Guys,
Michal is right and I stand corrected. My Compuware connection
told me that the issue has been taken care of. Contact their
tech support and they’ll fix the problem for you.
Alberto.
----- Original Message -----
From: “Michal Vodicka”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, June 22, 2005 4:01 PM
Subject: RE: [ntdev] Kernel debugger debugging user mode
application in x64
FYI to clear bad impressions about Visual SoftICE:
It appears to be able to be shutoff with the /DEBUG switch, even
if WinDBG is not run.
Also Visual SoftICE gets around it just fine, if it has the
appropriate OSI data files for the
OS version (available from tech support)
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
> ----------
> From:
> xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com]
> on behalf of Michal Vodicka[SMTP:xxxxx@upek.com]
> Reply To: Windows System Software Devs Interest List
> Sent: Wednesday, June 22, 2005 6:32 AM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] Kernel debugger debugging user mode
> application in x64
>
> Nice:
>
> The x64 versions of Windows also support Microsoft’s
> PatchGuard technology that prevents non-Microsoft originated
> programs from patching the Windows kernel. This technology,
> available only on Windows x64 Editions, prevents kernel mode
> drivers from extending or replacing kernel services including
> system service dispatch tables, the interrupt descriptor table
> (IDT), and the global descriptor table (GDT). Third-party
> software is also prevented from allocating kernel stacks or
> patching any part of the kernel.
>
> Maybe it’ll finally stop NAV from stack switching. On the
> other hand the “non-Microsoft originated programs” part can
> start next antimonopoly case
>
> Can’t it be turned off? For example using boot.ini switch (if
> available at x64). For debugger it’d be enough.
>
> Best regards,
>
> Michal Vodicka
> UPEK, Inc.
> [xxxxx@upek.com, http://www.upek.com]
>
>
> > ----------
> > From:
> > xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com]
> > on behalf of Alberto Moreira[SMTP:xxxxx@ieee.org]
> > Reply To: Windows System Software Devs Interest List
> > Sent: Wednesday, June 22, 2005 5:07 AM
> > To: Windows System Software Devs Interest List
> > Subject: Re: [ntdev] Kernel debugger debugging user mode
> > application in x64
> >
> > Actually, I’ve read the Microsoft web page on it. Well - you
> > get
> > what you pay for, and looks like you’re out of luck. Like,
> > Windbg or bust ? Wallow in it. Dudes, am I glad I don’t deal
> > with that kind of nonsense any longer. But if I were to
> > write a
> > debugger today, I’d make it run as a virtual machine
> > underneath
> > Windows: far from the eyes, far from the heart, you can’t
> > prevent what you don’t know is going on.
> >
> > Alberto.
> >
> >
> > ----- Original Message -----
> > From: “Alberto Moreira”
> > To: “Windows System Software Devs Interest List”
> >
> > Sent: Tuesday, June 21, 2005 11:00 PM
> > Subject: Re: [ntdev] Kernel debugger debugging user mode
> > application in x64
> >
> >
> > > Sorry for the ignorance, what’s PatchGuard ?
> > >
> > > Alberto.
> > >
> > >
> > > ----- Original Message -----
> > > From: “Misha Karpin”
> > > To: “Windows System Software Devs Interest List”
> > >
> > > Sent: Tuesday, June 21, 2005 10:12 AM
> > > Subject: RE: [ntdev] Kernel debugger debugging user mode
> > > application in x64
> > >
> > >
> > >> Alberto,
> > >>
> > >> PatchGuard protects processor IDT modifications so Visual
> > >> SoftIce causes bugcheck in x64 editions of Windows in
> > >> less
> > >> than tree minutes.
> > >>
> > >> Thanks,
> > >> mK
> > >>
> > >> -----Mensaje original-----
> > >> De: xxxxx@lists.osr.com
> > >> [mailto:xxxxx@lists.osr.com] En nombre de
> > >> Alberto Moreira
> > >> Enviado el: sábado, 18 de junio de 2005 2:05
> > >> Para: Windows System Software Devs Interest List
> > >> Asunto: Re: [ntdev] Kernel debugger debugging user mode
> > >> application in x64
> > >>
> > >> Visual SoftICE ?
