i am curious which debugger is used to debug stuff like ntldr, winload
bootmgr etc, it is aurium or itp? or is there a software solution?
Depending on the version of Windows and having the correct DDK (yes I mean
DDK) there used to be a version of ntldr that could be put on a system that
worked with WinDBG. I presume it is still available in house to Microsoft,
but I have seen nothing on using it from Vista onwards.
Beyond that most customers I know of use an Arium.
–
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
“A P” wrote in message news:xxxxx@ntdev…
>i am curious which debugger is used to debug stuff like ntldr, winload
> bootmgr etc, it is aurium or itp? or is there a software solution?
>
>
>
> Information from ESET NOD32 Antivirus, version of virus
> signature database 4277 (20090725)
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
Information from ESET NOD32 Antivirus, version of virus signature database 4277 (20090725)
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
Let me start by saying that we use our Arium for stuff like this. It’s a fussy pain in the ass. But it works.
There ARE some software alternatives: Have a look at Bochs (the x86 emulator). There was/is also an amd64 emulator that I’ve heard talk of, though I’ve never seen or used it myself. While effective, any software emulator is going to be SLOW.
Peter
OSR
-
The only way that I’ve ever gotten ntdlr debugging to work was to use the version of ntldr from a chk installation. The one from the ddk never worked for me.
-
You don’t have to do anything special on Vista+, other than to issue
bcdedit /set bootdebug on
That being said, this doesn’t really do much for you in the case of winload, which generally does not appear to have public symbols (sometimes).
- Like PGV, I use an Arium for this stuff most of the time, and depending on on how early in the boot process you need to investigate, it may be your only non-emulated option. However, as he also said, the Arium is a pain in the ass, not to mention a MF to connect at all.
Good luck,
mm
Forgot:
I’ve used the amd64 emulator that pgv mentioned, and if I recall correctly, you can connect windbg to it.
The potential problem with anything emulated is that you’re not using a ‘real’ bios, or at least not your specific bios. This probably matters only very rarely, but it’s something to consider.
Good luck,
mm
I use http://www.emu8086.com for writing bootloaders.
“A P” wrote in message news:xxxxx@ntdev…
>i am curious which debugger is used to debug stuff like ntldr, winload
> bootmgr etc, it is aurium or itp? or is there a software solution?
>