Fwd: RE: Kernel debug in Windbg using tcp - is it possible?

It’s still easy.

?? foo.member->ptr->bar

I don’t think typing a second ? is too onerous.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Beverly Brown
Sent: Wednesday, January 17, 2007 2:08 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Kernel debug in Windbg using tcp - is it possible?

That is not intuitive. I thought the first arg was a type.

So what if it wasn’t a pointer? What if it was a struct and I wanted to print

foo.member->ptr->bar

Beverly

On 1/17/07, Doron Holan wrote:
> That is what I gave you
>
> dt ptr member.another_ptr->foo
>
> no type info, just the symbol by name and then the underlying “C”
> statement to get at the right field.
>
> Look at the -a flag for dt to look at dumping arrays.
>
> d
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Beverly Brown
> Sent: Wednesday, January 17, 2007 1:24 PM
> To: Windows System Software Devs Interest List
> Subject: Re: [ntdev] Kernel debug in Windbg using tcp - is it possible?
>
> But it’s still not very intuitive. What exactly is of type Foo in that
> example? Is it Field? Why do I have to tell it the type? Doesn’t the
> debugger already know?
>
> What I want is this:
>
> My source code has a pointer in it whose symbolic name is ptr. It is
> declared to be a pointer to a struct of type FOO like so:
>
> FOO *ptr.
>
> I want to refer to one of its members with a command like this
>
> print ptr->member.another_ptr->foo
>
> without having to give it any type information. The debugger should
> already know that from the symbols. (It knows it in the locals window)
> This is useful for accessing things that aren’t displayed easily in
> the locals window (like linked-lists). I realize windbg has a way to
> display linked lists, but it is not intuitive and I can never remember
> how to do it. Or if ptr is an array, but the debugger cannot know how
> big it is because it was dynamically allocated (and therefore can only
> show the first element in the locals window), I’d like to say
>
> print ptr[3] or print (ptr+3)
>
> For casting I certainly wouldn’t have guessed that you could use ?? to
> use C-style syntax. Again, not intuitive. The last time I looked up
> how to do this, there were some very unintuitive things you had to do
> with pointers and such (and I could never remember what they were or
> what the rules were for using them) for asm-style vs C-style in order
> to cast and display variables. (Using ?? is pretty unintuitive, too,
> BTW. Why is that necessary? Is that the command or a prefix?).
>
> Beverly
>
> On 1/17/07, Doron Holan wrote:
> > dt does that
> >
> > dt Foo Field->Struct.Blah
> >
> > as for the casting, you can use ?? to do it, e.g. ?? ((foo) ptr)
> >
> > d
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf Of Beverly Brown
> > Sent: Wednesday, January 17, 2007 12:23 PM
> > To: Windows System Software Devs Interest List
> > Subject: Re: [ntdev] Kernel debug in Windbg using tcp - is it
> possible?
> >
> > Also, to be able to access a struct member using C-style syntax would
> be
> > good.
> >
> > print struct_ptr->member
> >
> > Beverly
> >
> > On 1/17/07, Beverly Brown wrote:
> > > What I would like to see improved about Windbg:
> > >
> > > I would like to cast an address to a structure and display it
> C-style
> > > the way gdb works
> > >
> > > print *(SOME_STRUCT *)struct_ptr
> > >
> > > would cast struct_ptr to SOME_STRUCT * and print its contents member
> > > by member. dt gets you there in a roundabout way but this is much
> more
> > > intuitive IMO. (and I am NOT a Linux fan!)
> > >
> > > Beverly
> > >
> > > On 1/17/07, Peter Wieland wrote:
> > > > Ah - I love conspiracy theory Tuesdays. I console myself with the
> > > > knowledge that if we did charge for WinDBG or if we had ever
> > supported
> > > > single machine debugging that an equal number of theories about
> how
> > it
> > > > was a plot by MS to increase (something) would abound.
> > > >
> > > >
> > > > I would be interested in a list of features that SoftICE had that
> > made
> > > > it more useful than WinDBG aside from single-machine support.
> > Better
> > > > disassemble? Better breakpoint support? Better single step
> > ability?
> > > > Better functionality without symbols?
> > > >
> > > > Ethernet support sounds like one thing. Did it work with any
> > Ethernet
> > > > controller, or just one or two? Was there any security on it?
> > > >
> > > > I suspect I can search the archive to find this in bits and pieces
> -
> > did
> > > > anyone ever make an exhaustive list?
> > > >
> > > > -p
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: xxxxx@lists.osr.com
> > > > [mailto:xxxxx@lists.osr.com] On Behalf Of Michal
> > Vodicka
> > > > Sent: Tuesday, January 16, 2007 6:41 PM
> > > > To: Windows System Software Devs Interest List
> > > > Subject: RE: [ntdev] Kernel debug in Windbg using tcp - is it
> > possible?
> > > >
> > > > > ----------
> > > > > From:
> > > >
> >
> xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com
> > > >] on behalf of Martin O’Brien[SMTP:xxxxx@evitechnology.com]
> > > > > Reply To: Windows System Software Devs Interest List
> > > > > Sent: Wednesday, January 17, 2007 3:10 AM
> > > > > To: Windows System Software Devs Interest List
> > > > > Subject: RE: [ntdev] Kernel debug in Windbg using tcp - is
> it
> > > > possible?
> > > > >
> > > > > I hear you Michal. I just posted, but the long and short in my
> > > > opinion,
> > > > > is that SI committed suicide by abusive marketing practice, and,
> > while
> > > > > SI definitely had its issues (although I used the ethernet
> > transport
> > > > for
> > > > > years), I think it is a reasonable question to ask how much of a
> > > > WinDbg
> > > > > lovefest there would people if people had to pay for it.
> > > > >
> > > > I agree with both suicide and WinDbg price. It isn’t so long the
> > main
> > > > argument of WinDbg advocates here was no fee.
> > > >
> > > > Well, I didn’t want to awake old SI versus WinDbg thread. The game
> > is
> > > > over. I wonder if MS developers aren’t able to do what NuMega did
> or
> > if
> > > > the necessity to have two computers is the intention. SI was
> widely
> > used
> > > > as hackers’ tool mainly because of its one-machine debugging
> > abilities.
> > > > Or maybe they don’t care. With access to OS sources they don’t
> need
> > a
> > > > tool which helps with reverse engineering and they got used to two
> > > > machines setup.
> > > >
> > > > Best regards,
> > > >
> > > > Michal Vodicka
> > > > UPEK, Inc.
> > > > [xxxxx@upek.com, http://www.upek.com]
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > —
> > > > Questions? First check the Kernel Driver FAQ at
> > > > http://www.osronline.com/article.cfm?id=256
> > > >
> > > > To unsubscribe, visit the List Server section of OSR Online at
> > > > http://www.osronline.com/page.cfm?name=ListServer
> > > >
> > > >
> > > > —
> > > > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> > > >
> > > > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
> > > >
> > >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
> >
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

