Can anyone tell me, why should softICE set DisablePagingExecutive and make
our work hard?
Thanks,
Arun
If we let Kernel code to be paged out we won’t be able to effectively hook
stuff. What’s the nature of your problem with it, can you describe it to me
?
Alberto.
-----Original Message-----
From: Arun [mailto:xxxxx@deccanetdesignstele.com]
Sent: Tuesday, January 28, 2003 7:04 AM
To: NT Developers Interest List
Subject: [ntdev] SoftICE and DisablePagingExecutive
Can anyone tell me, why should softICE set DisablePagingExecutive and make
our work hard?
Thanks,
Arun
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.
Hi Alberto,
I recently found a bug in a part of my driver code which was written to be
paged out wrongly. I couldn’t spot the bug while softICE is running and
later found out the reason. Can you please describe the technical
difficulty faced by softICE if paging is enabled? I will be happy if you
could tell me the place where it is documented, instead. I am curious to
know the reason.
Is it the same case with WinDBG also?
Thanks,
Arun
It’s a royal pain to hook something that’s paging in and out !
Alberto.
-----Original Message-----
From: Arun [mailto:xxxxx@deccanetdesignstele.com]
Sent: Wednesday, January 29, 2003 2:36 AM
To: NT Developers Interest List
Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
Hi Alberto,
I recently found a bug in a part of my driver code which was written to be
paged out wrongly. I couldn’t spot the bug while softICE is running and
later found out the reason. Can you please describe the technical
difficulty faced by softICE if paging is enabled? I will be happy if you
could tell me the place where it is documented, instead. I am curious to
know the reason.
Is it the same case with WinDBG also?
Thanks,
Arun
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.
Why is this Alberto ? Most of my hooks work just fine on
pagable memory …
----- Original Message -----
From: “Moreira, Alberto”
To: “NT Developers Interest List”
Sent: Wednesday, January 29, 2003 5:12 PM
Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> It’s a royal pain to hook something that’s paging in and out !
>
> Alberto.
>
>
> -----Original Message-----
> From: Arun [mailto:xxxxx@deccanetdesignstele.com]
> Sent: Wednesday, January 29, 2003 2:36 AM
> To: NT Developers Interest List
> Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
>
>
> Hi Alberto,
>
> I recently found a bug in a part of my driver code which was written to be
> paged out wrongly. I couldn’t spot the bug while softICE is running and
> later found out the reason. Can you please describe the technical
> difficulty faced by softICE if paging is enabled? I will be happy if you
> could tell me the place where it is documented, instead. I am curious to
> know the reason.
>
> Is it the same case with WinDBG also?
>
> Thanks,
> Arun
>
> —
> You are currently subscribed to ntdev as: xxxxx@compuware.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> The contents of this e-mail are intended for the named addressee only. It
> contains information that may be confidential. Unless you are the named
> addressee or an authorized designee, you may not copy or use it, or
disclose
> it to anyone else. If you received it in error please notify us
immediately
> and then destroy it.
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
Remember, SoftICE is active when the OS is not available. It’s us and the
iron, and nothing else.
Alberto.
-----Original Message-----
From: Dan Partelly [mailto:xxxxx@rdsor.ro]
Sent: Wednesday, January 29, 2003 11:06 AM
To: NT Developers Interest List
Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
Why is this Alberto ? Most of my hooks work just fine on
pagable memory …
----- Original Message -----
From: “Moreira, Alberto”
To: “NT Developers Interest List”
Sent: Wednesday, January 29, 2003 5:12 PM
Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> It’s a royal pain to hook something that’s paging in and out !
>
> Alberto.
>
>
> -----Original Message-----
> From: Arun [mailto:xxxxx@deccanetdesignstele.com]
> Sent: Wednesday, January 29, 2003 2:36 AM
> To: NT Developers Interest List
> Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
>
>
> Hi Alberto,
>
> I recently found a bug in a part of my driver code which was written to be
> paged out wrongly. I couldn’t spot the bug while softICE is running and
> later found out the reason. Can you please describe the technical
> difficulty faced by softICE if paging is enabled? I will be happy if you
> could tell me the place where it is documented, instead. I am curious to
> know the reason.
>
> Is it the same case with WinDBG also?
>
> Thanks,
> Arun
>
> —
> You are currently subscribed to ntdev as: xxxxx@compuware.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> The contents of this e-mail are intended for the named addressee only. It
> contains information that may be confidential. Unless you are the named
> addressee or an authorized designee, you may not copy or use it, or
disclose
> it to anyone else. If you received it in error please notify us
immediately
> and then destroy it.
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
—
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.
Yes of course, but once the NTICE hook is reached , the page which contains
the hooked code should already be in paged memory,
and the main body of the code in NTICE is anyway in non-paged memory. And
most of NTICE hooks (note: ntoskrnl.exe API hooks, or
ntoskrnl.exe / hal unexported function hooks )are called during normal OS
operation, not while NTICE is active. I agree that this might
cause serious problem if you call into NDIS or USB stack from NTICE … but
in this case your no more just you and the iron there.
One day I should look how you implement your universal networking features
and things like this … Do you in any moment relay on
calling any kind of NT code while NTICE is active ? NDIS ? USB ? or any
other ?
