Original Message -----
From: xxxxx@netas.com.tr
To: "Kernel Debugging Interest List"
Sent: Sunday, March 20, 2011 3:46:19 PM
Subject: [windbg] finding error line
hi,
i'm debugging kernel mode codes with Windbg and found this results of
BSOD;
...
0a fffff880068fa720 fffff88003e07475 nt!KiPageFault+0x23a (TrapFrame @
fffff880068fa720)<br>...<br><br>...<br>fffff880068fab40 fffff80002879993 nt!NtDeviceIoControlFile+0x56<br>fffff880068fabb0 00000000745c2dd9 nt!KiSystemServiceCopyEnd+0x13<br>000000000662f0f8 00000000745c2932 wow64cpu!CpupSyscallStub+0x9 ...<br><br>....<br>nt!KiSystemServiceHandler+0x8f:<br>fffff8000287960f 65488b042588010000 mov rax,qword ptr gs:[188h]
fffff80002879618 80b8f601000000 cmp byte ptr [rax+1F6h],0<br>fffff8000287961f 740a je nt!KiSystemServiceHandler+0xab
(fffff800`0287962b)
....
...
+0x1f6 PreviousMode : Char
....
after that how can i find the error line of code?(this design not belong
to me so i try to find by windbg)
osman
---
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
OSR Seminars – OSR
To unsubscribe, visit the List Server section of OSR Online at
ListServer/Forum
---
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
OSR Seminars – OSR
To unsubscribe, visit the List Server section of OSR Online at
ListServer/Forum
---
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
OSR Seminars – OSR
To unsubscribe, visit the List Server section of OSR Online at
ListServer/Forum
---
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
OSR Seminars – OSR
To unsubscribe, visit the List Server section of OSR Online at
ListServer/Forum
---
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
OSR Seminars – OSR
To unsubscribe, visit the List Server section of OSR Online at
ListServer/Forum
---
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
OSR Seminars – OSR
To unsubscribe, visit the List Server section of OSR Online at
ListServer/Forum
---
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
OSR Seminars – OSR
To unsubscribe, visit the List Server section of OSR Online at
ListServer/Forum
---
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
OSR Seminars – OSR
To unsubscribe, visit the List Server section of OSR Online at
ListServer/Forum