Re: Re: Re: Re: Re: Re : Re : Re : Irp tracking

Do get output from ‘x nt!NtSetSystemPowerState’, instead of dt?

In any case, ‘dt nt!_DRIVER_OBJECT’ should work. What is the output of
lmmnt?

Also, what debugger version are you using? I couldn’t repro the crash.

Jason

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of D M
Sent: Monday, August 29, 2005 9:09 AM
To: Kernel Debugging Interest List
Subject: Re: Re: Re: Re: Re: Re : Re : Re : [windbg] Irp tracking

doesn’t much matter what I try (sigh),

when I tried dt nt!* the debugger gave an access violation and crashed,
same happened when I typed dt disk!*

seems like the * is causing a buffer overflow.

Then I tried with other sybols in nt I know exist,

like dt nt!NtSetSystemPowerState

and I got the same message I printed, then only I tried with ‘A’
thinking that winld cards might help.

Even t nt!_DRIVER_OBJECT doesn’t work

kd> dt nt!_DRIVER_OBJECT
************************************************************************
*
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information.
***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not
***
*** contain the required information. Contact the group that
***
*** provided you with these symbols if you need this command to
***
*** work.
***
*** ***
*** Type referenced: nt!_DRIVER_OBJECT ***
*** ***
************************************************************************
*
Symbol nt!_DRIVER_OBJECT not found.

From: Jason Shay
Reply-To: Kernel Debugging Interest List
To: Kernel Debugging Interest List
Date: Aug 29, 2005 9:20 PM
Subject: RE: Re: Re: Re: Re: Re: [windbg] Irp tracking

What command did you type to get that message? If you typed ‘dt nt!A’,
then you’ll get this message. That’s because there is no ‘A’ symbol in
ntoskrnl, regardless of public or private symbols.

Jason

http:ignature-home.htm/xxxxx@Middle5?PARTNER=3> — You are currently
subscribed to windbg as: unknown lmsubst tag argument: ‘’ To unsubscribe
send a blank email to xxxxx@lists.osr.com</http:>

Hmm, the lmmnt output seems a little off. I was expecting something
like this:

lkd> lmmnt

start end module name

804d7000 806eb100 nt (export symbols) ntoskrnl.exe

‘!lmi nt’ would be a suitable replacement…

Also - there is a v6.5 at
http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

Jason

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of D M
Sent: Monday, August 29, 2005 9:32 AM
To: Kernel Debugging Interest List
Subject: RE: Re: Re: Re: Re: Re : Re : Re : [windbg] Irp tracking

x nt!NtSetSystemPowerState works, I have already tried it.

