'nother newbie question: WinDbg stepping all over the place

NTDEV
1

Well my last newbie question seemed to spawn an epic debate… so I figure i’ll try and outdo myself with this one:

I’m trying to debug the startup of a driver, and WinDbg seems to load my symbols and source, but it acts like its reading symbols from some alien dimension. It sees my DbgBreakPoint() instructions, but attempting to step over certain lines sometimes jumps 5 lines, then into blank lines, lines that are comments.

Now my experiernce suggests that whatever symbol file its looking at is old and mismatched with the source code.

Since I’m new, can anyone help point me in the right direction… a switch or something… that I might check to ensure that proper symbols are being rebuilt with every compile? I’m using the 5112 DDK.

Feel free to spawn a debate by suggesting that windows 3.0 worked better in real mode rather than protected mode on your 80286 in between the lines.

Thanks,

Jason

2

The fact that WinDBG loaded the symbols likely means that the symbols do in
fact match the driver loaded. This means you either:

  1. Are inadvertantly running an old version of the binary

You can determine this by checking the timestamp with “lmv mdrivername”.
This will also tell you what PDB it loaded for your driver.

  1. Your source search path has sent WinDBG to an old version of your sources

WinDBG displays the full path of the source file in the title bar, so make
sure you’re looking at the right source. If you’re not, you can make WinDBG
Do the Right Thing by changing your source path (either with .srcpath or
Ctrl+P).

And, since you asked for a digression, I’ll also recommend upgrading to an
actual release version of the WDK and not some random beta. Version 6001
RTM’d this Monday, so that’s what all the cool kids are using.

-scott

Scott Noone
Software Engineer
OSR Open Systems Resources, Inc.
http://www.osronline.com

wrote in message news:xxxxx@ntdev…
> Well my last newbie question seemed to spawn an epic debate… so I figure
> i’ll try and outdo myself with this one:
>
> I’m trying to debug the startup of a driver, and WinDbg seems to load my
> symbols and source, but it acts like its reading symbols from some alien
> dimension. It sees my DbgBreakPoint() instructions, but attempting to step
> over certain lines sometimes jumps 5 lines, then into blank lines, lines
> that are comments.
>
> Now my experiernce suggests that whatever symbol file its looking at is
> old and mismatched with the source code.
>
> Since I’m new, can anyone help point me in the right direction… a switch
> or something… that I might check to ensure that proper symbols are being
> rebuilt with every compile? I’m using the 5112 DDK.
>
> Feel free to spawn a debate by suggesting that windows 3.0 worked better
> in real mode rather than protected mode on your 80286 in between the
> lines.
>
> Thanks,
>
> Jason
>
>

3

xxxxx@digitaltundra.com wrote:

Well my last newbie question seemed to spawn an epic debate… so I figure i’ll try and outdo myself with this one:

I’m trying to debug the startup of a driver, and WinDbg seems to load my symbols and source, but it acts like its reading symbols from some alien dimension. It sees my DbgBreakPoint() instructions, but attempting to step over certain lines sometimes jumps 5 lines, then into blank lines, lines that are comments.

Do you have optimization turned on? Optimization often confuses
debuggers. Also remember that a multiline statement (like a big “if” or
“for”) will be seen as a single line by the debugger.

Which version of WinDbg are you using?

Now my experiernce suggests that whatever symbol file its looking at is old and mismatched with the source code.

Well, is it? Where do you have the symbol path pointing?

Since I’m new, can anyone help point me in the right direction… a switch or something… that I might check to ensure that proper symbols are being rebuilt with every compile? I’m using the 5112 DDK.

You are using a beta DDK, and a relatively early beta at that. I’m not
suggesting this has anything to do with your problem, but you should go
out and fetch the latest one you can. The newest DDK, 6001.18000, has
been released but I’m not sure it’s available for general download yet.
The 6000 (Vista) DDK should be available.

Feel free to spawn a debate by suggesting that windows 3.0 worked better in real mode rather than protected mode on your 80286 in between the lines.

Now, now… This group has its characters and its foibles, but you’d be
hard-pressed to find a better source of information on writing Windows
drivers.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

4

Windbg is very good about loading the right symbols, but it is generally up
to you to steer it to the right source versions for the component. Whenever
I have a breakpoint in a comment, or off somewhere it doesn’t belong it has
been the case that the source files I have pointed windbg at do not
correspond to the driver executible actually running on the target system.

Optimization loses local variables - they end up in registers rather than on
the stack, but it usually does not cause the behavior you have observed.

lm lv - this windbg command will give you information about loaded kernel
modules, their timestamps and the associated pdb file.

On Feb 8, 2008 5:08 PM, wrote:

> Well my last newbie question seemed to spawn an epic debate… so I figure
> i’ll try and outdo myself with this one:
>
> I’m trying to debug the startup of a driver, and WinDbg seems to load my
> symbols and source, but it acts like its reading symbols from some alien
> dimension. It sees my DbgBreakPoint() instructions, but attempting to step
> over certain lines sometimes jumps 5 lines, then into blank lines, lines
> that are comments.
>
> Now my experiernce suggests that whatever symbol file its looking at is
> old and mismatched with the source code.
>
> Since I’m new, can anyone help point me in the right direction… a switch
> or something… that I might check to ensure that proper symbols are being
> rebuilt with every compile? I’m using the 5112 DDK.
>
> Feel free to spawn a debate by suggesting that windows 3.0 worked better
> in real mode rather than protected mode on your 80286 in between the lines.
>
> Thanks,
>
> Jason
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>


Mark Roddy