setting break points over a range

Hello everybody,

I want to set a breakpoint over an address range. I know that a module loads
itself from location 804de000 to 806de000 (say), can I set break points over
this entire range, so that any access to these addresses (read write,
execute, fetch) is halt the machine.

I tried ba in WinDbg, but can’t get it to work properly.

thanks

  • Developer

My guess is that ba didn’t work because the Size parameter was too big:

Size

The size of the location, in bytes, to be monitored for access. On an
x86 processor, this parameter can be 1, 2, or 4 - unless Access equals
e, in which case Size must be 1. On an x64 processor, this parameter can
be 1, 2, 4, or 8 - unless Access equals e, in which case Size must be 1.
On an Itanium processor, this parameter can be any power of 2, from 1 to
0x80000000. There can be no space between Access and Size.

I don’t think this kind of breakpoint across such a wide range is
possible.

Jason


From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Developer
Sent: Tuesday, August 30, 2005 12:01 AM
To: Kernel Debugging Interest List
Subject: [windbg] setting break points over a range

Hello everybody,

I want to set a breakpoint over an address range. I know that a module
loads itself from location 804de000 to 806de000 (say), can I set break
points over this entire range, so that any access to these addresses
(read write, execute, fetch) is halt the machine.

I tried ba in WinDbg, but can’t get it to work properly.

thanks

  • Developer — You are currently subscribed to windbg as: unknown
    lmsubst tag argument: ‘’ To unsubscribe send a blank email to
    xxxxx@lists.osr.com

Microsoft could fix this limitation on x86 and x64 by marking the whole
page(s) in
page tables as nonpresent and calling kernel debugger handler instead of the
standard
page fault handler.

Dmitriy Budko, VMware


From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jason Shay
Sent: Tuesday, August 30, 2005 2:06 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] setting break points over a range

My guess is that ba didn’t work because the Size parameter was too big:
Size
The size of the location, in bytes, to be monitored for access. On an x86
processor, this parameter can be 1, 2, or 4 - unless Access equals e, in
which case Size must be 1. On an x64 processor, this parameter can be 1, 2,
4, or 8 - unless Access equals e, in which case Size must be 1. On an Itanium
processor, this parameter can be any power of 2, from 1 to 0x80000000. There
can be no space between Access and Size.

I don’t think this kind of breakpoint across such a wide range is possible.

Jason


From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Developer
Sent: Tuesday, August 30, 2005 12:01 AM
To: Kernel Debugging Interest List
Subject: [windbg] setting break points over a range

Hello everybody,

I want to set a breakpoint over an address range. I know that a module loads
itself from location 804de000 to 806de000 (say), can I set break points over
this entire range, so that any access to these addresses (read write,
execute, fetch) is halt the machine.

I tried ba in WinDbg, but can’t get it to work properly.

thanks

If you simply wish to break when a particular module loads, why not use “bp
yourdriver!DriverEntry”?

– arlie


From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Developer
Sent: Tuesday, August 30, 2005 12:01 AM
To: Kernel Debugging Interest List
Subject: [windbg] setting break points over a range

Hello everybody,

I want to set a breakpoint over an address range. I know that a module loads
itself from location 804de000 to 806de000 (say), can I set break points over
this entire range, so that any access to these addresses (read write,
execute, fetch) is halt the machine.

I tried ba in WinDbg, but can’t get it to work properly.

thanks

Or ‘sxe ld:yourdriver’

Jason

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Arlie Davis
Sent: Tuesday, August 30, 2005 3:07 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] setting break points over a range

If you simply wish to break when a particular module loads, why not use
“bp
yourdriver!DriverEntry”?

– arlie


From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Developer
Sent: Tuesday, August 30, 2005 12:01 AM
To: Kernel Debugging Interest List
Subject: [windbg] setting break points over a range

Hello everybody,

I want to set a breakpoint over an address range. I know that a module
loads
itself from location 804de000 to 806de000 (say), can I set break points
over
this entire range, so that any access to these addresses (read write,
execute, fetch) is halt the machine.

I tried ba in WinDbg, but can’t get it to work properly.

thanks


You are currently subscribed to windbg as: xxxxx@winse.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

It’s not about driver entry. it’s not even my driver I dont have any symbols
of it. Soft ice lets you do it, so I wondered how do go ahead with windbg.
yes jason the parameters were too long, true. so there is no work around?

