RE: How can I set a breakpoint at DriverEntry with a freebuild driver(sys) using SoftICE or Windbg

OSR_Community_User · January 20, 2006, 1:51am

Hi Doron,
It’s not my driver so I don’t have the symbol file. I just want to assembly level debugging. Can I see its assembly code at runtime?

thanks

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Doron Holan
Sent: Friday, January 20, 2006 2:12 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How can I set a breakpoint at DriverEntry with a freebuild driver(sys) using SoftICE or Windbg

If this is your driver, you can still have a symbol file for your free driver. In windbg it would be bu !DriverEntry. You can also set a load exception which will hit before DriverEntry is called by calling “sxe ld .sys”. but without symbols, you are pretty much out of luck for any useful debugging w/out a lot of work.

d

________________________________________
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@compal.com
Sent: Thursday, January 19, 2006 7:40 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] How can I set a breakpoint at DriverEntry with a free build driver(sys) using SoftICE or Windbg

Hi all
??? Now I have a free build driver (.sys file), and I don’t have its source code and symbol file.
How can I set a breakpoint at its DriverEntry at boot time using SoftICE or Windbg?

Thanks,
Best Regards,
KenKC

================================================================================================================================================================
This message may contain information which is private, privileged or confidential of Compal Electronics, Inc. If you are not the intended recipient of this message, please notify the sender and destroy/delete the message. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information, by persons or entities other than the intended recipient is prohibited.
================================================================================================================================================================

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Doron_Holan · January 20, 2006, 2:47am

Sure you can, it just takes more time. What I have done in the past is set a breakpoint on DriverEntry for a driver I do have symbols for that will load before the driver I am interested and let that breakpoint hit. I then dump the callstack (kb) and look at the return address. I then unassembled backwards from the return address to the call indirect instruction (which is calling DriverObject->DriverInit, where DriverInit == &DriverEntry) and put a bp on the call indirect instruction. Then I just hit ‘g’ everytime the bp hits until the module I am interested loads. I am sure there are other ways of doing this as well…

d

– I can spell, I just can’t type.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@compal.com
Sent: Thursday, January 19, 2006 10:42 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How can I set a breakpoint at DriverEntry with a freebuild driver(sys) using SoftICE or Windbg

Hi Doron,
It’s not my driver so I don’t have the symbol file. I just want to assembly level debugging. Can I see its assembly code at runtime?

thanks

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Doron Holan
Sent: Friday, January 20, 2006 2:12 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How can I set a breakpoint at DriverEntry with a freebuild driver(sys) using SoftICE or Windbg

If this is your driver, you can still have a symbol file for your free driver. In windbg it would be bu !DriverEntry. You can also set a load exception which will hit before DriverEntry is called by calling “sxe ld .sys”. but without symbols, you are pretty much out of luck for any useful debugging w/out a lot of work.

d

________________________________________
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@compal.com
Sent: Thursday, January 19, 2006 7:40 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] How can I set a breakpoint at DriverEntry with a free build driver(sys) using SoftICE or Windbg

Hi all
??? Now I have a free build driver (.sys file), and I don’t have its source code and symbol file.
How can I set a breakpoint at its DriverEntry at boot time using SoftICE or Windbg?

Thanks,
Best Regards,
KenKC

================================================================================================================================================================
This message may contain information which is private, privileged or confidential of Compal Electronics, Inc. If you are not the intended recipient of this message, please notify the sender and destroy/delete the message. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information, by persons or entities other than the intended recipient is prohibited.
================================================================================================================================================================

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Slava_Imameyev · January 20, 2006, 6:22am

Set break point at nt!IopLoadDriver, first parameter for this function is
a handle to a driver key in the registry.
If IopLoadDriver is called for the driver in question set break point at
nt!MmLoadSystemImage. When break point for MmLoadSystemImage will be called
set break point to a return address and when the last break point will be
called set break point to DriverEntry. Offset for the DriverEntry you can
find in the PE header. The sixth parameter for MmLoadSystemImage is the
address of the memory which contains a base address for the loaded driver
image.

wrote in message news:xxxxx@ntdev…
Hi Doron,
It’s not my driver so I don’t have the symbol file. I just want to assembly
level debugging. Can I see its assembly code at runtime?

thanks

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doron Holan
Sent: Friday, January 20, 2006 2:12 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How can I set a breakpoint at DriverEntry with a
freebuild driver(sys) using SoftICE or Windbg

If this is your driver, you can still have a symbol file for your free
driver. In windbg it would be bu !DriverEntry. You can also set a
load exception which will hit before DriverEntry is called by calling “sxe
ld .sys”. but without symbols, you are pretty much out of luck for
any useful debugging w/out a lot of work.

d

________________________________________
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@compal.com
Sent: Thursday, January 19, 2006 7:40 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] How can I set a breakpoint at DriverEntry with a free build
driver(sys) using SoftICE or Windbg

Hi all
Now I have a free build driver (.sys file), and I don’t have its source code
and symbol file.
How can I set a breakpoint at its DriverEntry at boot time using SoftICE or
Windbg?

Thanks,
Best Regards,
KenKC

================================================================================================================================================================
This message may contain information which is private, privileged or
confidential of Compal Electronics, Inc. If you are not the intended
recipient of this message, please notify the sender and destroy/delete the
message. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon this information, by persons or
entities other than the intended recipient is prohibited.
================================================================================================================================================================

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com