My apologies, since it is probably more apporpriate to windbg server, but
I did not get much of a response on this :).
Has anyone tried windbg to debug both user and kernl mode using one
session? Any success stor(y | ies)?
Quite often it works, and some other time stepping thru does not quite
work the way I want. F10 acts sometimes more like F5. Sometime F9 sets a
BP : bl shows it, red-bar on src shows it, but it does not hit those bp (
and they are no jump points that could skip) and some other time it hits.
I’m trying to find if my env. has anything to do with it?. Since OS is
streamed, it could be the problem or just windbg does not quite behave
well in this respect !!!
When the target boots, it boots under debugging on. The service starts at
pre user-login ( start == 2).
I’m using 6.6.0007.5 of windbg ( over null serial). OS is XP/sp2
thanks
prokash
You are switching to the process’s context right? The only way I can ever
get that to work is to >!process 0 0…find the PEB of interest and then
>.process
Once I am in the right context, the debugger usually works as expected. I
don’t do this often though honestly.
Bill M.
wrote in message news:xxxxx@ntdev…
> My apologies, since it is probably more apporpriate to windbg server, but
> I did not get much of a response on this :).
>
> Has anyone tried windbg to debug both user and kernl mode using one
> session? Any success stor(y | ies)?
>
> Quite often it works, and some other time stepping thru does not quite
> work the way I want. F10 acts sometimes more like F5. Sometime F9 sets a
> BP : bl shows it, red-bar on src shows it, but it does not hit those bp (
> and they are no jump points that could skip) and some other time it hits.
>
> I’m trying to find if my env. has anything to do with it?. Since OS is
> streamed, it could be the problem or just windbg does not quite behave
> well in this respect !!!
>
> When the target boots, it boots under debugging on. The service starts at
> pre user-login ( start == 2).
>
> I’m using 6.6.0007.5 of windbg ( over null serial). OS is XP/sp2
>
> thanks
> prokash
>
>
>
>
Bill,
I’m not going thru the app debugging. I’ve hard coded int 3. So as soon as
SCM fires the service(s) that I have had int 3 gets broken. From there the
drivers are all top level ( so the context is not changing ). Also it does
not matter even if I spawn system threads, and try to break in the Kmode.
There are times it works like magic. And there are times it skips BPs all
over.
And the requirement is such that I want to avoid any more baggage coming
with this streamed os ( to be specific, install softice and configure the
os appropriately to get it over the net ). Also I don’t want to bet on a
dead horse ( no offence guru :).
-pro
You are switching to the process’s context right? The only way I can ever
get that to work is to >!process 0 0…find the PEB of interest and then
>.process
>
> Once I am in the right context, the debugger usually works as expected. I
> don’t do this often though honestly.
>
> Bill M.
>
> wrote in message news:xxxxx@ntdev…
>> My apologies, since it is probably more apporpriate to windbg server,
>> but
>> I did not get much of a response on this :).
>>
>> Has anyone tried windbg to debug both user and kernl mode using one
>> session? Any success stor(y | ies)?
>>
>> Quite often it works, and some other time stepping thru does not quite
>> work the way I want. F10 acts sometimes more like F5. Sometime F9 sets a
>> BP : bl shows it, red-bar on src shows it, but it does not hit those bp
>> (
>> and they are no jump points that could skip) and some other time it
>> hits.
>>
>> I’m trying to find if my env. has anything to do with it?. Since OS is
>> streamed, it could be the problem or just windbg does not quite behave
>> well in this respect !!!
>>
>> When the target boots, it boots under debugging on. The service starts
>> at
>> pre user-login ( start == 2).
>>
>> I’m using 6.6.0007.5 of windbg ( over null serial). OS is XP/sp2
>>
>> thanks
>> prokash
>>
>>
>>
>>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
I guess no one tried this!!!
Surfing w/out proper gear might not be a good idea 
-pro
Bill,
I’m not going thru the app debugging. I’ve hard coded int 3. So as soon as
SCM fires the service(s) that I have had int 3 gets broken. From there the
drivers are all top level ( so the context is not changing ). Also it does
not matter even if I spawn system threads, and try to break in the Kmode.
There are times it works like magic. And there are times it skips BPs all
over.
And the requirement is such that I want to avoid any more baggage coming
with this streamed os ( to be specific, install softice and configure the
os appropriately to get it over the net ). Also I don’t want to bet on a
dead horse ( no offence guru :).