On 1/17/07, Michal Vodicka wrote:
> >
> > IMO, using a debugger is a lot faster than cluttering your code with
> > lots of debugging printfs.
> >
> Traces should be integral part of code. Our standard is every function reports its name, all parameters, return value and elapsed time. Traces infrastructure adds other important info as PID + TID, system time, IRQL, CPU number etc. Developer can add more traces when feel there is something important to print. For example when an API or DDI returns an error.
>
> If code is written reasonably, you don’t need to add traces just for debugging. They should be already there.

There is a difference between standard traces and print statments for
more specific things that you need to look at for just one bug and
then need to remember to remove.

>
> > That is usually an iterative process where
> > you display something, see that it’s wrong and then need to display
> > something else to see why it’s wrong. Using a debugger, you can
> > examine other variable and look at the stack, set breakpoints, etc,
> > and therefore find the reason why something got set wrong a lot
> > faster.
> >
> Iterative process is good for learning. Otherwise, it is very limited and inefficient. Most of problems we have to solve are real time where debugger can’t be used at all.

Well if you can’t use a debugger, you go with what you have available.
But you learn an awful lot (more?) through a debugger as well and in
much less time.

>
> The main advantage of traces is that all the tiresome work can be done by somebody else. When somebody reports me a problem, I just reply with instructions how to set traces. Sometimes later I receive captured traces, examine it and in the most cases I can see a problem within 5 minutes. We already taught our QA what traces we need to see for common scenarios so we usually receive a report with traces. This way I save a lot of time which can be used for something more important than playing with a debugger. For example, for such discussions

Traces are very helpful, but I have found that they don’t always
provide quite enough information when a bug shows itself.

>
> > In fact, stepping through code the first time it’s executed can catch
> > bugs that wouldn’t show up otherwise until sometime later in the
> > development/test cycle, or worse, in the end user’s system.
> >
> This is job for static analysis tools and mainly for asserts. It is much more efficient than stepping through code. Assert always guards the code even if there is no developer with a debugger. Asserts should be intergal part of code, too.

Static analysis tools are great but they don’t cover everything. I
agree that asserts are important, but asserts work better if you use
them in conjunction with a debugger. Not only do you see that
something happened that you didn’t expect, you can see why by
examining other variables, stack, etc while still in context.

Of course, if you are doing real-time work, you can’t meaningfully
step through code. If you are doing a lot of real-time work, I can see
why use of a debugger would be less useful to you than printf’s.

Beverly
>
> Best regards,
>
> Michal Vodicka
> UPEK, Inc.
> [xxxxx@upek.com, http://www.upek.com]
>
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>

I guess the problem lies with the documenation, then, as someone else
previously pointed out. I searched for “display variable” and I got
the dv command, which of course is not what I wanted. I didn’t think
of a variable as an expression so I didn’t search for “expression
evaluator” when I wanted to display it.

dt was the closest thing I found and it was not intuitive to use at
all for anything beyond the basic dt TYPE

.