The debugger version is Microsoft (R) Windows Debugger Version
6.4.0007.2

lmmnt produces,

01000000 0102d000 winlogon winlogon.exe Sun Nov 14 09:34:41 1999
(382E34D9)
68010000 68106000 sfcfiles sfcfiles.dll Wed Dec 08 06:13:05 1999
(384DA999)
690f0000 690fb000 PROFMAP PROFMAP.DLL Tue Nov 30 15:04:02 1999
(38439A0A)
75020000 75028000 WS2HELP WS2HELP.DLL Tue Nov 30 15:01:09 1999
(3843995D)
75030000 75044000 WS2_32 WS2_32.DLL Tue Nov 30 15:01:09 1999
(3843995D)
75050000 75058000 WSOCK32 WSOCK32.DLL Tue Nov 30 15:01:09 1999
(3843995D)
75150000 7515f000 SAMLIB SAMLIB.DLL Tue Nov 30 15:01:08 1999
(3843995C)
75170000 751bf000 NETAPI32 NETAPI32.dll Sun Dec 05 07:58:08 1999
(3849CDB8)
751c0000 751c6000 NETRAP NETRAP.DLL Tue Nov 30 15:01:07 1999
(3843995B)
76920000 7692f000 WlNotify WlNotify.dll Wed Dec 01 13:07:34 1999
(3844D03E)
76960000 76977000 WINSCARD WINSCARD.DLL Wed Dec 01 13:07:34 1999
(3844D03E)
76980000 7699b000 SFC SFC.DLL Wed Dec 01 13:07:34 1999
(3844D03E)
769a0000 769a7000 NDDEAPI NDDEAPI.DLL Wed Dec 01 13:07:34 1999
(3844D03E)
769b0000 76a00000 msgina msgina.dll Wed Dec 01 13:07:34 1999
(3844D03E)
770c0000 770e3000 cscdll cscdll.dll Wed Dec 01 13:07:30 1999
(3844D03A)
77430000 77440000 MSASN1 MSASN1.DLL Wed Dec 01 13:07:29 1999
(3844D039)
77440000 774b8000 CRYPT32 CRYPT32.DLL Wed Dec 01 13:07:29 1999
(3844D039)
77560000 77569000 wdmaud_77560000 wdmaud.drv Wed Dec 01 13:07:28
1999 (3844D038)
77570000 775a0000 WINMM WINMM.dll Wed Dec 01 13:07:28 1999
(3844D038)
775a0000 777e0000 SHELL32 SHELL32.DLL Wed Dec 01 13:07:27 1999
(3844D037)
77800000 7781d000 WINSPOOL WINSPOOL.DRV Wed Dec 01 13:07:27 1999
(3844D037)
77850000 7788c000 cscui cscui.dll Wed Dec 01 13:07:27 1999
(3844D037)
77890000 7791d000 setupapi setupapi.dll Wed Dec 01 13:07:27 1999
(3844D037)
77950000 77979000 WLDAP32 WLDAP32.DLL Wed Dec 01 13:07:27 1999
(3844D037)
77980000 779a4000 DNSAPI DNSAPI.DLL Wed Dec 01 13:07:27 1999
(3844D037)
779b0000 77a45000 OLEAUT32 OLEAUT32.DLL Wed Dec 01 13:07:26 1999
(3844D036)
77a50000 77b45000 OLE32 OLE32.DLL Wed Dec 01 13:07:25 1999
(3844D035)
77b50000 77bda000 COMCTL32 COMCTL32.DLL Wed Dec 01 13:07:25 1999
(3844D035)
77be0000 77bef000 SECUR32 SECUR32.DLL Wed Dec 01 13:07:25 1999
(3844D035)
77c10000 77c6d000 USERENV USERENV.DLL Wed Dec 01 13:07:25 1999
(3844D035)
77c70000 77cba000 SHLWAPI SHLWAPI.DLL Wed Dec 01 13:07:25 1999
(3844D035)
77cc0000 77d40000 CLBCATQ CLBCATQ.DLL Wed Dec 01 13:07:24 1999
(3844D034)
77d40000 77daf000 RPCRT4 RPCRT4.DLL Fri Dec 03 04:59:06 1999
(384700C2)
77db0000 77e0a000 ADVAPI32 ADVAPI32.DLL Wed Dec 01 13:07:24 1999
(3844D034)
77e10000 77e75000 USER32 USER32.DLL Wed Dec 01 13:07:24 1999
(3844D034)
77e80000 77f36000 KERNEL32 KERNEL32.dll Wed Dec 01 13:07:24 1999
(3844D034)
77f40000 77f7c000 GDI32 GDI32.DLL Fri Nov 12 14:14:52 1999
(382BD384)
77f80000 77ff9000 ntdll ntdll.dll Thu Oct 28 01:36:08 1999
(38175B30)
78000000 78046000 MSVCRT MSVCRT.DLL Thu Sep 30 07:21:35 1999
(37F2C227)
78140000 7815a000 msv1_0 msv1_0.dll Wed Nov 10 23:27:18 1999
(3829B1FE)
804de000 8066e900 nt ntoskrnl.exe Wed Dec 08 05:11:11 1999
(384D9B17)
8066f000 80682d20 hal halaacpi.dll Wed Nov 03 06:44:22 1999
