Problem in setting up windbg environment

Hi all,

I am new to windbg. After following the step in the
link
(http://www.osronline.com/article.cfm?article=314), I
can somehow start the command window with “Waiting to
reconnect…”. Now I have some questions and hope can
have any hints.

1. My driver is running on the target machine. Which
   symbol path should I set in the host machine in order
   to debug a USB driver in the target machine? I am
   quite confused with this point. Is that I have to set
   the symbol path pointing to the target machine or I
   should set the symbol path in the host machine?

2. What image path should I set? Since when a device
   plug into the target machine, the pnp manager will
   search for the driver and copy the *.sys file to the
   system32\drivers directory. Is that I have to set my
   image path to this directory?

3. How can I force the debugger to stop at the
   deviceEntry function?

Thank you for your great help!

Regards,
Nicholas

ëx¾€ÓÏ¢ - Yahoo! Messenger
¾ÍËãÄã›]ÓÐÉϾW£¬ÄãµÄÅóÓÑÈÔ¿ÉÒÔÁôÏÂӍϢ½oÄ㣬®”ÄãÉϾW•r¾ÍÄÜÁ¢¼´¿´µ½£¬ÈκÎÕfÔ’¶¼ƒÓ×ßʧ¡£
http://messenger.yahoo.com.hk

> 1. My driver is running on the target machine. Which

symbol path should I set in the host machine in order
to debug a USB driver in the target machine? I am
quite confused with this point. Is that I have to set
the symbol path pointing to the target machine or I
should set the symbol path in the host machine?

After you’ve built your driver, you should copy the resulting PDB to a
dedicated directory on your host and setup the symbol path to point to it.
You also want to make sure that your symbol path has an entry setup to point
to the Microsoft symbol server to ensure that your O/S symbols are correct
(easiest way: after you’ve added your symbol path do a !symfix x:\ossymbols
in the command window)

2. What image path should I set? Since when a device
   plug into the target machine, the pnp manager will
   search for the driver and copy the *.sys file to the
   system32\drivers directory. Is that I have to set my
   image path to this directory?

You only need the image path if you’re debugging a minidump. Otherwise just
leave it blank

3. How can I force the debugger to stop at the
   deviceEntry function?

The easiest and most reliable way is by adding a call to DbgBreakPoint() in
your DriverEntry. You can try your luck with an unresolved breakpoint (bu
drivername!DriverEntry) but if you’re new and just trying to get things
working I’d go with the hardcoded one.

-scott

–
Scott Noone
Software Engineer
OSR Open Systems Resources, Inc.
http://www.osronline.com

(1) Set the symbol path to point to a directory that contains your
symbols. Since the file will be opened by the debugger, that path
should be valid to the debugger. I would suggest not storing the
symbols on the debugee, since they won’t be available when you have the
remote system stopped.

(2) The image path should point to the location where you store copies
of the executable images that are running on the remote machine.
Typically, you won’t need this for kernel debugging because it will
fetch the image information directly from the remote machine’s memory.
If you are debugging mini-dump files, this path needs to be set up to
point to actual copies of the executables. Again, I would not suggest
pointing to a path on the debugee, since that path won’t be available
when you are debugging that system.

(3) I would sugest adding a breakpoint to your driver. We generally
code a conditional breakpoint that fires when a registry parameter is
set (we call it “BreakOnEntry”). This allows you to be flexible enough
to leave the breakpoint in the driver at all times. You should also be
able to do this with a debugger set breakpoint (“bu name>!DriverEntry”) but over the years developers have met with mixed
success using this technique, which is why I suggest the hard coded
approach.

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Yu Sai Kong
Sent: Wednesday, November 23, 2005 5:24 AM
To: Kernel Debugging Interest List
Cc: xxxxx@yahoo.com.hk
Subject: [windbg] Problem in setting up windbg environment

Hi all,

I am new to windbg. After following the step in the
link
(http://www.osronline.com/article.cfm?article=314), I
can somehow start the command window with “Waiting to
reconnect…”. Now I have some questions and hope can
have any hints.

1. My driver is running on the target machine. Which
symbol path should I set in the host machine in order
to debug a USB driver in the target machine? I am
quite confused with this point. Is that I have to set
the symbol path pointing to the target machine or I
should set the symbol path in the host machine?

2. What image path should I set? Since when a device
plug into the target machine, the pnp manager will
search for the driver and copy the *.sys file to the
system32\drivers directory. Is that I have to set my
image path to this directory?

3. How can I force the debugger to stop at the
deviceEntry function?

Thank you for your great help!