On 8/31/05, Jason Shay wrote:
>
> Or ‘sxe ld:yourdriver’
>
> Jason
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Arlie Davis
> Sent: Tuesday, August 30, 2005 3:07 PM
> To: Kernel Debugging Interest List
> Subject: RE: [windbg] setting break points over a range
>
> If you simply wish to break when a particular module loads, why not use
> “bp
> yourdriver!DriverEntry”?
>
> – arlie
>
> ________________________________
>
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Developer
> Sent: Tuesday, August 30, 2005 12:01 AM
> To: Kernel Debugging Interest List
> Subject: [windbg] setting break points over a range
>
>
>
> Hello everybody,
>
> I want to set a breakpoint over an address range. I know that a module
> loads
> itself from location 804de000 to 806de000 (say), can I set break points
> over
> this entire range, so that any access to these addresses (read write,
> execute, fetch) is halt the machine.
>
> I tried ba in WinDbg, but can’t get it to work properly.
>
> thanks
>
>
>
> —
> You are currently subscribed to windbg as: xxxxx@winse.microsoft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> —
> You are currently subscribed to windbg as: unknown lmsubst tag argument:
> ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>



- Developer

None that I know of. I’m going to go ahead and investigate if we can do
this in the next version.

Jason


From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Developer
Sent: Tuesday, August 30, 2005 10:27 PM
To: Kernel Debugging Interest List
Subject: Re: [windbg] setting break points over a range

It’s not about driver entry. it’s not even my driver I dont have any
symbols of it. Soft ice lets you do it, so I wondered how do go ahead
with windbg. yes jason the parameters were too long, true. so there is
no work around?

On 8/31/05, Jason Shay wrote:

Or ‘sxe ld:yourdriver’

Jason

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto: xxxxx@lists.osr.com
mailto:xxxxx] On Behalf Of Arlie Davis
Sent: Tuesday, August 30, 2005 3:07 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] setting break points over a range

If you simply wish to break when a particular module loads, why not use
“bp
yourdriver!DriverEntry”?

– arlie

________________________________

From: xxxxx@lists.osr.com
[mailto: xxxxx@lists.osr.com
mailto:xxxxx] On Behalf Of Developer
Sent: Tuesday, August 30, 2005 12:01 AM
To: Kernel Debugging Interest List
Subject: [windbg] setting break points over a range

Hello everybody,

I want to set a breakpoint over an address range. I know that a module
loads
itself from location 804de000 to 806de000 (say), can I set break points
over
this entire range, so that any access to these addresses (read write,
execute, fetch) is halt the machine.

I tried ba in WinDbg, but can’t get it to work properly.

thanks


You are currently subscribed to windbg as: xxxxx@winse.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
mailto:xxxxx


You are currently subscribed to windbg as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
mailto:xxxxx



- Developer — You are currently subscribed to windbg as: unknown
lmsubst tag argument: ‘’ To unsubscribe send a blank email to
xxxxx@lists.osr.com</mailto:xxxxx></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx>

Does PAGE_GUARD (0x100) has any meaning (or equivalent) in kernel mode? I
imagine not.

“Dmitriy Budko” a écrit dans le message de news:
xxxxx@windbg…
Microsoft could fix this limitation on x86 and x64 by marking the whole
page(s) in
page tables as nonpresent and calling kernel debugger handler instead of the
standard
page fault handler.

Dmitriy Budko, VMware

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Jason Shay
Sent: Tuesday, August 30, 2005 2:06 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] setting break points over a range

My guess is that ba didn’t work because the Size parameter was too big:
Size
The size of the location, in bytes, to be monitored for access. On an x86
processor, this parameter can be 1, 2, or 4 - unless Access equals e, in
which case Size must be 1. On an x64 processor, this parameter can be 1, 2,
4, or 8 - unless Access equals e, in which case Size must be 1. On an
Itanium processor, this parameter can be any power of 2, from 1 to
0x80000000. There can be no space between Access and Size.

I don’t think this kind of breakpoint across such a wide range is possible.

Jason

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Developer
Sent: Tuesday, August 30, 2005 12:01 AM
To: Kernel Debugging Interest List
Subject: [windbg] setting break points over a range

Hello everybody,

I want to set a breakpoint over an address range. I know that a module loads
itself from location 804de000 to 806de000 (say), can I set break points over
this entire range, so that any access to these addresses (read write,
execute, fetch) is halt the machine.

I tried ba in WinDbg, but can’t get it to work properly.

thanks