Hi all,
I am attempting to do a live debugging(@ local machine) of a File system driver with windbg.
Hope thats possible.
I have set the symbol file path to “System32” and “System32\drivers” directory where the symbol file for the driver is residing along with the system file.
I have also set the source code directory appropriately.
And when i attach to the application , I can see the symbols getting loaded for the dlls in system32 folders that this application uses. However i dont see the symbol files being loaded for the .sys file. I could sense me doing something fundamentally wrong.
An application as such doesnt load any system file which i understand, but how do I debug them ?
Unfortunately, you can’t debug a kernel mode driver using live debugging on the local machine. You’ve got the right idea for the application, but to debug a kernel mode driver, generally you need two machines connected by one of the serial, 1394 or usb transports; however, in your case (a file system driver), you could also use one physical machine with a virtual machine installed on it (VMWare Workstation, Virtual PC).
It sounds like you’re new to kernel mode drivers; if you’re interested in learning more about debugging them, you might want to take a look at the ‘kernel_debugging_tutorial.doc’ document located in the root of your windbg installation.
Good luck,
mm
I was also interested in this ‘kernel_debugging_tutorial.doc’ but it seems that the version that I downloaded does not contain this file (anymore?). It is the newest Debugging Tools for Windows (6.10).
Or does a separate WinDbg installer file exist…Haven’t found such on msdn.
Best regards,
Fabian Cordes
Hi MM,
thanks a lot !
lot of stuffs that i wanted to search elsewhere are right within the doc
-Harish
Hi ,
I tried to debug using 1394 Cable connection.
When i select that option in windbg, I get the error “System cannot find the path specified”
any known resolutions to this error available or am I doing something wrong here ?
or
Is this because I dont have a 1394 device driver installed in my host system ?
-Harish
I tried to follow your steps, and it triggered the installation of a new virtual device (1394 debugger). Did that happen to you aswell? It could be you missed this somehow. I haven’t tested further, but I guess the virtual device relies on a 1394 bus controller to do the actual transmission. If you have no such controller device or it is (!)'ed, yes of course this would be the problem…The bus controller should be part of the driver package to your firewire card/mainboard.
Let me suggest you to use virtual machines if that is possible. I tried using a serial cable first, but gave it up rather quickly and am now using virtual pc, which is free to download from microsoft and there is a good tutorial on msdn:
http://support.microsoft.com/?scid=kb%3Ben-us%3B871171&x=15&y=10
Best regards,
Fabian