Regards,
Nicholas

1. If you built the drivers on the same machine that your debugger is running on, then you don’t need to set the symbol path to anything special. The debugger will find the symbols. The SYS file contains the fully-qualified path to the PDB file (e.g. c:\path\path\objchk\i386\foo.sys.) You can use a “strings” utility to verify this.

2. Not necessary for live debugging.

3. Before you load your device driver, break the target (hit control-break), and use the command “bu yourdriver!DriverEntry”. (Replace “yourdriver” with your driver’s name, without the “.sys” extension.) Use “bu”, NOT “bp”. When you use “bu”, the debugger will automatically re-resolve these breakpoints when modules are loaded or unloaded. I don’t know why this is not the default behavior. This can be applied to any other function, as well.

If you are actively developing a device driver, you should also learn to use the “.kdfiles” command. When .kdfiles is properly set up, the debugger will copy your driver binary to the target machine, every time the device driver is loaded. This can save you a lot of time during debugging.

– arlie

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Yu Sai Kong
Sent: Wednesday, November 23, 2005 5:24 AM
To: Kernel Debugging Interest List
Cc: xxxxx@yahoo.com.hk
Subject: [windbg] Problem in setting up windbg environment

Hi all,

I am new to windbg. After following the step in the link (http://www.osronline.com/article.cfm?article=314), I can somehow start the command window with “Waiting to reconnect…”. Now I have some questions and hope can have any hints.

1. My driver is running on the target machine. Which symbol path should I set in the host machine in order to debug a USB driver in the target machine? I am quite confused with this point. Is that I have to set the symbol path pointing to the target machine or I should set the symbol path in the host machine?

2. What image path should I set? Since when a device plug into the target machine, the pnp manager will search for the driver and copy the *.sys file to the system32\drivers directory. Is that I have to set my image path to this directory?

3. How can I force the debugger to stop at the deviceEntry function?

Thank you for your great help!

Regards,
Nicholas

褩??洘 - Yahoo! Messenger
憩呾斕衄奻鋒ㄛ斕腔攬衭褫眕隱狟?洘緻斕ㄛ?斕奻鋒憩夔蕾撈艘善ㄛ睡挲?飲c軗囮﹝
http://messenger.yahoo.com.hk

You are currently subscribed to windbg as: xxxxx@stonestreetone.com To unsubscribe send a blank email to xxxxx@lists.osr.com

Hi all,

Thank you for all of your great help. Now I can
start
running the driver and something and be printed out
to
the command window. But unfortunately I can’t step
the
code. It did stop at the point where I put
DbgBreakPoint(), but no code seems to be appeared. I
did setup the symbol path pointing to the *.pdb file
in the host machine. I have tried with the .kdfiles
command but have no luck. Here is the steps I used:

1. Start VMware, when it is in the boot-up menu, I
   switch back to the host machine and launch the
   windbg
   by “C:\Program Files\Debugging Tools for
   Windows\windbg.exe” -b -k
   com:pipe,port=\.\pipe\com_1,resets=0

2. Continue booting the target machine.

3. When it reached a break point, I used the command
   “.kdfiles
   C:\WINDDK\2600.1106\src\wdm\usb\bulkusb\sym.ini”,
   and
   here is the content of my sym.ini file

map
\Systemroot\system32\drivers\BULKUSB.sys

C:\WINDDK\2600.1106\src\wdm\usb\bulkusb\sys\objchk_wxp_x86\i386\bulkusb.sys

4. Press ‘g’ to let the system runs.

5. When I tried to plug-in a usb device, it simply
   stops at the point where I insert the break point,
   but
   no code appear.

Is there anything I do wrong? Please help and thank
you in advance!

