I want to replace Windows core system files with the new one I receivced from MS for test.
And Microsoft staff inform me the way to replace core system files like belows.
1.attach the machine to a kernel debugger
2.add the new *.sys files to %windir%\driver cache\i386
3.then overwrite the test drivers on th %windir%\system32\drivers
That way Windows file protection (WFP) will not replace the *.sys files from the CAB in driver cache. Remember that you should keep the kernel debugger running when you want to do step #3.
On my XP Media Center Edition,
1st: I insert ‘/debug’ option to boot.ini file.
2nd: I exececuted WinDbg and selected ‘Kernel Debug…’ from File menu.
3rd: From popup window, I selected ‘Kernel debugging of the local machine’
4th: And copied *.sys files to ‘Windows\driver cache\i386’ folder
5th: And also copied *.sys files to ‘Windows\system32\drivers’ folder
But After rebooting, system files replaced to the original one.
Please tell me what’s the problem.
Thanks in advance.
I have not tried with XP MCE.
But in XP, XP Pro and W2K I have can booted into safe mode and replaced the free files with checked files, then reboot to continue you debugging session without issues. Make sure you have the right symbols path, for both free and check binaries.
I will recommend replacing just the files that you are interested on, like PCI.SYS, ACPI.SYS, etc. I recommend files for the subsystem that you are having problems
Juan
-----Original Message-----
From: Hee Young Kim [mailto:xxxxx@soundgraph.com]
Sent: Monday, January 20, 2003 11:40 PM
To: Kernel Debugging Interest List
Subject: [windbg] How to replace core system files?
I want to replace Windows core system files with the new one I receivced from MS for test.
And Microsoft staff inform me the way to replace core system files like belows.
1.attach the machine to a kernel debugger
2.add the new *.sys files to %windir%\driver cache\i386
3.then overwrite the test drivers on th %windir%\system32\drivers
That way Windows file protection (WFP) will not replace the *.sys files from the CAB in driver cache. Remember that you should keep the kernel debugger running when you want to do step #3.
On my XP Media Center Edition,
1st: I insert ‘/debug’ option to boot.ini file.
2nd: I exececuted WinDbg and selected ‘Kernel Debug…’ from File menu.
3rd: From popup window, I selected ‘Kernel debugging of the local machine’
4th: And copied *.sys files to ‘Windows\driver cache\i386’ folder
5th: And also copied *.sys files to ‘Windows\system32\drivers’ folder
But After rebooting, system files replaced to the original one.
Please tell me what’s the problem.
Thanks in advance.
b???.???????w[??&j?b???N???zǧu?jy???j???w[??:?b??(??(
“Hee Young Kim” wrote in message
news:xxxxx@windbg…
> I want to replace Windows core system files with the new one I receivced
from MS for test.
> And Microsoft staff inform me the way to replace core system files like
belows.
> ---------------------------------------
> 1.attach the machine to a kernel debugger
> 2.add the new *.sys files to %windir%\driver cache\i386
> 3.then overwrite the test drivers on th %windir%\system32\drivers
> ----
> That way Windows file protection (WFP) will not replace the *.sys files
from the CAB in driver cache. Remember that you should keep the kernel
debugger running when you want to do step #3.
> -----------------------------------------
>
> On my XP Media Center Edition,
> 1st: I insert ‘/debug’ option to boot.ini file.
> 2nd: I exececuted WinDbg and selected ‘Kernel Debug…’ from File menu.
> 3rd: From popup window, I selected ‘Kernel debugging of the local machine’
> 4th: And copied *.sys files to ‘Windows\driver cache\i386’ folder
> 5th: And also copied *.sys files to ‘Windows\system32\drivers’ folder
>
> But After rebooting, system files replaced to the original one.
>
> Please tell me what’s the problem.
>
> Thanks in advance.
>
I’ve successfully replaced disk.sys on a target without overwriting the copy
in driver cache, by turning of SFP with OSR’s SFPControl applet with a
debugger attached. Here’s my recipe:
1) Use two systems. I’ve never tried to do single-system debugging with
Windbg, so I have no experience with it, and can’t begin to guess whether it
will work or not.
2) Run SFP Control, Select SFCDisable Setting: “1 = disabled, prompt at
boot to re-enable”. SFCScan Setting: defaulted to 0, SFCQuota Setting:
defaulted to -1. SFCShowProgress Setting defaulted to 0.
3) Reboot and select the kernel debug entry from the boot menu.
4) After the gui comes up, replace the driver in the drivers directory.
5) Reboot and select the kernel debug entry from the boot menu. Should be
able put a breakpoint on the DriverEntry of the driver you replaced, and if
all your symbols and source are setup correctly, do source-level debugging
of the driver you replaced.
My target system has been booted without the kernel debugger enabled, and
the checked build binaries are still in place.
Hope this helps…
Phil
–
Philip D. Barila
Seagate Technology, LLC
(720) 684-1842
As if I need to say it: Not speaking for Seagate.