Beverly

On 1/17/07, Arlie Davis wrote:
> It's still easy.
>
> ?? foo.member->ptr->bar
>
> I don't think typing a second ? is too onerous.
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Beverly Brown
> Sent: Wednesday, January 17, 2007 2:08 PM
> To: Windows System Software Devs Interest List
> Subject: Re: [ntdev] Kernel debug in Windbg using tcp - is it possible?
>
> That is not intuitive. I thought the first arg was a type.
>
> So what if it wasn't a pointer? What if it was a struct and I wanted to print
>
> foo.member->ptr->bar
>
> Beverly
>
> On 1/17/07, Doron Holan wrote:
> > That is what I gave you ;)
> >
> > dt ptr member.another_ptr->foo
> >
> > no type info, just the symbol by name and then the underlying "C"
> > statement to get at the right field.
> >
> > Look at the -a flag for dt to look at dumping arrays.
> >
> > d
> >
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf Of Beverly Brown
> > Sent: Wednesday, January 17, 2007 1:24 PM
> > To: Windows System Software Devs Interest List
> > Subject: Re: [ntdev] Kernel debug in Windbg using tcp - is it possible?
> >
> > But it's still not very intuitive. What exactly is of type Foo in that
> > example? Is it Field? Why do I have to tell it the type? Doesn't the
> > debugger already know?
> >
> > What I want is this:
> >
> > My source code has a pointer in it whose symbolic name is ptr. It is
> > declared to be a pointer to a struct of type FOO like so:
> >
> > FOO *ptr.
> >
> > I want to refer to one of its members with a command like this
> >
> > print ptr->member.another_ptr->foo
> >
> > without having to give it any type information. The debugger should
> > already know that from the symbols. (It knows it in the locals window)
> > This is useful for accessing things that aren't displayed easily in
> > the locals window (like linked-lists). I realize windbg has a way to
> > display linked lists, but it is not intuitive and I can never remember
> > how to do it. Or if ptr is an array, but the debugger cannot know how
> > big it is because it was dynamically allocated (and therefore can only
> > show the first element in the locals window), I'd like to say
> >
> > print ptr[3] or print *(ptr+3)
> >
> > For casting I certainly wouldn't have guessed that you could use ?? to
> > use C-style syntax. Again, not intuitive. The last time I looked up
> > how to do this, there were some very unintuitive things you had to do
> > with pointers and such (and I could never remember what they were or
> > what the rules were for using them) for asm-style vs C-style in order
> > to cast and display variables. (Using ?? is pretty unintuitive, too,
> > BTW. Why is that necessary? Is that the command or a prefix?).
> >
> > Beverly
> >
> > On 1/17/07, Doron Holan wrote:
> > > dt does that ;)
> > >
> > > dt Foo Field->Struct.Blah
> > >
> > > as for the casting, you can use ?? to do it, e.g. ?? ((foo*) ptr)
> > >
> > > d
> > > -----Original Message-----
> > > From: xxxxx@lists.osr.com
> > > [mailto:xxxxx@lists.osr.com] On Behalf Of Beverly Brown
> > > Sent: Wednesday, January 17, 2007 12:23 PM
> > > To: Windows System Software Devs Interest List
> > > Subject: Re: [ntdev] Kernel debug in Windbg using tcp - is it
> > possible?
> > >
> > > Also, to be able to access a struct member using C-style syntax would
> > be
> > > good.
> > >
> > > print struct_ptr->member
> > >
> > > Beverly
> > >
> > > On 1/17/07, Beverly Brown wrote:
> > > > What I would like to see improved about Windbg:
> > > >
> > > > I would like to cast an address to a structure and display it
> > C-style
> > > > the way gdb works
> > > >
> > > > print *(SOME_STRUCT *)struct_ptr
> > > >
> > > > would cast struct_ptr to SOME_STRUCT * and print its contents member
> > > > by member. dt gets you there in a roundabout way but this is much
> > more
> > > > intuitive IMO. (and I am NOT a Linux fan!)
> > > >
> > > > Beverly
> > > >
> > > > On 1/17/07, Peter Wieland wrote:
> > > > > Ah - I love conspiracy theory Tuesdays. I console myself with the
> > > > > knowledge that if we did charge for WinDBG or if we had ever
> > > supported
> > > > > single machine debugging that an equal number of theories about
> > how
> > > it
> > > > > was a plot by MS to increase (something) would abound.
> > > > >
> > > > >
> > > > > I would be interested in a list of features that SoftICE had that
> > > made
> > > > > it more useful than WinDBG aside from single-machine support.
> > > Better
> > > > > disassemble? Better breakpoint support? Better single step
> > > ability?
> > > > > Better functionality without symbols?
> > > > >
> > > > > Ethernet support sounds like one thing. Did it work with any
> > > Ethernet
> > > > > controller, or just one or two? Was there any security on it?
> > > > >
> > > > > I suspect I can search the archive to find this in bits and pieces
> > -
> > > did
> > > > > anyone ever make an exhaustive list?
> > > > >
> > > > > -p
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: xxxxx@lists.osr.com
> > > > > [mailto:xxxxx@lists.osr.com] On Behalf Of Michal
> > > Vodicka
> > > > > Sent: Tuesday, January 16, 2007 6:41 PM
> > > > > To: Windows System Software Devs Interest List
> > > > > Subject: RE: [ntdev] Kernel debug in Windbg using tcp - is it
> > > possible?
> > > > >
> > > > > > ----------
> > > > > > From:
> > > > >
> > >
> > xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com
> > > > >] on behalf of Martin O'Brien[SMTP:xxxxx@evitechnology.com]
> > > > > > Reply To: Windows System Software Devs Interest List
> > > > > > Sent: Wednesday, January 17, 2007 3:10 AM
> > > > > > To: Windows System Software Devs Interest List
> > > > > > Subject: RE: [ntdev] Kernel debug in Windbg using tcp - is
> > it
> > > > > possible?
> > > > > >
> > > > > > I hear you Michal. I just posted, but the long and short in my
> > > > > opinion,
> > > > > > is that SI committed suicide by abusive marketing practice, and,
> > > while
> > > > > > SI definitely had its issues (although I used the ethernet
> > > transport
> > > > > for
> > > > > > years), I think it is a reasonable question to ask how much of a
> > > > > WinDbg
> > > > > > lovefest there would people if people had to pay for it.
> > > > > >
> > > > > I agree with both suicide and WinDbg price. It isn't so long the
> > > main
> > > > > argument of WinDbg advocates here was no fee.
> > > > >
> > > > > Well, I didn't want to awake old SI versus WinDbg thread. The game
> > > is
> > > > > over. I wonder if MS developers aren't able to do what NuMega did
> > or
> > > if
> > > > > the necessity to have two computers is the intention. SI was
> > widely
> > > used
> > > > > as hackers' tool mainly because of its one-machine debugging
> > > abilities.
> > > > > Or maybe they don't care. With access to OS sources they don't
> > need
> > > a
> > > > > tool which helps with reverse engineering and they got used to two
> > > > > machines setup.
> > > > >
> > > > > Best regards,
> > > > >
> > > > > Michal Vodicka
> > > > > UPEK, Inc.
> > > > > [xxxxx@upek.com, http://www.upek.com]
> > > > >
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > ---
> > > > > Questions? First check the Kernel Driver FAQ at
> > > > > http://www.osronline.com/article.cfm?id=256
> > > > >
> > > > > To unsubscribe, visit the List Server section of OSR Online at
> > > > > http://www.osronline.com/page.cfm?name=ListServer
> > > > >
> > > > >
> > > > > ---
> > > > > Questions? First check the Kernel Driver FAQ at
> > > http://www.osronline.com/article.cfm?id=256
> > > > >
> > > > > To unsubscribe, visit the List Server section of OSR Online at
> > > http://www.osronline.com/page.cfm?name=ListServer
> > > > >
> > > >
> > >
> > > ---
> > > Questions? First check the Kernel Driver FAQ at
> > > http://www.osronline.com/article.cfm?id=256
> > >
> > > To unsubscribe, visit the List Server section of OSR Online at
> > > http://www.osronline.com/page.cfm?name=ListServer
> > >
> > > ---
> > > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> > >
> > > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
> > >
> >
> > ---
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
> >
> > ---
> > Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
> >
> > To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
> >
>
> ---
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>
> ---
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>

It works the same way, dt foo member->ptr->bar

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Beverly Brown
Sent: Wednesday, January 17, 2007 2:08 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Kernel debug in Windbg using tcp - is it possible?

That is not intuitive. I thought the first arg was a type.