(381F8C6E)
a0000000 a01a5620 win32k win32k.sys Tue Nov 30 14:21:03 1999
(38438FF7)
b7496000 b74aaae0 hiber_atapi hiber_atapi.sys Sun Dec 05 01:49:32
1999 (38497754)
b7663000 b7677cc0 ipsec ipsec.sys Tue Nov 30 12:38:54 1999
(38437806)
b7678000 b769bf60 kmixer kmixer.sys Wed Nov 10 12:22:30 1999
(3829162E)
b769c000 b76ae0a0 wdmaud wdmaud.sys Thu Oct 28 00:10:45 1999
(3817472D)
b76af000 b76ea260 srv srv.sys Tue Nov 30 13:08:21 1999
(38437EED)
b78ab000 b78b9d80 Cdfs Cdfs.SYS Tue Oct 26 00:53:52 1999
(3814AE48)
b78bb000 b78c76c0 DMusic DMusic.sys Fri Oct 29 04:54:19 1999
(3818DB23)
b78f3000 b790c980 afd afd.sys Tue Nov 30 12:42:04 1999
(384378C4)
b7a25000 b7ae0000 ialmdd5 ialmdd5.DLL Wed Feb 11 00:46:28 2004
(40292E0C)
b7ae0000 b7afee80 ialmdev5 ialmdev5.DLL Wed Feb 11 00:39:50 2004
(40292C7E)
b7aff000 b7b1e000 ialmdnt5 ialmdnt5.dll Wed Feb 11 00:39:59 2004
(40292C87)
b7b1e000 b7b32ae0 dump_atapi dump_atapi.sys Sun Dec 05 01:49:32 1999
(38497754)
b7b33000 b7b57040 Fastfat Fastfat.SYS Tue Oct 26 00:50:50 1999
(3814AD92)
b7b58000 b7bb51e0 mrxsmb mrxsmb.sys Tue Nov 30 14:22:10 1999
(3843903A)
b7bf0000 b7c113a0 rdbss rdbss.sys Tue Nov 30 14:22:29 1999
(3843904D)
b7c12000 b7c364e0 netbt netbt.sys Tue Nov 30 13:07:39 1999
(38437EC3)
b7c37000 b7c81860 tcpip tcpip.sys Tue Nov 30 13:08:42 1999
(38437F02)
bfd22000 bfd368a0 update update.sys Tue Oct 26 00:58:24 1999
(3814AF58)
bfd5f000 bfd75180 ndiswan ndiswan.sys Tue Nov 30 12:39:01 1999
(3843780D)
bfd76000 bfd91b00 KS KS.SYS Tue Nov 30 14:21:38 1999
(3843901A)
bfd92000 bfdb64a0 portcls portcls.sys Sat Nov 06 13:23:25 1999
(3823DE75)
bfdb7000 bfe5d5c0 ialmnt5 ialmnt5.sys Wed Feb 11 00:47:05 2004
(40292E31)
bfe7e000 bfe93140 Mup Mup.sys Sat Nov 06 04:01:58 1999
(38235ADE)
bfe94000 bfebce40 NDIS NDIS.sys Tue Nov 30 13:07:30 1999
(38437EBA)
bfebd000 bff3f9c0 Ntfs Ntfs.sys Tue Nov 30 13:07:55 1999
(38437ED3)
bff40000 bff50b80 KSecDD KSecDD.sys Sat Oct 23 05:08:14 1999
(3810F566)
bff51000 bff65ae0 atapi atapi.sys Sun Dec 05 01:49:32 1999
(38497754)
bff99000 bffba220 dmio dmio.sys Wed Dec 01 01:17:49 1999
(384429E5)
bffbb000 bffd70c0 ftdisk ftdisk.sys Tue Nov 23 01:06:23 1999
(38399B37)
bffd8000 bffffb40 ACPI ACPI.sys Thu Nov 11 06:36:04 1999
(382A167C)
eb400000 eb40e340 pci pci.sys Thu Oct 28 04:41:08 1999
(3817868C)
eb410000 eb41b580 isapnp isapnp.sys Sun Oct 03 01:30:35 1999
(37F66463)
eb420000 eb428260 CLASSPNP CLASSPNP.SYS Thu Oct 07 05:25:45 1999
(37FBE181)
eb450000 eb45c400 VIDEOPRT VIDEOPRT.SYS Sun Nov 07 03:25:20 1999
(3824A3C8)
eb460000 eb46f2e0 serial serial.sys Tue Oct 26 00:57:55 1999
(3814AF3B)
eb470000 eb47b0a0 i8042prt i8042prt.sys Thu Dec 02 13:04:06 1999
(384620EE)
eb480000 eb48c560 rasl2tp rasl2tp.sys Tue Nov 30 12:39:07 1999
(38437813)
eb490000 eb49b9e0 raspptp raspptp.sys Tue Nov 30 12:39:13 1999
(38437819)
eb4a0000 eb4ae9a0 parallel parallel.sys Sat Oct 23 03:30:54 1999
(3810DE96)
eb4c0000 eb4c9b40 usbhub usbhub.sys Sat Nov 13 04:59:21 1999
(382CA2D1)
eb4e0000 eb4e9ce0 NDProxy NDProxy.SYS Fri Oct 01 04:55:35 1999
(37F3F16F)
eb4f0000 eb4f8fa0 Npfs Npfs.SYS Sun Oct 10 05:28:07 1999
(37FFD68F)
eb500000 eb5086e0 msgpc msgpc.sys Tue Nov 30 13:07:21 1999
