Kernel Debugger (for NT Drivers)

Dear Guru;

(Here is the SCENARIO…)
I was trying to make a “Kernel Debugger” program for a Printer Driver (under
Windows NT ver.4.0). Of course, before I would able to test my “Debugger” –
I have to compile it and link it to the actual printer driver. Then execute
the driver to see if my debugger does its task. The problem arises when I
used I/O functions (such as ZwCreateFile, Zw…, NtCreateFile, Nt…,
CloseHandle, etc. especially C standard functions). Everytime I used such
functions, the printer driver itself could not able to print/generate
output. Sometimes, I encountered system crash. Is it really possible to use
file I/O functions when designing a Kernel Debugger? If yes, why I
encountered such problem? – Is there any alternative File I/O functions? If
no, how could I possibly create a log file (since it is a required output of
my Kernel Debugger).

Thanks in advance,
Ricky


Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

All calls wich deal with file IO or memory allocation
dealocation routines are subject to IRQL restrictions.
They can be safely used into a KMD as long as they are
called at PASSIVE_LEVEL. About your standard C
libraries , I hope you did not tryed to use a printf()
of fopen(), malloc() routines , since the standard C
library makes other asumptions of the enviroment in
wich those calls can operate. In fact , if you really
want a C std lid you should always link agains
libcntp.lib wich ships with the DDK and not against
some arbitrary libc.lib from MSVC. This library have
only the std C calls wich are safe to use in kernel
mode. However if your still getting faults form a
memcpy() for example then your code is broken.
About your “debugger” id say forget it. If you realy
want to write one then first please learn NT basic
concepts, since you obiviously miss them. Even if
youll succed to log some things to a file , that not
means you wrote a debugger. You should use debug print
calls to log the things you want to see to debugger
console and keep your life simple. However if you
insist on writing them to a file , then pay atention
to the handles you obtain from ZwCreateFile. You
should reference the object and obtain a pointer to it
then close the handle. Handles are per/process
resources. If you obtained a handle to a file by
calling ZwCreateFile in the context of system process
, this handle is not valid in any other process(Dont
forget to dereference then needed) However , pointers
to objects are. Also , use SEH , since it will save
you of lot of reboots .
And finaly pay attention to IRQL level , you dont want
to try to write to a file from a IRQL > PASSIVE_LEVEL


Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices.
http://auctions.yahoo.com/


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com