Nt Driver Utility (Kernel Mode)

NTFSD
1

Dear Guru;

My friends refer you to me. They said you are expert on this field.
Here are my questions if you don’t mind:

  1. How to make a kernel debugger for NT Drivers particularly on Printer
    Driver (minidriver)?
  2. How to create a log file when debugging an NT Driver?
  3. How to write to a file during kernel mode?

I’m hoping for your professional answer/response…

Thanks in advance,
-Richard G. Villegas-

Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

2

Hi,
From ur question, i guess u want to debug ur Driver.
U don’t make kernel debugger, but u just use kernel debugger.

There are 2 kernel debugger available for winnt and windows 2000.

  • Numega Softice
  • Windbg

there might be others but i don;t use others, as these are efficient ones.

i love to use numega sfotice kernel debugger, it’s easy to use.
in order to make setup for ur driver to do debug on softice, u need to do
following things :

  • first generate ur driver file .sys

  • install numega softice

  • run loader32.exe or from start menu select symbol loader, it’s under
    numega softice.

  • select open module, select ur driver file with extension name .sys

  • select TRANSLATE option, this might ask u about ur souce files of driver,
    just give path when they prompt u about file.

  • once translation completes, it generate Symbol file with same name as ur
    driver, example : drivername.nms

  • use load option in loader32.exe, to load new nms file
    u all set to debug ur driver in softice. just press CTRL+D to go into
    softice debugger, use table command and use file command. u can see ur
    driver source code in softice. u can set breakpoint also there.

for windbg debugger, u have to conpile ur driver using compiler option /Zr
it generated driver file, that u can load in windbg and open ur any source
file of ur driver, set breakpoint, u done to do debug in windbg.

this will help.

thanks
parag

My friends refer you to me. They said you are expert on this field.
Here are my questions if you don’t mind:

  1. How to make a kernel debugger for NT Drivers particularly on Printer
    Driver (minidriver)?
  2. How to create a log file when debugging an NT Driver?
  3. How to write to a file during kernel mode?

I’m hoping for your professional answer/response…

Thanks in advance,
-Richard G. Villegas-

Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

You are currently subscribed to ntfsd as: xxxxx@hotmail.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

3

You can d/l the latest version of windbg at
http://www.microsoft.com/debugging/ddk

-----Original Message-----
From: Parag Sanghvi [mailto:xxxxx@hotmail.com]
Sent: Tuesday, January 30, 2001 3:51 PM
To: File Systems Developers
Subject: [ntfsd] Re: Nt Driver Utility (Kernel Mode)

Hi,
From ur question, i guess u want to debug ur Driver.
U don’t make kernel debugger, but u just use kernel debugger.

There are 2 kernel debugger available for winnt and windows 2000.

  • Numega Softice
  • Windbg

there might be others but i don;t use others, as these are efficient
ones.

i love to use numega sfotice kernel debugger, it’s easy to use.
in order to make setup for ur driver to do debug on softice, u need to
do
following things :

  • first generate ur driver file .sys

  • install numega softice

  • run loader32.exe or from start menu select symbol loader, it’s under
    numega softice.

  • select open module, select ur driver file with extension name .sys

  • select TRANSLATE option, this might ask u about ur souce files of
    driver,
    just give path when they prompt u about file.

  • once translation completes, it generate Symbol file with same name as
    ur
    driver, example : drivername.nms

  • use load option in loader32.exe, to load new nms file
    u all set to debug ur driver in softice. just press CTRL+D to go into
    softice debugger, use table command and use file command. u can see ur
    driver source code in softice. u can set breakpoint also there.

for windbg debugger, u have to conpile ur driver using compiler option
/Zr
it generated driver file, that u can load in windbg and open ur any
source
file of ur driver, set breakpoint, u done to do debug in windbg.

this will help.

thanks
parag

My friends refer you to me. They said you are expert on this field.
Here are my questions if you don’t mind:

  1. How to make a kernel debugger for NT Drivers particularly on Printer
    Driver (minidriver)?
  2. How to create a log file when debugging an NT Driver?
  3. How to write to a file during kernel mode?

I’m hoping for your professional answer/response…

Thanks in advance,
-Richard G. Villegas-

__

Get Your Private, Free E-mail from MSN Hotmail at
http://www.hotmail.com.

You are currently subscribed to ntfsd as: xxxxx@hotmail.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

_
Get Your Private, Free E-mail from MSN Hotmail at
http://www.hotmail.com.

You are currently subscribed to ntfsd as: xxxxx@microsoft.com
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

4

Hi Parag Sanghvi,

Thank you very much for your bright answer, but my concern is on
Kernel Debugger itself not on the Printer Driver.

I want to make a Kernel Debugger. And I just don’t know how?

Thanks,

  • Richard G. Villegas -

Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com

5

A new kernel debugger from scratch would be a very large undertaking. A
kernel debugger starts out as an alternative bootable image that uses the
hardware breakpoint registers and other techniques to maintain control while
loading the normal NT/2000/whatever kernel and running it. Other people
could offer a more complex assesment as to whether you could do it as a
device driver that, when loaded, subverted the regular OS’s control of the
hardware. In any case, it’s a very big deal, and neither MS not NuMega is
likely to offer you much assistance.

You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com