How to create stub windbg sessions!?

Hello all,

I am currently using Windbg to remote debug a Windows service via TCP.
To help debug the service at startup, I’ve followed the instructions
here (http://support.microsoft.com/kb/824344). These instructions
guide me on how to attach the debugger on the local machine on service
startup. These instructions work great! However, I’d like to debug
this service on startup “remotely”.

So, I was wondering if it is possible to attach to an already running
Windbg session? I would like to have the debugged machine continue
operating the way it is right now (each time my service starts, Windbg
catches it), but now I would like from the remote machine to attach to
that windbg session.

Note that on the debugged machine, I already have dbgsrv.exe running
and I could attach to processes successfully (just not the service
that is being debugged locally).

Thanks,
J

So, let me see if I have this correctly? The problem is that you can’t debug the service using the instructions in the link you provided because you want to attach too early?

If you, have you looked at 'Controlling the user mode debugger from the kernel debugger?"

http://msdn.microsoft.com/en-us/library/cc266367.aspx

I’ve never used windbg to debug a service, so it’s quite possible that there’s a better way to do what you want, but I believe that this will do it.

Good luck,

mm

Have the debugger which is launching with the service start with the ‘-server’ command-line parameter. Then connect to it with windbg’s -remote parameter. Also may be a good idea to have the server use the console debugger (cdb or ntsd), so that there are no popups.

So your IFEO registry setting for the service may be (-server must be the first parameter):
C:\debuggers\cdb -server tcp:port=1234

And you would connect to it with:
C:\debuggers\windbg -remote tcp:port=1234,server=remoteserver

Remember that symbol paths are relative to the debug server (cdb, in the example above), not your remote debugger (windbg, in the example above).

Also note that you’ll only have about 30 seconds to attach the remote debugger and get execution moving, before the SCM will kill the service because it hasn’t responded to the service start. So you may want the IFEO registry setting to contain ‘-g’. ‘-G’ (capitalized) is also useful for service debugging, depending on your desired behavior.

Jason

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jonathon
Sent: Friday, December 18, 2009 5:06 PM
To: Kernel Debugging Interest List
Subject: [windbg] How to create stub windbg sessions!?

Hello all,

I am currently using Windbg to remote debug a Windows service via TCP.
To help debug the service at startup, I’ve followed the instructions here (http://support.microsoft.com/kb/824344). These instructions guide me on how to attach the debugger on the local machine on service startup. These instructions work great! However, I’d like to debug this service on startup “remotely”.

So, I was wondering if it is possible to attach to an already running Windbg session? I would like to have the debugged machine continue operating the way it is right now (each time my service starts, Windbg catches it), but now I would like from the remote machine to attach to that windbg session.

Note that on the debugged machine, I already have dbgsrv.exe running and I could attach to processes successfully (just not the service that is being debugged locally).

Thanks,
J

—
WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Thanks guys for the replies That was very fast!

mm, I was hoping to use a user-level debugger because from my
understanding, the debugger has reduced functionality when debugging a
user-level application from the kernel debugger. Is this accurate?

Jason, I like the idea of using the remote session, but do you know if
there is a way to use remote stubs? Ideally, I’d like the service to
start and it get caught by dbgsrv.exe automatically. Then, I could
connect to the stubs using windbg.exe from my local machine. In my
IFEO command, I tried doing this: “c:\debuggers\dbgsrv.exe”, but that
syntax doesn’t seem to work. I think the command is missing the
connection information (port, etc.). I was thinking about hardcoding
the port information, but it’s possible that multiple instances of my
executable could be running (service spawns off user-session specific
services), which means that the first MyService.exe will be caught by
dbgsrv.exe, but the following instances will give errors that the port
is already in use