So what if it wasn’t a pointer? What if it was a struct and I wanted to
print

foo.member->ptr->bar

Beverly

On 1/17/07, Doron Holan wrote:
> That is what I gave you
>
> dt ptr member.another_ptr->foo
>
> no type info, just the symbol by name and then the underlying “C”
> statement to get at the right field.
>
> Look at the -a flag for dt to look at dumping arrays.
>
> d
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Beverly Brown
> Sent: Wednesday, January 17, 2007 1:24 PM
> To: Windows System Software Devs Interest List
> Subject: Re: [ntdev] Kernel debug in Windbg using tcp - is it
possible?
>
> But it’s still not very intuitive. What exactly is of type Foo in that
> example? Is it Field? Why do I have to tell it the type? Doesn’t the
> debugger already know?
>
> What I want is this:
>
> My source code has a pointer in it whose symbolic name is ptr. It is
> declared to be a pointer to a struct of type FOO like so:
>
> FOO *ptr.
>
> I want to refer to one of its members with a command like this
>
> print ptr->member.another_ptr->foo
>
> without having to give it any type information. The debugger should
> already know that from the symbols. (It knows it in the locals window)
> This is useful for accessing things that aren’t displayed easily in
> the locals window (like linked-lists). I realize windbg has a way to
> display linked lists, but it is not intuitive and I can never remember
> how to do it. Or if ptr is an array, but the debugger cannot know how
> big it is because it was dynamically allocated (and therefore can only
> show the first element in the locals window), I’d like to say
>
> print ptr[3] or print (ptr+3)
>
> For casting I certainly wouldn’t have guessed that you could use ?? to
> use C-style syntax. Again, not intuitive. The last time I looked up
> how to do this, there were some very unintuitive things you had to do
> with pointers and such (and I could never remember what they were or
> what the rules were for using them) for asm-style vs C-style in order
> to cast and display variables. (Using ?? is pretty unintuitive, too,
> BTW. Why is that necessary? Is that the command or a prefix?).
>
> Beverly
>
> On 1/17/07, Doron Holan wrote:
> > dt does that
> >
> > dt Foo Field->Struct.Blah
> >
> > as for the casting, you can use ?? to do it, e.g. ?? ((foo) ptr)
> >
> > d
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf Of Beverly
Brown
> > Sent: Wednesday, January 17, 2007 12:23 PM
> > To: Windows System Software Devs Interest List
> > Subject: Re: [ntdev] Kernel debug in Windbg using tcp - is it
> possible?
> >
> > Also, to be able to access a struct member using C-style syntax
would
> be
> > good.
> >
> > print struct_ptr->member
> >
> > Beverly
> >
> > On 1/17/07, Beverly Brown wrote:
> > > What I would like to see improved about Windbg:
> > >
> > > I would like to cast an address to a structure and display it
> C-style
> > > the way gdb works
> > >
> > > print *(SOME_STRUCT *)struct_ptr
> > >
> > > would cast struct_ptr to SOME_STRUCT * and print its contents
member
> > > by member. dt gets you there in a roundabout way but this is much
> more
> > > intuitive IMO. (and I am NOT a Linux fan!)
> > >
> > > Beverly
> > >
> > > On 1/17/07, Peter Wieland wrote:
> > > > Ah - I love conspiracy theory Tuesdays. I console myself with
the
> > > > knowledge that if we did charge for WinDBG or if we had ever
> > supported
> > > > single machine debugging that an equal number of theories about
> how
> > it
> > > > was a plot by MS to increase (something) would abound.
> > > >
> > > >
> > > > I would be interested in a list of features that SoftICE had
that
> > made
> > > > it more useful than WinDBG aside from single-machine support.
> > Better
> > > > disassemble? Better breakpoint support? Better single step
> > ability?
> > > > Better functionality without symbols?
> > > >
> > > > Ethernet support sounds like one thing. Did it work with any
> > Ethernet
> > > > controller, or just one or two? Was there any security on it?
> > > >
> > > > I suspect I can search the archive to find this in bits and
pieces
> -
> > did
> > > > anyone ever make an exhaustive list?
> > > >
> > > > -p
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: xxxxx@lists.osr.com
> > > > [mailto:xxxxx@lists.osr.com] On Behalf Of Michal
> > Vodicka
> > > > Sent: Tuesday, January 16, 2007 6:41 PM
> > > > To: Windows System Software Devs Interest List
> > > > Subject: RE: [ntdev] Kernel debug in Windbg using tcp - is it
> > possible?
> > > >
> > > > > ----------
> > > > > From:
> > > >
> >
>
xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com
> > > >] on behalf of Martin O’Brien[SMTP:xxxxx@evitechnology.com]
> > > > > Reply To: Windows System Software Devs Interest List
> > > > > Sent: Wednesday, January 17, 2007 3:10 AM
> > > > > To: Windows System Software Devs Interest List
> > > > > Subject: RE: [ntdev] Kernel debug in Windbg using tcp -
is
> it
> > > > possible?
> > > > >
> > > > > I hear you Michal. I just posted, but the long and short in
my
> > > > opinion,
> > > > > is that SI committed suicide by abusive marketing practice,
and,
> > while
> > > > > SI definitely had its issues (although I used the ethernet
> > transport
> > > > for
> > > > > years), I think it is a reasonable question to ask how much of
a
> > > > WinDbg
> > > > > lovefest there would people if people had to pay for it.
> > > > >
> > > > I agree with both suicide and WinDbg price. It isn’t so long the
> > main
> > > > argument of WinDbg advocates here was no fee.
> > > >
> > > > Well, I didn’t want to awake old SI versus WinDbg thread. The
game
> > is
> > > > over. I wonder if MS developers aren’t able to do what NuMega
did
> or
> > if
> > > > the necessity to have two computers is the intention. SI was
> widely
> > used
> > > > as hackers’ tool mainly because of its one-machine debugging
> > abilities.
> > > > Or maybe they don’t care. With access to OS sources they don’t
> need
> > a
> > > > tool which helps with reverse engineering and they got used to
two
> > > > machines setup.
> > > >
> > > > Best regards,
> > > >
> > > > Michal Vodicka
> > > > UPEK, Inc.
> > > > [xxxxx@upek.com, http://www.upek.com]
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > —
> > > > Questions? First check the Kernel Driver FAQ at
> > > > http://www.osronline.com/article.cfm?id=256
> > > >
> > > > To unsubscribe, visit the List Server section of OSR Online at
> > > > http://www.osronline.com/page.cfm?name=ListServer
> > > >
> > > >
> > > > —
> > > > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> > > >
> > > > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
> > > >
> > >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
> >
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Dt [field]

Pointers don’t have fields, so dt will dereference them for you.