-pro
> You are switching to the process’s context right? The only way I can
> ever
> get that to work is to >!process 0 0…find the PEB of interest and
> then
> >.process
>>
>> Once I am in the right context, the debugger usually works as expected.
>> I
>> don’t do this often though honestly.
>>
>> Bill M.
>>
>> wrote in message news:xxxxx@ntdev…
>>> My apologies, since it is probably more apporpriate to windbg server,
>>> but
>>> I did not get much of a response on this :).
>>>
>>> Has anyone tried windbg to debug both user and kernl mode using one
>>> session? Any success stor(y | ies)?
>>>
>>> Quite often it works, and some other time stepping thru does not quite
>>> work the way I want. F10 acts sometimes more like F5. Sometime F9 sets
>>> a
>>> BP : bl shows it, red-bar on src shows it, but it does not hit those bp
>>> (
>>> and they are no jump points that could skip) and some other time it
>>> hits.
>>>
>>> I’m trying to find if my env. has anything to do with it?. Since OS is
>>> streamed, it could be the problem or just windbg does not quite behave
>>> well in this respect !!!
>>>
>>> When the target boots, it boots under debugging on. The service starts
>>> at
>>> pre user-login ( start == 2).
>>>
>>> I’m using 6.6.0007.5 of windbg ( over null serial). OS is XP/sp2
>>>
>>> thanks
>>> prokash
>>>
>>>
>>>
>>>
>>
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
wrote in message news:xxxxx@ntdev…
> My apologies, since it is probably more apporpriate to windbg server, but
> I did not get much of a response on this :).
Yes, it does belong on windbg. I don’t remember you asking about this
recently. When did you ask?
> Has anyone tried windbg to debug both user and kernl mode using one
> session? Any success stor(y | ies)?
Yes, put a BP in your driver dispatch routine (Read, Write, DeviceIoControl)
that is called in the UM app context. Do a .reload on the app sysmbols once
you’ve hit it. I haven’t had any issues with that approach, but I don’t do
that a lot of the time.
Phil
–
Philip D. Barila
Seagate Technology LLC
(720) 684-1842
As if I need to say it: Not speaking for Seagate.
About a month or so ago, I asked this on windbg …
The main thing I don’t understand is that bps are getting missed. Also there
are time when I try to set the bps, ( symbols are loaded ), it tells me bps
are set ( bl or visually ), but it misses.
The way I am trying to do this is -
- Boot the system under debugger ( ie. boot.ini says debugger is on …)
- When a service gets started, break into the service ( resolve the
symbols).
- Put some bps in umode and kmode code ( again private symbols are
resolved).
- Step thru…
There are times bps are hit accurately. And there are times bps are missed.
When bps are missed, if I try to single step (F10 or menu), it works as if
F5. Only thing I see did not miss is if I have hard coded ( int 3).
If it did not work consistently, I would have assumed that it does not work.
But sometime it does. This is really puzzling to me.
I will try this on a locally installed OS ( rather than having a streamed
os, and this could be the source of the problem - But I don’t know yet).
-pro
On 6/1/07, Phil Barila wrote:
>
> wrote in message news:xxxxx@ntdev…
> > My apologies, since it is probably more apporpriate to windbg server,
> but
> > I did not get much of a response on this :).
>
> Yes, it does belong on windbg. I don’t remember you asking about this
> recently. When did you ask?
>
> > Has anyone tried windbg to debug both user and kernl mode using one
> > session? Any success stor(y | ies)?
>
> Yes, put a BP in your driver dispatch routine (Read, Write,
> DeviceIoControl)
> that is called in the UM app context. Do a .reload on the app sysmbols
> once
> you’ve hit it. I haven’t had any issues with that approach, but I don’t
> do
> that a lot of the time.
>
> Phil
> –
> Philip D. Barila
> Seagate Technology LLC
> (720) 684-1842
> As if I need to say it: Not speaking for Seagate.
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
And if I have to conclude anything about missing bps -
For some reason, the image rewrite ( as a debugger does when we set a bp
externally as oposed to imbedded inside the code ) is not happening
consistenly.
For the function keys or menu item acting differently - I have no clue.
-pro
About a month or so ago, I asked this on windbg …
The main thing I don’t understand is that bps are getting missed. Also
there
are time when I try to set the bps, ( symbols are loaded ), it tells me
bps
are set ( bl or visually ), but it misses.