Regards,
Nicholas

— Arlie Davis »¡¡G
>
> > 1) If you built the drivers on the same machine
> that
> > your debugger is running on, then you don’t need
> to
> > set the symbol path to anything special. The
> > debugger will find the symbols. The SYS file
> > contains the fully-qualified path to the PDB file
> > (e.g. c:\path\path\objchk\i386\foo.sys.) You can
> > use a “strings” utility to verify this.
> >
> > 2) Not necessary for live debugging.
> >
> > 3) Before you load your device driver, break the
> > target (hit control-break), and use the command
> “bu
> > yourdriver!DriverEntry”. (Replace “yourdriver”
> with
> > your driver’s name, without the “.sys” extension.)
>
> > Use “bu”, NOT “bp”. When you use “bu”, the
> debugger
> > will automatically re-resolve these breakpoints
> when
> > modules are loaded or unloaded. I don’t know why
> > this is not the default behavior. This can be
> > applied to any other function, as well.
> >
> > If you are actively developing a device driver,
> you
> > should also learn to use the “.kdfiles” command.
> > When .kdfiles is properly set up, the debugger
> will
> > copy your driver binary to the target machine,
> every
> > time the device driver is loaded. This can save
> you
> > a lot of time during debugging.
> >
> > – arlie
> >
> >
> > -----Original Message-----
> > From: xxxxx@lists.osr.com
> > [mailto:xxxxx@lists.osr.com] On
> Behalf
> > Of Yu Sai Kong
> > Sent: Wednesday, November 23, 2005 5:24 AM
> > To: Kernel Debugging Interest List
> > Cc: xxxxx@yahoo.com.hk
> > Subject: [windbg] Problem in setting up windbg
> > environment
> >
> > Hi all,
> >
> > I am new to windbg. After following the step in
> the
> > link
> >
> (http://www.osronline.com/article.cfm?article=314),
> > I can somehow start the command window with
> “Waiting
> > to reconnect…”. Now I have some questions and
> > hope can have any hints.
> >
> > 1. My driver is running on the target machine.
> Which
> > symbol path should I set in the host machine in
> > order to debug a USB driver in the target machine?
> I
> > am quite confused with this point. Is that I have
> to
> > set the symbol path pointing to the target machine
> > or I should set the symbol path in the host
> machine?
> >
> > 2. What image path should I set? Since when a
> device
> > plug into the target machine, the pnp manager will
> > search for the driver and copy the *.sys file to
> the
> > system32\drivers directory. Is that I have to set
> my
> > image path to this directory?
> >
> > 3. How can I force the debugger to stop at the
> > deviceEntry function?
> >
> > Thank you for your great help!
> >
> > Regards,
> > Nicholas
> >
> >
> >
> >
> > �??� - Yahoo! Messenger
> >
> >
>
�©å‘¾�•î¬§è¡„奻�’ã��•è��¬è¡­�žè¤«�•éš±��?洘緻�•ã�?�•å¥»�’î��©å��¾æ��˜å��›ï
> ˜ç¡��?飲cè»—å›®ï¹�
> > http://messenger.yahoo.com.hk
> >
> >
> > —
> > You are currently subscribed to windbg as:
> > xxxxx@stonestreetone.com To unsubscribe send a
> > blank email to xxxxx@lists.osr.com
> >
> >
> >
> >
> >
> > —
> > You are currently subscribed to windbg as: unknown
> > lmsubst tag argument: ‘’
> > To unsubscribe send a blank email to
> > xxxxx@lists.osr.com
> >
>
>
>
> ëx??Ï¢ - Yahoo! Messenger
>
>
¾ÍËãÄã›]ÓÐÉϾW£¬ÄãµÄÅóÓÑÈÔ¿ÉÒÔÁôÏÂ?Ï¢½oÄ㣬?ÄãÉϾW•r¾ÍÄÜÁ¢¼´¿´µ½£¬ÈκÎÕf?¶¼ƒÓ×ßʧ¡£
> http://messenger.yahoo.com.hk
>
>
> —
> You are currently subscribed to windbg as:
> xxxxx@yahoo.com.hk
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>

_______________________________________
ëx¾€ÓÏ¢ - Yahoo! Messenger
¾ÍËãÄã›]ÓÐÉϾW£¬ÄãµÄÅóÓÑÈÔ¿ÉÒÔÁôÏÂӍϢ½oÄ㣬®”ÄãÉϾW•r¾ÍÄÜÁ¢¼´¿´µ½£¬ÈκÎÕfÔ’¶¼ƒÓ×ßʧ¡£
http://messenger.yahoo.com.hk

Unless you have the code for the int 3 handler (which is what
DbgBreakPoint ultimately invokes) you won’t see source code at that
point. When I’m debugging I usually have to single step through that
routine until it returns BACK to my code before I’ll see source code.

If you are running the debugger on a different machine, you also need to
set the source search path (or set up the debugger to grab the code from
the source control system) in order to allow the debugger to find your
source code. Of course, this isn’t necessary if you run the debugger on
the machine where your code was compiled (the debugger will find the
code).