-p

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Beverly Brown
Sent: Wednesday, January 17, 2007 2:08 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Kernel debug in Windbg using tcp - is it possible?

That is not intuitive. I thought the first arg was a type.

So what if it wasn’t a pointer? What if it was a struct and I wanted to
print

foo.member->ptr->bar

Beverly

On 1/17/07, Doron Holan wrote:
> That is what I gave you
>
> dt ptr member.another_ptr->foo
>
> no type info, just the symbol by name and then the underlying “C”
> statement to get at the right field.
>
> Look at the -a flag for dt to look at dumping arrays.
>
> d
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Beverly Brown
> Sent: Wednesday, January 17, 2007 1:24 PM
> To: Windows System Software Devs Interest List
> Subject: Re: [ntdev] Kernel debug in Windbg using tcp - is it
possible?
>
> But it’s still not very intuitive. What exactly is of type Foo in that
> example? Is it Field? Why do I have to tell it the type? Doesn’t the
> debugger already know?
>
> What I want is this:
>
> My source code has a pointer in it whose symbolic name is ptr. It is
> declared to be a pointer to a struct of type FOO like so:
>
> FOO *ptr.
>
> I want to refer to one of its members with a command like this
>
> print ptr->member.another_ptr->foo
>
> without having to give it any type information. The debugger should
> already know that from the symbols. (It knows it in the locals window)
> This is useful for accessing things that aren’t displayed easily in
> the locals window (like linked-lists). I realize windbg has a way to
> display linked lists, but it is not intuitive and I can never remember
> how to do it. Or if ptr is an array, but the debugger cannot know how
> big it is because it was dynamically allocated (and therefore can only
> show the first element in the locals window), I’d like to say
>
> print ptr[3] or print (ptr+3)
>
> For casting I certainly wouldn’t have guessed that you could use ?? to
> use C-style syntax. Again, not intuitive. The last time I looked up
> how to do this, there were some very unintuitive things you had to do
> with pointers and such (and I could never remember what they were or
> what the rules were for using them) for asm-style vs C-style in order
> to cast and display variables. (Using ?? is pretty unintuitive, too,
> BTW. Why is that necessary? Is that the command or a prefix?).
>
> Beverly
>
> On 1/17/07, Doron Holan wrote:
> > dt does that
> >
> > dt Foo Field->Struct.Blah
> >
> > as for the casting, you can use ?? to do it, e.g. ?? ((foo) ptr)
> >
> > d
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On Behalf Of Beverly
Brown
> > Sent: Wednesday, January 17, 2007 12:23 PM
> > To: Windows System Software Devs Interest List
> > Subject: Re: [ntdev] Kernel debug in Windbg using tcp - is it
> possible?
> >
> > Also, to be able to access a struct member using C-style syntax
would
> be
> > good.
> >
> > print struct_ptr->member
> >
> > Beverly
> >
> > On 1/17/07, Beverly Brown wrote:
> > > What I would like to see improved about Windbg:
> > >
> > > I would like to cast an address to a structure and display it
> C-style
> > > the way gdb works
> > >
> > > print *(SOME_STRUCT *)struct_ptr
> > >
> > > would cast struct_ptr to SOME_STRUCT * and print its contents
member
> > > by member. dt gets you there in a roundabout way but this is much
> more
> > > intuitive IMO. (and I am NOT a Linux fan!)
> > >
> > > Beverly
> > >
> > > On 1/17/07, Peter Wieland wrote:
> > > > Ah - I love conspiracy theory Tuesdays. I console myself with
the
> > > > knowledge that if we did charge for WinDBG or if we had ever
> > supported
> > > > single machine debugging that an equal number of theories about
> how
> > it
> > > > was a plot by MS to increase (something) would abound.
> > > >
> > > >
> > > > I would be interested in a list of features that SoftICE had
that
> > made
> > > > it more useful than WinDBG aside from single-machine support.
> > Better
> > > > disassemble? Better breakpoint support? Better single step
> > ability?
> > > > Better functionality without symbols?
> > > >
> > > > Ethernet support sounds like one thing. Did it work with any
> > Ethernet
> > > > controller, or just one or two? Was there any security on it?
> > > >
> > > > I suspect I can search the archive to find this in bits and
pieces
> -
> > did
> > > > anyone ever make an exhaustive list?
> > > >
> > > > -p
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: xxxxx@lists.osr.com
> > > > [mailto:xxxxx@lists.osr.com] On Behalf Of Michal
> > Vodicka
> > > > Sent: Tuesday, January 16, 2007 6:41 PM
> > > > To: Windows System Software Devs Interest List
> > > > Subject: RE: [ntdev] Kernel debug in Windbg using tcp - is it
> > possible?
> > > >
> > > > > ----------
> > > > > From:
> > > >
> >
>
xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com
> > > >] on behalf of Martin O’Brien[SMTP:xxxxx@evitechnology.com]
> > > > > Reply To: Windows System Software Devs Interest List
> > > > > Sent: Wednesday, January 17, 2007 3:10 AM
> > > > > To: Windows System Software Devs Interest List
> > > > > Subject: RE: [ntdev] Kernel debug in Windbg using tcp -
is
> it
> > > > possible?
> > > > >
> > > > > I hear you Michal. I just posted, but the long and short in
my
> > > > opinion,
> > > > > is that SI committed suicide by abusive marketing practice,
and,
> > while
> > > > > SI definitely had its issues (although I used the ethernet
> > transport
> > > > for
> > > > > years), I think it is a reasonable question to ask how much of
a
> > > > WinDbg
> > > > > lovefest there would people if people had to pay for it.
> > > > >
> > > > I agree with both suicide and WinDbg price. It isn’t so long the
> > main
> > > > argument of WinDbg advocates here was no fee.
> > > >
> > > > Well, I didn’t want to awake old SI versus WinDbg thread. The
game
> > is
> > > > over. I wonder if MS developers aren’t able to do what NuMega
did
> or
> > if
> > > > the necessity to have two computers is the intention. SI was
> widely
> > used
> > > > as hackers’ tool mainly because of its one-machine debugging
> > abilities.
> > > > Or maybe they don’t care. With access to OS sources they don’t
> need
> > a
> > > > tool which helps with reverse engineering and they got used to
two
> > > > machines setup.
> > > >
> > > > Best regards,
> > > >
> > > > Michal Vodicka
> > > > UPEK, Inc.
> > > > [xxxxx@upek.com, http://www.upek.com]
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > —
> > > > Questions? First check the Kernel Driver FAQ at
> > > > http://www.osronline.com/article.cfm?id=256
> > > >
> > > > To unsubscribe, visit the List Server section of OSR Online at
> > > > http://www.osronline.com/page.cfm?name=ListServer
> > > >
> > > >
> > > > —
> > > > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> > > >
> > > > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
> > > >
> > >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
> >
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Funny you should say that. I have been trying to convince my employeer
to inquire as to what that arrangement might cost. They, very cleverly,
said “it’s too expensive,” without researching anything. The irony of
this being that they pay me to RE stuff.