(38437EB1)
eb510000 eb5181a0 netbios netbios.sys Wed Oct 13 01:04:19 1999
(38038D3B)
eb5e0000 eb5eb7a0 sysaudio sysaudio.sys Tue Oct 26 00:58:14 1999
(3814AF4E)
eb5f0000 eb5fc9e0 swmidi swmidi.sys Wed Oct 06 04:18:21 1999
(37FA8035)
eb620000 eb62e000 ialmrnt5 ialmrnt5.dll Wed Feb 11 00:40:06 2004
(40292C8E)
eb680000 eb6854a0 PCIIDEX PCIIDEX.SYS Thu Oct 28 04:32:19 1999
(3817847B)
eb688000 eb68f180 MountMgr MountMgr.sys Sat Oct 23 04:18:06 1999
(3810E9A6)
eb690000 eb696a20 disk disk.sys Sat Oct 23 03:57:46 1999
(3810E4E2)
eb698000 eb69d240 Msfs Msfs.SYS Wed Oct 27 04:51:32 1999
(3816377C)
eb6a8000 eb6ae0e0 parport parport.sys Sun Sep 26 00:06:43 1999
(37ED163B)
eb6c0000 eb6c5400 mouclass mouclass.sys Sat Oct 02 05:03:11 1999
(37F544B7)
eb6d0000 eb6d5ea0 kbdclass kbdclass.sys Wed Oct 27 04:42:37 1999
(38163565)
eb720000 eb7269e0 cdrom cdrom.sys Thu Oct 28 05:16:36 1999
(38178EDC)
eb728000 eb72f960 wanarp wanarp.sys Sun Oct 31 04:06:06 1999
(381B72D6)
eb768000 eb76c3e0 ptilink ptilink.sys Thu Oct 14 04:59:00 1999
(380515BC)
eb778000 eb77c0e0 raspti raspti.sys Sat Oct 09 02:15:10 1999
(37FE57D6)
eb7b8000 eb7bca80 flpydisk flpydisk.sys Tue Sep 28 09:17:21 1999
(37F03A49)
eb7d0000 eb7d7c80 uhcd uhcd.sys Wed Oct 06 02:15:47 1999
(37FA637B)
eb7d8000 eb7de9c0 EFS EFS.SYS Sun Oct 10 02:29:21 1999
(37FFACA9)
eb7e0000 eb7e4f60 USBD USBD.SYS Sun Oct 10 02:11:58 1999
(37FFA896)
eb7f0000 eb7f4800 RTL8139 RTL8139.SYS Thu Aug 19 00:03:29 1999
(37BAFC79)
eb800000 eb806540 fdc fdc.sys Tue Oct 12 03:59:20 1999
(380264C0)
eb810000 eb812a20 BOOTVID BOOTVID.DLL Thu Nov 04 06:54:33 1999
(3820E051)
eb814000 eb816b80 PartMgr PartMgr.sys Fri Oct 15 06:29:16 1999
(38067C64)
eb880000 eb8834a0 serenum serenum.sys Wed Oct 20 04:06:55 1999
(380CF287)
eb88c000 eb88e440 gameenum gameenum.sys Sun Sep 26 00:05:57 1999
(37ED160D)
eb898000 eb89a220 ndistapi ndistapi.sys Wed Oct 13 05:24:43 1999
(3803CA43)
eb8a4000 eb8a7f40 TDI TDI.SYS Tue Nov 30 12:49:49 1999
(38437A95)
eb8cc000 eb8cf580 vga vga.sys Sun Sep 26 00:07:40 1999
(37ED1674)
eb900000 eb901d20 Diskperf Diskperf.sys Thu Feb 13 03:04:38 2003
(3E4ABDEE)
eb902000 eb903b80 dmload dmload.sys Wed Dec 01 01:17:49 1999
(384429E5)
eb90c000 eb90dbc0 Fs_Rec Fs_Rec.SYS Sun Sep 26 00:09:38 1999
(37ED16EA)
eb914000 eb915e40 rasacd rasacd.sys Sun Sep 26 00:11:23 1999
(37ED1753)
eb9a8000 eb9a9860 ParVdm ParVdm.SYS Tue Sep 28 08:58:16 1999
(37F035D0)
eb9c8000 eb9c8f80 WMILIB WMILIB.SYS Sun Sep 26 00:06:47 1999
(37ED163F)
eb9c9000 eb9c9aa0 pciide pciide.sys Thu Oct 28 04:32:19 1999
(3817847B)
eb9d6000 eb9d6a00 msmpu401 msmpu401.sys Sun Sep 26 00:05:15 1999
(37ED15E3)
eb9d7000 eb9d7a40 audstub audstub.sys Sun Sep 26 00:05:33 1999
(37ED15F5)
eb9d8000 eb9d8d80 swenum swenum.sys Sun Sep 26 00:06:31 1999
(37ED162F)
eb9da000 eb9da9e0 Null Null.SYS Sun Sep 26 00:04:58 1999
(37ED15D2)
eb9db000 eb9dbee0 Beep Beep.SYS Thu Oct 21 03:48:59 1999
(380E3FD3)
eb9dc000 eb9dcf80 mnmdd mnmdd.SYS Sun Sep 26 00:07:40 1999
(37ED1674)
eb9dd000 eb9ddf80 dump_WMILIB dump_WMILIB.SYS Sun Sep 26 00:06:47
1999 (37ED163F)
eb9e2000 eb9e2f80 hiber_WMILIB hiber_WMILIB.SYS Sun Sep 26 00:06:47
1999 (37ED163F)

