Hi,
The code actually runs ok. (except for a small bug I am trying to fix)
I’m not analyzing a dump file, I am stepping through the driver C source
line by line without problem, no crash.
When I do a !teb command, I get the following error:
0:000> !teb
TEB at 000007fffffde000
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_TEB ***
*** ***
*************************************************************************
error InitTypeRead( TEB )…
Register dump at this point shows:
0:000> r
rax=0000000001f501e0 rbx=00000000000ae5f0 rcx=000007ff7fca25ba
rdx=0000000000000000 rsi=0000000000000000 rdi=00000000000aee98
rip=0000000001ecb622 rsp=00000000000ae0a0 rbp=0000000000000017
r8=00000000000ae098 r9=0000000000000017 r10=0000000000000000
r11=0000000000000246 r12=00000000000aef08 r13=00000000000aee40
r14=fffffadfbb158248 r15=0000000000000001
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b
efl=00000246
bgspd64!DrvTextOut+0x2b2:
0000000001ecb622 4883bc248000000000 cmp qword ptr [rsp+0x80],0x0 ss:00000000
000ae120=0000000001f501e0
So the !teb command shows that windbg cant find my symbols, even though it
tells me earlier that it has loaded my symbol file. The debugger seems to
know about all the symbols, it just cant show me the right values for them.
e.g. if I do a “dv /V” I can see names of my locals, but cant see the
values.
The PDB file gets generated each time I build - its not an old one. I have
deleted all other PDB’s around that it could be getting confused with.
I have actually had to move on with this, as I am out of ideas. I’ve been
debugging by printing out variables to the debugger output. Still, would be
nice to be able to use the debugger properly!
Cheers,
Craig
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Tony Mason
Sent: Tuesday, 12 July 2005 11:58 AM
To: Kernel Debugging Interest List
Subject: RE: [windbg] Memory read error - while trying to examine variables
in windbg
I’ve never seen a user mode stack on page zero (like this one). One
possibility is that someone has overwritten the child RBP and then done a
return. Where does the TEB (!teb) say the thread stack is located? Where
is RSP?
Bottom line: I don’t think this is a *debugger* problem - seems more like a
screwed up thread state, either because someone clobbered a register
directly or (more likely) indirectly - either by misaligning the stack
(doing any mixed language programming?) or by scribbling over a local
variable (in some function you called) and zeroing out the RBP value (ah,
but quite impressive - NOT overrunning the return address!)
In what context are you debugging? Have you been single stepping through
the code and WHAM! suddenly the machine state is wrong? Or is this a post
mortem crash you are analyzing?
Regards,
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com http:</http:>