mm

>> xxxxx@upek.com 2007-01-17 15:57 >>>

From:
xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com]
on behalf of Martin O’Brien[SMTP:xxxxx@evitechnology.com]
Reply To: Windows System Software Devs Interest List
Sent: Wednesday, January 17, 2007 7:56 PM
To: Windows System Software Devs Interest List
Subject: Fwd: RE: [ntdev] Kernel debug in Windbg using tcp - is
it possible?

Speaking of Compuware, SoftICE and abusive marketing practices, did
anyone else get a call or e-mail today or recently from a rep
offering
you, as a valued customer, the right to purchase a license for
DriverStudio with no future, no support, et. c. for 60% of retail,
which
I think comes to around $1100? If not consider yourself lucky, as
this
is one of the worse things of this type that I have heard of in a
long
time.

I’d consider it if it contains complete source code

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

---

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

> > In fact, stepping through code the first time it’s executed can
catch

> bugs that wouldn’t show up otherwise until sometime later in the
> development/test cycle, or worse, in the end user’s system.
>

This is job for static analysis tools and mainly for asserts. It is
much
more efficient than stepping through code.

Static analysis is based on certain known rules. It’s not going to help
if my code doesn’t break these rules.

I used to write an E&M solver to numerically obtain the time domain
solution for partial differential equations derived from the Maxwell’s
Equations given arbitrary initial values and boundary conditions under
sinusoidal excitation. It would take hours to find the solution
depending on how complicated the circuit components are geometrically
shaped and physically arranged. I found single stepping and break
pointing are most efficient ways to debug such program.

Once a while, I heard “single stepping is there for inexperienced”, or
“real programmer doesn’t need a debugger”. I disagree. However, I do
agree that in many cases, tracing can be more efficient.

Calvin Guan (DDK MVP)
Sr. Staff Engineer
NetXtreme NTX Miniport
Broadcom Corporation
Connecting Everything(r)

Beverly Brown wrote:

What I would like to see improved about Windbg:

Wouldn’t this be better posted on the WinDbg mailing list? I know the
WinDbg developer/s actually read/s that quite frequently.

Cheers,

/ h+

Yes, but it was a reply to a question from Peter W., so I replied where he
asked the question.

Beverly

----- Original Message -----
From: “Jon Watte”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, January 17, 2007 8:17 PM
Subject: Re: [ntdev] Kernel debug in Windbg using tcp - is it possible?

>
>
> Beverly Brown wrote:
>> What I would like to see improved about Windbg:
>>
>
> Wouldn’t this be better posted on the WinDbg mailing list? I know the
> WinDbg developer/s actually read/s that quite frequently.
>
> Cheers,
>
> / h+
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer

> ----------

From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Calvin (Hao) Guan[SMTP:xxxxx@broadcom.com]
Reply To: Windows System Software Devs Interest List
Sent: Thursday, January 18, 2007 1:20 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Kernel debug in Windbg using tcp - is it possible?

Static analysis is based on certain known rules. It’s not going to help
if my code doesn’t break these rules.

Sure but nobody is perfect and static analysis tool helps to find “logical typos” early. They’re limited but if configured properly, they can eliminate many bugs which could be found by single stepping.

I used to write an E&M solver to numerically obtain the time domain
solution for partial differential equations derived from the Maxwell’s
Equations given arbitrary initial values and boundary conditions under
sinusoidal excitation. It would take hours to find the solution
depending on how complicated the circuit components are geometrically
shaped and physically arranged. I found single stepping and break
pointing are most efficient ways to debug such program.

Wasn’t is because you didn’t write traces with the code? It traces aren’t on place before debugging is started, single stepping can be more efficient in that moment than adding necessary traces.

In my experience, with good traces and asserts any algorithm can be debugged very efficiently.

Once a while, I heard “single stepping is there for inexperienced”, or
“real programmer doesn’t need a debugger”. I disagree. However, I do
agree that in many cases, tracing can be more efficient.

In my experience single stepping is mainly used by inexperienced programmers because quickly helps them to find errors in their code. With more experience they tend to make less such errors and need to debug more complicated scenarios where single stepping is just time waste.

I’m not against debuggers at all. Strategically placed breakpoint can save a lot of time, sometimes. Debuggers are helpful for reverse engineering which is unfortunately necessary for driver development. Traces have other advantages but they have to be adopted by developers. For this purpose, it is necessary to have good infrastructure at first (I mean traces implementation and the way how to control them in runtime and no, ETW isn’t a good one). Second, developers have to be persuaded traces have to be written regularly and immediatelly so they’re integral part of code and not just a tool to solve immediate problem. Fortunately, I was already able to persuade my coworkers to do this and traces became mandatory for the last projects. My main point is traces aren’t there only for them but also for others. If any problem occurs, anybody can enable traces and quickly find what fails. And traces can be used by QA or even customer and developer doesn’t need to waste time reproducing problem at his machine (which can be impossible).

With single stepping you always start from the beginning. Good traces, once written, are always available.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

> ----------

From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Beverly Brown[SMTP:xxxxx@gmail.com]
Reply To: Windows System Software Devs Interest List
Sent: Wednesday, January 17, 2007 11:49 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] Kernel debug in Windbg using tcp - is it possible?

> If code is written reasonably, you don’t need to add traces just for debugging. They should be already there.

There is a difference between standard traces and print statments for
more specific things that you need to look at for just one bug and
then need to remember to remove.

No, good traces doesn’t need to be removed. They’re written with the code and stay there forever. Everything you need is to correctly set debug levels so you can enable standard level to see code flow and more detailed output for selected part of code you just debug. It of course presumes some experience so you don’t need to trace results of (i += 2) like expressions

Well if you can’t use a debugger, you go with what you have available.
But you learn an awful lot (more?) through a debugger as well and in
much less time.