Thanks for the help.
J

On Fri, Dec 18, 2009 at 5:24 PM, Jason Shay wrote:
> Have the debugger which is launching with the service start with the ‘-server’ command-line parameter. ?Then connect to it with windbg’s -remote parameter. ?Also may be a good idea to have the server use the console debugger (cdb or ntsd), so that there are no popups.
>
> So your IFEO registry setting for the service may be (-server must be the first parameter):
> ? ? ? ?C:\debuggers\cdb -server tcp:port=1234
>
> And you would connect to it with:
> ? ? ? ?C:\debuggers\windbg -remote tcp:port=1234,server=remoteserver
>
> Remember that symbol paths are relative to the debug server (cdb, in the example above), not your remote debugger (windbg, in the example above).
>
> Also note that you’ll only have about 30 seconds to attach the remote debugger and get execution moving, before the SCM will kill the service because it hasn’t responded to the service start. ?So you may want the IFEO registry setting to contain ‘-g’. ?‘-G’ (capitalized) is also useful for service debugging, depending on your desired behavior.
>
> Jason
>
> -----Original Message-----
> From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jonathon
> Sent: Friday, December 18, 2009 5:06 PM
> To: Kernel Debugging Interest List
> Subject: [windbg] How to create stub windbg sessions!?
>
> Hello all,
>
> I am currently using Windbg to remote debug a Windows service via TCP.
> ?To help debug the service at startup, I’ve followed the instructions here (http://support.microsoft.com/kb/824344). ?These instructions guide me on how to attach the debugger on the local machine on service startup. ?These instructions work great! However, I’d like to debug this service on startup “remotely”.
>
> So, I was wondering if it is possible to attach to an already running Windbg session? ?I would like to have the debugged machine continue operating the way it is right now (each time my service starts, Windbg catches it), but now I would like from the remote machine to attach to that windbg session.
>
> Note that on the debugged machine, I already have dbgsrv.exe running and I could attach to processes successfully (just not the service that is being debugged locally).
>
> Thanks,
> J
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>

Oh, no question about it - Jason’s idea is a lot better.

Good luck,

mm

Not sure about dbgsrv.exe.

But to get IFEO to work with -server with multiple processes of the same name, check out the -server options to specify a port range (http://msdn.microsoft.com/en-us/library/cc266429.aspx). If you get dbgsrv to work with the first process, the same will probably work there too.

I personally use named pipes, where you can specify ‘npipe:pipe=dbg%d’. The %d will turn into the PID of the debugger.

Jason

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jonathon
Sent: Friday, December 18, 2009 6:05 PM
To: Kernel Debugging Interest List
Subject: Re: [windbg] How to create stub windbg sessions!?

Thanks guys for the replies That was very fast!

mm, I was hoping to use a user-level debugger because from my
understanding, the debugger has reduced functionality when debugging a
user-level application from the kernel debugger. Is this accurate?

Jason, I like the idea of using the remote session, but do you know if
there is a way to use remote stubs? Ideally, I’d like the service to
start and it get caught by dbgsrv.exe automatically. Then, I could
connect to the stubs using windbg.exe from my local machine. In my
IFEO command, I tried doing this: “c:\debuggers\dbgsrv.exe”, but that
syntax doesn’t seem to work. I think the command is missing the
connection information (port, etc.). I was thinking about hardcoding
the port information, but it’s possible that multiple instances of my
executable could be running (service spawns off user-session specific
services), which means that the first MyService.exe will be caught by
dbgsrv.exe, but the following instances will give errors that the port
is already in use

Thanks for the help.
J

On Fri, Dec 18, 2009 at 5:24 PM, Jason Shay wrote:
> Have the debugger which is launching with the service start with the ‘-server’ command-line parameter. ?Then connect to it with windbg’s -remote parameter. ?Also may be a good idea to have the server use the console debugger (cdb or ntsd), so that there are no popups.
>
> So your IFEO registry setting for the service may be (-server must be the first parameter):
> ? ? ? ?C:\debuggers\cdb -server tcp:port=1234
>
> And you would connect to it with:
> ? ? ? ?C:\debuggers\windbg -remote tcp:port=1234,server=remoteserver
>
> Remember that symbol paths are relative to the debug server (cdb, in the example above), not your remote debugger (windbg, in the example above).
>
> Also note that you’ll only have about 30 seconds to attach the remote debugger and get execution moving, before the SCM will kill the service because it hasn’t responded to the service start. ?So you may want the IFEO registry setting to contain ‘-g’. ?‘-G’ (capitalized) is also useful for service debugging, depending on your desired behavior.
>
> Jason
>
> -----Original Message-----
> From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jonathon
> Sent: Friday, December 18, 2009 5:06 PM
> To: Kernel Debugging Interest List
> Subject: [windbg] How to create stub windbg sessions!?
>
> Hello all,
>
> I am currently using Windbg to remote debug a Windows service via TCP.
> ?To help debug the service at startup, I’ve followed the instructions here (http://support.microsoft.com/kb/824344). ?These instructions guide me on how to attach the debugger on the local machine on service startup. ?These instructions work great! However, I’d like to debug this service on startup “remotely”.
>
> So, I was wondering if it is possible to attach to an already running Windbg session? ?I would like to have the debugged machine continue operating the way it is right now (each time my service starts, Windbg catches it), but now I would like from the remote machine to attach to that windbg session.
>
> Note that on the debugged machine, I already have dbgsrv.exe running and I could attach to processes successfully (just not the service that is being debugged locally).
>
> Thanks,
> J
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>

—
WINDBG is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer