while using local debugging without /debug switch
is it normal for windbg to report back
unable to read head of debugger data head ?
it seems to fail while trying to read a pointer
with ntddl.ZwSystemDebugControl(SYS_DBG_READ_VIRTUAL,nt!KeServiceTableDescriptor,…,…,…,);
trying to do a
dd 806####
windbg shows the memory something like
8060### ??? ??? ??? ???
8060#10 ??? ??? ??? ???
It is definitely possible for lkd to not work properly on a system booted without /debug (which is why the debugger warns you about booting with /debug to get full functionality). The system can, if it wants, discard all of the kernel debugging code on boot when /debug is not used.
From: xxxxx@lists.osr.com on behalf of raj_r
Sent: Tue 7/25/2006 12:11 AM
To: Kernel Debugging Interest List
Subject: [windbg] lkd reporting unable to read head of debugger data list
while using local debugging without /debug switch
is it normal for windbg to report back
unable to read head of debugger data head ?
it seems to fail while trying to read a pointer
with ntddl.ZwSystemDebugControl(SYS_DBG_READ_VIRTUAL,nt!KeServiceTableDescriptor,…,…,…,);
trying to do a
dd 806####
windbg shows the memory something like
8060### ??? ??? ??? ???
8060#10 ??? ??? ??? ???
You are currently subscribed to windbg as: xxxxx@winse.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
On 7/25/06, Drew Bliss wrote:
>
> It is definitely possible for lkd to not work properly on a system booted
> without /debug
Thanks,
So it is entirely possible that it works for some one and doesnt work for
another one while both are testing without /debug switch
btw i was about to provide the following information about the problem
that i was facing
0221518F Breakpoint at
dbgeng.0221518F(LiveKernelTargetInfo::InitFromKdVersion+3CF)
7C90E864 CALL to ZwSystemDebugControl from dbgeng.0221B7E9
ControlCode = SysDbgReadVirtualMemory
PVOID InputBuffer = 00A0FE14
ULONG InputBufferLength = C
PVOID OutputBuffer = NULL
ULONG OutputBufferLength = 0
PULONG ReturnLength = 00A0FE10
7C90E864 Breakpoint at ntdll.ZwSystemDebugControl
[[esp+8]] = 80691b74 [[esp+8]+4] = a0fe54
7C90E870 Breakpoint at ntdll.7C90E870 (ZwSystemDebugControl+0C)
eax = c0000001 <---------------- NT_STATUS_UNSUCCESSFULL
nt!KdpDebuggerDataListHead:
80691b74 ?? ???
^ Memory access error in ‘u 80691b74’
7C90E864 CALL to ZwSystemDebugControl from dbgeng.0221B7E9
ControlCode = SysDbgReadVirtualMemory
PVOID InputBuffer = 00A0DF90
ULONG InputBufferLength = C
PVOID OutputBuffer = NULL
ULONG OutputBufferLength = 0
PULONG ReturnLength = 00A0DF8C
7C90E864 Breakpoint at ntdll.ZwSystemDebugControl
[[esp+8]] = 8068108c [[esp+8]+4] = a0e058
7C90E870 Breakpoint at ntdll.7C90E870 (ZwSystemDebugControl+0C)
eax = c0000001<-----------------
lkd> u 8068108c
nt!$$VProc_ImageExportDirectory+0xc:
8068108c ?? ???
^ Memory access error in ‘u 8068108c’
7C90E864 CALL to ZwSystemDebugControl from dbgeng.0221B7E9
ControlCode = SysDbgReadVirtualMemory
PVOID InputBuffer = 00A0D7E0
ULONG InputBufferLength = C
PVOID OutputBuffer = NULL
ULONG OutputBufferLength = 0
PULONG ReturnLength = 00A0D7DC
7C90E864 Breakpoint at ntdll.ZwSystemDebugControl
[[esp+8]] = 80681080 [[esp+8]+4] = 7b7db0
7C90E870 Breakpoint at ntdll.7C90E870 (ZwSystemDebugControl+0C)
eax = c0000001 <---------------
lkd> u 80681080
nt!$$VProc_ImageExportDirectory:
80681080 ?? ???
^ Memory access error in ‘u 80681080’
lkd> dd 80660ff0
80660ff0 ff804d76 55782835 4a28e880 5d5effea
80661000 ??? ??? ??? ???
80661010 ??? ??? ??? ???
80661020 ??? ??? ??? ???
80661030 ??? ??? ??? ???
80661040 ??? ??? ??? ???
80661050 ??? ??? ??? ???
80661060 ??? ??? ??? ???
lkd> !lmi nt
Loaded Module Info: [nt]
Module: ntoskrnl
Base Address: 804d7000
Image Name: ntoskrnl.exe
Machine Type: 332 (I386)
Time Stamp: 42250ff9 Wed Mar 02 06:29:37 2005
Size: 214100
CheckSum: 2198af
Characteristics: 10e perf
Debug Data Dirs: Type Size VA Pointer
CODEVIEW 25, 71cfc, 71cfc RSDS - GUID:
{32962337-F0F6-4638-8B39-535CD8DD70E8}
Age: 2, Pdb: ntoskrnl.pdb
CLSID 4, 71cf8, 71cf8 [Data not mapped]
Image Type: MEMORY - Image read successfully from loaded memory.
Symbol Type: PDB - Symbols loaded successfully from symbol server.
D:\Borland\odbg110\symbols\ntoskrnl.pdb\32962337F0F646388B39535CD8DD70E82\ntoskrnl.pdb
Load Report: public symbols , not source indexed
D:\Borland\odbg110\symbols\ntoskrnl.pdb\32962337F0F646388B39535CD8DD70E82\ntoskrnl.