Yes, but experienced programmer shouldn’t need this kind of learning. That’s why I tend to say debuggers are mainly for beginners

Traces are very helpful, but I have found that they don’t always
provide quite enough information when a bug shows itself.

Yes, they allow to quickly find where problem occurs. Next steps depends on the kind of problem. Assert or breakpoint and debugger can help in this situation. Several times I just invoked a bugcheck when a problem was detected and solved problem by crashdump analysis. Useful approach when problem occurs at the customer machine on the other side of the world (usual case and you can’t afford to give customer many versions of software to test. Anyway, traces was always the first step in all these cases.

Static analysis tools are great but they don’t cover everything. I
agree that asserts are important, but asserts work better if you use
them in conjunction with a debugger. Not only do you see that
something happened that you didn’t expect, you can see why by
examining other variables, stack, etc while still in context.

I’d agree but it presumes a debugger is available. Which is quite uncommon for me, I’m usually happy when have a dump to analyse.

Of course, if you are doing real-time work, you can’t meaningfully
step through code. If you are doing a lot of real-time work, I can see
why use of a debugger would be less useful to you than printf’s.

It is just debugging style. I started with traces for real time problems debugging, then for firmware where debugger was just a bad joke (surpisingly, there are even worse things than old windbag was) and then found them useful for all kind of development even where a debugger can be easily available. They’re simply more efficient. Few days before I found my DS licence expired year before; I haven’t used it for whole time. And I noticed it only because needed to install SI at new machine to examine how some semi-documented native API really behaves.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

I know engineers love to argue, but this is ridiculous. I can’t belive this thread has become a “debuggers vs. printfs” argument. Puh-leeze. Do whatever it takes to drive your code to quality. Hell, some of the best debugging I’ve done has been with a print-out and a red pen, a cup of coffee, and not a computer in sight.

I expect any competent engineer to have a strong working knowledge of the debugger(s) that apply to the environment they work in. And I expect them to build components with good tracing, internal asserts, etc. They are all different approaches to the same goal, quality.

If you like tracing, fine, go for it. But I have found interactive debuggers to be an incredibly powerful tool for investigating what was *not* anticipated at design-time, and therefore doesn’t have prints / asserts / whatever.

Do engineers in other professions waste as much breath on stuff like this? Do civil engineers argue about whether they should load test their bridges *OR* use finite element analysis? For some weird reason, programming often seems to be more aesthetics than engineering.

---

From: xxxxx@lists.osr.com [xxxxx@lists.osr.com] On Behalf Of Michal Vodicka [xxxxx@upek.com]
Sent: Wednesday, January 17, 2007 7:30 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Kernel debug in Windbg using tcp - is it possible?

---

From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Calvin (Hao) Guan[SMTP:xxxxx@broadcom.com]
Reply To: Windows System Software Devs Interest List
Sent: Thursday, January 18, 2007 1:20 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Kernel debug in Windbg using tcp - is it possible?

Static analysis is based on certain known rules. It’s not going to help
if my code doesn’t break these rules.

Sure but nobody is perfect and static analysis tool helps to find “logical typos” early. They’re limited but if configured properly, they can eliminate many bugs which could be found by single stepping.

I used to write an E&M solver to numerically obtain the time domain
solution for partial differential equations derived from the Maxwell’s
Equations given arbitrary initial values and boundary conditions under
sinusoidal excitation. It would take hours to find the solution
depending on how complicated the circuit components are geometrically
shaped and physically arranged. I found single stepping and break
pointing are most efficient ways to debug such program.

Wasn’t is because you didn’t write traces with the code? It traces aren’t on place before debugging is started, single stepping can be more efficient in that moment than adding necessary traces.

In my experience, with good traces and asserts any algorithm can be debugged very efficiently.

Once a while, I heard “single stepping is there for inexperienced”, or
“real programmer doesn’t need a debugger”. I disagree. However, I do
agree that in many cases, tracing can be more efficient.

In my experience single stepping is mainly used by inexperienced programmers because quickly helps them to find errors in their code. With more experience they tend to make less such errors and need to debug more complicated scenarios where single stepping is just time waste.

I’m not against debuggers at all. Strategically placed breakpoint can save a lot of time, sometimes. Debuggers are helpful for reverse engineering which is unfortunately necessary for driver development. Traces have other advantages but they have to be adopted by developers. For this purpose, it is necessary to have good infrastructure at first (I mean traces implementation and the way how to control them in runtime and no, ETW isn’t a good one). Second, developers have to be persuaded traces have to be written regularly and immediatelly so they’re integral part of code and not just a tool to solve immediate problem. Fortunately, I was already able to persuade my coworkers to do this and traces became mandatory for the last projects. My main point is traces aren’t there only for them but also for others. If any problem occurs, anybody can enable traces and quickly find what fails. And traces can be used by QA or even customer and developer doesn’t need to waste time reproducing problem at his machine (which can be impossible).

With single stepping you always start from the beginning. Good traces, once written, are always available.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

---

Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

> What I would like to see improved about Windbg:

I would like to cast an address to a structure and display it C-style
the way gdb works

print *(SOME_STRUCT *)struct_ptr

In WinDbg:

dt _STRUCT_TYPE AddressValue

–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

Is it only me, or are others also experiencing the speed of a 1394
connection inferior to a 115200 Rs-232 connection when it traces
DebugOuts ( on a MP target)?

Norbert.

“Madness is a relative state of mind. Who is to say which of us is
crazy.”
---- snip ----

“Michal Vodicka” wrote:

Personally, I have no problem with WinDbg command line.
It should have more intelligent history and completion as
SI or 4NT have but it is generally useful.

I’m not familiar with SI. What would you like to see improved
in windbg’s command completion?

Uh…

I feel better now… I thought I was the only one printing the code of a
function, or a trace of a driver, and then analyzing it with a red pen in
search of stupid things or the value of a byte that “stinks”.

Just my two cents…
GV

----- Original Message -----
From: “Arlie Davis”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, January 17, 2007 9:15 PM
Subject: RE: [ntdev] Kernel debug in Windbg using tcp - is it possible?