No unloaded module list present

From: Jason Shay
Reply-To: Kernel Debugging Interest List
To: Kernel Debugging Interest List
Date: Aug 29, 2005 9:47 PM
RE: Re: Re: Re: Re: Re : Re : Re : [windbg] Irp tracking

Do get output from ‘x nt!NtSetSystemPowerState’, instead of dt?

In any case, ‘dt nt!_DRIVER_OBJECT’ should work. What is the output of
lmmnt?

Also, what debugger version are you using? I couldn’t repro the crash.

Jason

http:ignature-home.htm/xxxxx@Middle5?PARTNER=3> — You are currently
subscribed to windbg as: unknown lmsubst tag argument: ‘’ To unsubscribe
send a blank email to xxxxx@lists.osr.com</http:>

HKCU/software/Microsoft/WinDbg is the only state, aside from the
add/remote programs info.

Also, I was able to dig deeper into the dt problem. In w2k, the older
extension implementations don’t rely on the symbol type info as much.
This particular symbol doesn’t exist in the public types. Use this:

!drvobj <driver_object_address> f

Jason

________________________________

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of D M
Sent: Monday, August 29, 2005 10:19 AM
To: Kernel Debugging Interest List
Subject: RE: Re: Re: Re: Re: Re : Re : Re : [windbg] Irp tracking

Heck!!! this is black magic.

THe debugger seems to have died peacefully. Jason, now it doesn’t even
load up properly.

This is where it gets stuck.

Microsoft (R) Windows Debugger Version 6.4.0007.2
Copyright (c) Microsoft Corporation. All rights reserved.

Opened \.\com1
Waiting to reconnect…
Connected to Windows 2000 2195 x86 compatible target, ptr64 FALSE
Kernel Debugger connection established.
Symbol search path is: C:\DRV\symbols
Executable search path is:
Windows 2000 Kernel Version 2195 UP Free x86 compatible
Kernel base = 0x804de000 PsLoadedModuleList = 0x805484c0
System Uptime: not available
Break instruction exception - code 80000003 (first chance)
nt+0x52e64:
80530e64 cc int 3

I have set the /BREAK option in boot.ini.

I have tried unstalling, and reinstalling and lots of other tricks,
deleting the symbol sirectory, nothing works.

What all registry keys do i need to delete to make Windows forger abt
windbg 6.4, ( I observe that after re installing, the previous setting
are intact).

From: Jason Shay
Reply-To: Kernel Debugging Interest List
To: Kernel Debugging Interest List
Date: Aug 29, 2005 10:15 PM

Hmm, the lmmnt output seems a little off. I was expecting something
like this:

lkd> lmmnt

start end module name

804d7000 806eb100 nt (export symbols) ntoskrnl.exe

‘!lmi nt’ would be a suitable replacement…

Also - there is a v6.5 at
http://www.microsoft.com/whdc/devtools/debugging/installx86.mspx

Jason

http:ignature-home.htm/xxxxx@Middle5?PARTNER=3> — You are currently
subscribed to windbg as: unknown lmsubst tag argument: ‘’ To unsubscribe
send a blank email to xxxxx@lists.osr.com</http:></driver_object_address>