The way I am trying to do this is -
- Boot the system under debugger ( ie. boot.ini says debugger is on …)
- When a service gets started, break into the service ( resolve the
symbols).
- Put some bps in umode and kmode code ( again private symbols are
resolved).
- Step thru…
There are times bps are hit accurately. And there are times bps are
missed.
When bps are missed, if I try to single step (F10 or menu), it works as if
F5. Only thing I see did not miss is if I have hard coded ( int 3).
If it did not work consistently, I would have assumed that it does not
work.
But sometime it does. This is really puzzling to me.
I will try this on a locally installed OS ( rather than having a streamed
os, and this could be the source of the problem - But I don’t know yet).
-pro
On 6/1/07, Phil Barila wrote:
>>
>> wrote in message news:xxxxx@ntdev…
>> > My apologies, since it is probably more apporpriate to windbg server,
>> but
>> > I did not get much of a response on this :).
>>
>> Yes, it does belong on windbg. I don’t remember you asking about this
>> recently. When did you ask?
>>
>> > Has anyone tried windbg to debug both user and kernl mode using one
>> > session? Any success stor(y | ies)?
>>
>> Yes, put a BP in your driver dispatch routine (Read, Write,
>> DeviceIoControl)
>> that is called in the UM app context. Do a .reload on the app sysmbols
>> once
>> you’ve hit it. I haven’t had any issues with that approach, but I don’t
>> do
>> that a lot of the time.
>>
>> Phil
>> –
>> Philip D. Barila
>> Seagate Technology LLC
>> (720) 684-1842
>> As if I need to say it: Not speaking for Seagate.
>>
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
I made a technical mistake when I said rewrite. Sorry.
It is on-demand copy, mapped etc. Classic example of vfork().
I would not post anymore on this. But in case anyone have consistent
success, pls, pls, … post some hints on this.
-pro
And if I have to conclude anything about missing bps -
For some reason, the image rewrite ( as a debugger does when we set a bp
externally as oposed to imbedded inside the code ) is not happening
consistenly.
For the function keys or menu item acting differently - I have no clue.
-pro
> About a month or so ago, I asked this on windbg …
>
> The main thing I don’t understand is that bps are getting missed. Also
> there
> are time when I try to set the bps, ( symbols are loaded ), it tells me
> bps
> are set ( bl or visually ), but it misses.
>
> The way I am trying to do this is -
>
> 1) Boot the system under debugger ( ie. boot.ini says debugger is on
> …)
> 2) When a service gets started, break into the service ( resolve the
> symbols).
> 3) Put some bps in umode and kmode code ( again private symbols are
> resolved).
> 4) Step thru…
>
> There are times bps are hit accurately. And there are times bps are
> missed.
> When bps are missed, if I try to single step (F10 or menu), it works as
> if
> F5. Only thing I see did not miss is if I have hard coded ( int 3).
>
> If it did not work consistently, I would have assumed that it does not
> work.
> But sometime it does. This is really puzzling to me.
>
> I will try this on a locally installed OS ( rather than having a
> streamed
> os, and this could be the source of the problem - But I don’t know yet).
>
> -pro
>
>
> On 6/1/07, Phil Barila wrote:
>>>
>>> wrote in message news:xxxxx@ntdev…
>>> > My apologies, since it is probably more apporpriate to windbg server,
>>> but
>>> > I did not get much of a response on this :).
>>>
>>> Yes, it does belong on windbg. I don’t remember you asking about this
>>> recently. When did you ask?
>>>
>>> > Has anyone tried windbg to debug both user and kernl mode using one
>>> > session? Any success stor(y | ies)?
>>>
>>> Yes, put a BP in your driver dispatch routine (Read, Write,
>>> DeviceIoControl)
>>> that is called in the UM app context. Do a .reload on the app sysmbols
>>> once
>>> you’ve hit it. I haven’t had any issues with that approach, but I
>>> don’t
>>> do
>>> that a lot of the time.
>>>
>>> Phil
>>> –
>>> Philip D. Barila
>>> Seagate Technology LLC
>>> (720) 684-1842
>>> As if I need to say it: Not speaking for Seagate.
>>>
>>>
>>>
>>> —
>>> Questions? First check the Kernel Driver FAQ at
>>> http://www.osronline.com/article.cfm?id=256
>>>
>>> To unsubscribe, visit the List Server section of OSR Online at
>>> http://www.osronline.com/page.cfm?name=ListServer
>>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>