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Yu Sai Kong
Sent: Thursday, November 24, 2005 8:31 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] Problem in setting up windbg environment

Hi all,

Thank you for all of your great help. Now I can
start
running the driver and something and be printed out
to
the command window. But unfortunately I can’t step
the
code. It did stop at the point where I put
DbgBreakPoint(), but no code seems to be appeared. I
did setup the symbol path pointing to the *.pdb file
in the host machine. I have tried with the .kdfiles
command but have no luck. Here is the steps I used:

1. Start VMware, when it is in the boot-up menu, I
   switch back to the host machine and launch the
   windbg
   by “C:\Program Files\Debugging Tools for
   Windows\windbg.exe” -b -k
   com:pipe,port=\.\pipe\com_1,resets=0

2. Continue booting the target machine.

3. When it reached a break point, I used the command
   “.kdfiles
   C:\WINDDK\2600.1106\src\wdm\usb\bulkusb\sym.ini”,
   and
   here is the content of my sym.ini file

map
\Systemroot\system32\drivers\BULKUSB.sys

C:\WINDDK\2600.1106\src\wdm\usb\bulkusb\sys\objchk_wxp_x86\i386\bulkusb.
sys

4. Press ‘g’ to let the system runs.

5. When I tried to plug-in a usb device, it simply
   stops at the point where I insert the break point,
   but
   no code appear.

Is there anything I do wrong? Please help and thank
you in advance!

Regards,
Nicholas

As Tony pointed out, you need to look at the stack trace. Either use the
“kb” command (or any of the k* variants), or use WINDBG’s Call Stack window
(under the View menu). Once you have opened the “Call Stack” window, you
can double-click on any of the call frames to “focus” on that frame. The
debugger will then resolve local variable names in the context of that call
frame, and the debugger will attempt to find and display the source file for
that local call frame.

You can configure WINDBG to display debug messages when it is loading its
symbols. Read up on the .symopt command. The command “.symopt+ 0x80000000”
will turn on the symopt debug flag. This will produce a lot of debugging
spew, such as:

0:000> .symopt+ 0x80000000
Symbol options are 0x80030237:
0x00000001 - SYMOPT_CASE_INSENSITIVE
0x00000002 - SYMOPT_UNDNAME
0x00000004 - SYMOPT_DEFERRED_LOADS
0x00000010 - SYMOPT_LOAD_LINES
0x00000020 - SYMOPT_OMAP_FIND_NEAREST
0x00000200 - SYMOPT_FAIL_CRITICAL_ERRORS
0x00010000 - SYMOPT_AUTO_PUBLICS
0x00020000 - SYMOPT_NO_IMAGE_SEARCH
0x80000000 - SYMOPT_DEBUG
0:000> x notepad!*
DBGHELP: C:\WINDOWS\system32\notepad.pdb - file not found
DBGHELP: notepad.pdb - file not found
*** ERROR: Module load completed but symbols could not be loaded for
notepad.exe
DBGHELP: notepad - no symbols loaded

This is an example of loading (or not loading!) user-mode symbols, but it
works the same way for kernel-mode symbols. Because so much about using
WINDBG applies equally well to user-mode code, you can learn a lot about how
to use WINDBG by debugging user-mode apps.

Another way to test your symbols is to use this command: “x yourdriver!*”.
This dumps the list of all symbols in your driver. If you get nothing, or a
very short list, then you know that your symbols have not been properly
loaded. You should get a long list, containing every symbol (global
function and global variable) declared in your driver. You should also be
able to resolve symbols such as DriverEntry, by issuing the command “x
yourdriver!DriverEntry”.

– arlie

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Yu Sai Kong
Sent: Thursday, November 24, 2005 8:31 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] Problem in setting up windbg environment

Hi all,

Thank you for all of your great help. Now I can start running the driver
and something and be printed out to the command window. But unfortunately
I can’t step the code. It did stop at the point where I put
DbgBreakPoint(), but no code seems to be appeared. I did setup the symbol
path pointing to the *.pdb file in the host machine. I have tried with the
.kdfiles command but have no luck. Here is the steps I used:

1. Start VMware, when it is in the boot-up menu, I switch back to the host
   machine and launch the windbg by “C:\Program Files\Debugging Tools for
   Windows\windbg.exe” -b -k com:pipe,port=\.\pipe\com_1,resets=0

2. Continue booting the target machine.

3. When it reached a break point, I used the command “.kdfiles
   C:\WINDDK\2600.1106\src\wdm\usb\bulkusb\sym.ini”,
   and
   here is the content of my sym.ini file

map
\Systemroot\system32\drivers\BULKUSB.sys

C:\WINDDK\2600.1106\src\wdm\usb\bulkusb\sys\objchk_wxp_x86\i386\bulkusb.sys

4. Press ‘g’ to let the system runs.

5. When I tried to plug-in a usb device, it simply stops at the point
   where I insert the break point, but no code appear.

Is there anything I do wrong? Please help and thank you in advance!

Regards,
Nicholas