I know engineers love to argue, but this is ridiculous. I can’t belive this
thread has become a “debuggers vs. printfs” argument. Puh-leeze. Do
whatever it takes to drive your code to quality. Hell, some of the best
debugging I’ve done has been with a print-out and a red pen, a cup of
coffee, and not a computer in sight.

I expect any competent engineer to have a strong working knowledge of the
debugger(s) that apply to the environment they work in. And I expect them
to build components with good tracing, internal asserts, etc. They are all
different approaches to the same goal, quality.

If you like tracing, fine, go for it. But I have found interactive
debuggers to be an incredibly powerful tool for investigating what was not
anticipated at design-time, and therefore doesn’t have prints / asserts /
whatever.

Do engineers in other professions waste as much breath on stuff like this?
Do civil engineers argue about whether they should load test their bridges
OR use finite element analysis? For some weird reason, programming often
seems to be more aesthetics than engineering.

________________________________________
From: xxxxx@lists.osr.com [xxxxx@lists.osr.com]
On Behalf Of Michal Vodicka [xxxxx@upek.com]
Sent: Wednesday, January 17, 2007 7:30 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Kernel debug in Windbg using tcp - is it possible?

> ----------
> From:
> xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com]
> on behalf of Calvin (Hao) Guan[SMTP:xxxxx@broadcom.com]
> Reply To: Windows System Software Devs Interest List
> Sent: Thursday, January 18, 2007 1:20 AM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] Kernel debug in Windbg using tcp - is it
> possible?
>
> Static analysis is based on certain known rules. It’s not going to help
> if my code doesn’t break these rules.
>
Sure but nobody is perfect and static analysis tool helps to find “logical
typos” early. They’re limited but if configured properly, they can eliminate
many bugs which could be found by single stepping.

> I used to write an E&M solver to numerically obtain the time domain
> solution for partial differential equations derived from the Maxwell’s
> Equations given arbitrary initial values and boundary conditions under
> sinusoidal excitation. It would take hours to find the solution
> depending on how complicated the circuit components are geometrically
> shaped and physically arranged. I found single stepping and break
> pointing are most efficient ways to debug such program.
>
Wasn’t is because you didn’t write traces with the code? It traces aren’t on
place before debugging is started, single stepping can be more efficient in
that moment than adding necessary traces.

In my experience, with good traces and asserts any algorithm can be debugged
very efficiently.

> Once a while, I heard “single stepping is there for inexperienced”, or
> “real programmer doesn’t need a debugger”. I disagree. However, I do
> agree that in many cases, tracing can be more efficient.
>
In my experience single stepping is mainly used by inexperienced programmers
because quickly helps them to find errors in their code. With more
experience they tend to make less such errors and need to debug more
complicated scenarios where single stepping is just time waste.

I’m not against debuggers at all. Strategically placed breakpoint can save a
lot of time, sometimes. Debuggers are helpful for reverse engineering which
is unfortunately necessary for driver development. Traces have other
advantages but they have to be adopted by developers. For this purpose, it
is necessary to have good infrastructure at first (I mean traces
implementation and the way how to control them in runtime and no, ETW isn’t
a good one). Second, developers have to be persuaded traces have to be
written regularly and immediatelly so they’re integral part of code and not
just a tool to solve immediate problem. Fortunately, I was already able to
persuade my coworkers to do this and traces became mandatory for the last
projects. My main point is traces aren’t there only for them but also for
others. If any problem occurs, anybody can enable traces and quickly find
what fails. And traces can be used by QA or even customer and developer
doesn’t need to waste time reproducing problem at his machine (which can be
impossible).

With single stepping you always start from the beginning. Good traces, once
written, are always available.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

>
>
>

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

It might be just you ;). A 1394 debugger session has always beaten the
tar out of a serial connection (at any speed) I have ever run.

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Norbert Kawulski
Sent: Wednesday, January 17, 2007 11:58 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Kernel debug in Windbg using tcp - is it possible?

Is it only me, or are others also experiencing the speed of a 1394
connection inferior to a 115200 Rs-232 connection when it traces
DebugOuts ( on a MP target)?

Norbert.

“Madness is a relative state of mind. Who is to say which of us is
crazy.”
---- snip ----

---

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Known “issue”. Workaround is boot with /onecpu. Been discussed on
windbg. And that’s where the rest of this thread belongs, anyway.

Phil

Philip D. Barila
Seagate Technology LLC
(720) 684-1842

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Norbert Kawulski

Sent: Thursday, January 18, 2007 12:58 AM
To: “Windows System Software Devs Interest List”
Subject: Re:[ntdev] Kernel debug in Windbg using tcp - is it possible?

Is it only me, or are others also experiencing the speed of a 1394
connection inferior to a 115200 Rs-232 connection when it traces
DebugOuts ( on a MP target)?

Norbert.
--------
“Madness is a relative state of mind. Who is to say which of us is
crazy.”

Pavel Lebedinsky wrote:

“Michal Vodicka” wrote:

> Personally, I have no problem with WinDbg command line.
> It should have more intelligent history and completion as
> SI or 4NT have but it is generally useful.
>

I’m not familiar with SI. What would you like to see improved
in windbg’s command completion?

SI had real-time command completion. As you typed each letter, it
showed you the list of possible commands that you might be typing. When
the command was unique, it showed you a one-line usage hint.

If nothing else, this was of great benefit for accidentally discovering
useful commands. I would sometimes just type “a”, then backspace and
“b”, then backspace and “c”, just to see the complete list of available
commands.

Now, that was possible in SI because they had a screen-oriented GUI.
WinDbg, being essentially a command-line app, doesn’t really have a way
to do that. But I, for one, would never have had a clue that the rather
un-mnemonic “sxeld” command existed had I not read it in a post earlier
today.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Arlie Davis wrote:

I know engineers love to argue, but this is ridiculous.
…
Do engineers in other professions waste as much breath on stuff like this? Do civil engineers argue about whether they should load test their bridges *OR* use finite element analysis?

Heck, yes. I’m surprised you wouldn’t expect this. The more technical
the forum, the more minute the disagreements. I could forward to you
the 20-message thread from my clarinet mailing list debating exactly
what grit of sandpaper is most appropriate for final adjustment of
commercially prepared reeds, or the even longer thread debating
onion-skin pads vs kid leather pads. Now, THOSE are vitally important
issues.

Be happy that we aren’t debating spaces vs hard tabs. I know the
correct answer, of course.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.