> > >>
> > >> ----- Original Message -----
> > >> From: “Peter Wieland” >
> > >> To: “Windows System Software Devs Interest List”
> > >>
> > >> Sent: Thursday, June 16, 2005 10:37 AM
> > >> Subject: RE: [ntdev] Kernel debugger debugging user mode
> > >> application in x64
> > >>
> > >>
> > >> .process /I will run the machine forward until some
> > >> thread in
> > >> the process has been scheduled (I don’t know the exact
> > >> algorithm, but it’s something like that).
> > >>
> > >> Debugging user-mode through the kernel debugger still has
> > >> limitations (data could be paged out for example, though
> > >> probably not what the thread is currently using) but it’s
> > >> not
> > >> too bad.
> > >>
> > >> -p
> > >>
> > >> -----Original Message-----
> > >> From: xxxxx@lists.osr.com
> > >> [mailto:xxxxx@lists.osr.com] On Behalf Of
> > >> Misha
> > >> Karpin
> > >> Sent: Thursday, June 16, 2005 12:49 AM
> > >> To: Windows System Software Devs Interest List
> > >> Subject: [ntdev] Kernel debugger debugging user mode >
> > >> application
> > >> in x64
> > >>
> > >> Hi,
> > >>
> > >> I would like to known whether there is any kernel
> > >> debugger
> > >> able
> > >> to debug a user mode application in x64 editions of
> > >> Windows.
> > >>
> > >> Windbg debug user mode applications stopping only the
> > >> debugged
> > >> thread, not the operating system, and Visual Softice
> > >> simply
> > >> doesn´t work due to PatchGuard protection (processor IDT
> > >> modification causes bugcheck
> > >> CRITICAL_STRUCTURE_CORRUPTION
> > >> (109)).
> > >>
> > >> I prefer kernel mode debugging because the user mode
> > >> application
> > >> is an antivirus engine, and it has some time restrictions
> > >> and
> > >> dependences with other components i need to maintain
> > >> unaltered.
> > >>
> > >> Any idea of another kernel debugger or anyone known how
> > >> to
> > >> disallow Visual Softice patching Processor IDT?
> > >>
> > >> Thank you,
> > >> mK
> > >>
> > >>
> > >> FREE pop-up blocking with the new MSN Toolbar - get it
> > >> now!
> > >> http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
> > >>
> > >>
> > >> —
> > >> Questions? First check the Kernel Driver FAQ at
> > >> http://www.osronline.com/article.cfm?id=256
> > >>
> > >> You are currently subscribed to ntdev as:
> > >> xxxxx@windows.microsoft.com To unsubscribe send a
> > >> blank
> > >> email
> > >> to xxxxx@lists.osr.com
> > >>
> > >> —
> > >> Questions? First check the Kernel Driver FAQ at
> > >> http://www.osronline.com/article.cfm?id=256
> > >>
> > >> You are currently subscribed to ntdev as: unknown lmsubst
> > >> tag
> > >> argument: ‘’
> > >> To unsubscribe send a blank email to
> > >> xxxxx@lists.osr.com
> > >>
> > >>
> > >> —
> > >> Questions? First check the Kernel Driver FAQ at
> > >> http://www.osronline.com/article.cfm?id=256
> > >>
> > >> You are currently subscribed to ntdev as:
> > >> xxxxx@pandasoftware.es
> > >> To unsubscribe send a blank email to
> > >> xxxxx@lists.osr.com
> > >>
> > >>
> > >> FREE pop-up blocking with the new MSN Toolbar - get it
> > >> now!
> > >> http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
> > >>
> > >>
> > >> —
> > >> Questions? First check the Kernel Driver FAQ at
> > >> http://www.osronline.com/article.cfm?id=256
> > >>
> > >> You are currently subscribed to ntdev as:
> > >> xxxxx@ieee.org
> > >> To unsubscribe send a blank email to
> > >> xxxxx@lists.osr.com
> > >
> > >
> > > —
> > > Questions? First check the Kernel Driver FAQ at
> > > http://www.osronline.com/article.cfm?id=256
> > >
> > > You are currently subscribed to ntdev as:
> > > xxxxx@ieee.org
> > > To unsubscribe send a blank email to
> > > xxxxx@lists.osr.com
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as:
> > xxxxx@upek.com>
> > To unsubscribe send a blank email to
> > xxxxx@lists.osr.com
> >
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag
> argument: ‘’
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag
argument: ‘’
To unsubscribe send a blank email to
xxxxx@lists.osr.com