Regards, Dan
----- Original Message -----
From: “Moreira, Alberto”
To: “NT Developers Interest List”
Sent: Wednesday, January 29, 2003 6:22 PM
Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> Remember, SoftICE is active when the OS is not available. It’s us and the
> iron, and nothing else.
>
> Alberto.
>
>
> -----Original Message-----
> From: Dan Partelly [mailto:xxxxx@rdsor.ro]
> Sent: Wednesday, January 29, 2003 11:06 AM
> To: NT Developers Interest List
> Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
>
>
> Why is this Alberto ? Most of my hooks work just fine on
> pagable memory …
>
> ----- Original Message -----
> From: “Moreira, Alberto”
> To: “NT Developers Interest List”
> Sent: Wednesday, January 29, 2003 5:12 PM
> Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
>
>
> > It’s a royal pain to hook something that’s paging in and out !
> >
> > Alberto.
> >
> >
> > -----Original Message-----
> > From: Arun [mailto:xxxxx@deccanetdesignstele.com]
> > Sent: Wednesday, January 29, 2003 2:36 AM
> > To: NT Developers Interest List
> > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> >
> >
> > Hi Alberto,
> >
> > I recently found a bug in a part of my driver code which was written to
be
> > paged out wrongly. I couldn’t spot the bug while softICE is running and
> > later found out the reason. Can you please describe the technical
> > difficulty faced by softICE if paging is enabled? I will be happy if you
> > could tell me the place where it is documented, instead. I am curious to
> > know the reason.
> >
> > Is it the same case with WinDBG also?
> >
> > Thanks,
> > Arun
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@compuware.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> >
> > The contents of this e-mail are intended for the named addressee only.
It
> > contains information that may be confidential. Unless you are the named
> > addressee or an authorized designee, you may not copy or use it, or
> disclose
> > it to anyone else. If you received it in error please notify us
> immediately
> > and then destroy it.
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@compuware.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> The contents of this e-mail are intended for the named addressee only. It
> contains information that may be confidential. Unless you are the named
> addressee or an authorized designee, you may not copy or use it, or
disclose
> it to anyone else. If you received it in error please notify us
immediately
> and then destroy it.
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
Alberto,
how breakpoints work in pageable user mode memory? I guess SI has to restore
them at every page-in. If so, why it doesn’t restore hooks the same way? As
Dan wrote, hooks should be necessary only when OS is active. The other
possibility is SI doesn’t and it would explain why my breakpoints are missed
sometimes in user mode code…
What bothers me more is disabled write protection which seems totally
unnecessary. Any explanation?
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]
From:
xxxxx@compuware.com[SMTP:xxxxx@compuware.com]
Reply To: xxxxx@lists.osr.com
Sent: Wednesday, January 29, 2003 5:22 PM
To: xxxxx@lists.osr.com
Subject: [ntdev] RE: SoftICE and DisablePagingExecutiveRemember, SoftICE is active when the OS is not available. It’s us and the
iron, and nothing else.Alberto.
-----Original Message-----
From: Dan Partelly [mailto:xxxxx@rdsor.ro]
Sent: Wednesday, January 29, 2003 11:06 AM
To: NT Developers Interest List
Subject: [ntdev] RE: SoftICE and DisablePagingExecutiveWhy is this Alberto ? Most of my hooks work just fine on
pagable memory …----- Original Message -----
From: “Moreira, Alberto”
> To: “NT Developers Interest List”
> Sent: Wednesday, January 29, 2003 5:12 PM
> Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
>
>
> > It’s a royal pain to hook something that’s paging in and out !
> >
> > Alberto.
> >
> >
> > -----Original Message-----
> > From: Arun [mailto:xxxxx@deccanetdesignstele.com]
> > Sent: Wednesday, January 29, 2003 2:36 AM
> > To: NT Developers Interest List
> > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> >
> >
> > Hi Alberto,
> >
> > I recently found a bug in a part of my driver code which was written to
> be
> > paged out wrongly. I couldn’t spot the bug while softICE is running and
> > later found out the reason. Can you please describe the technical
> > difficulty faced by softICE if paging is enabled? I will be happy if you
> > could tell me the place where it is documented, instead. I am curious to
> > know the reason.
> >
> > Is it the same case with WinDBG also?
> >
> > Thanks,
> > Arun
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@compuware.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> >
> > The contents of this e-mail are intended for the named addressee only.
> It
> > contains information that may be confidential. Unless you are the named
> > addressee or an authorized designee, you may not copy or use it, or
> disclose
> > it to anyone else. If you received it in error please notify us
> immediately
> > and then destroy it.
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@compuware.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> The contents of this e-mail are intended for the named addressee only. It
> contains information that may be confidential. Unless you are the named
> addressee or an authorized designee, you may not copy or use it, or
> disclose
> it to anyone else. If you received it in error please notify us
> immediately
> and then destroy it.
>
>
>
> —
> You are currently subscribed to ntdev as: michal.vodicka@st.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
Most hooks in kernel code shouldn’t need restored. The kernel and hal
and most drivers are paged out of the page file, not out of the original
image section, so changes to them will persist for the current boot. I
think win32k is paged from the image however so you still need some
magic for that one.
-p
-----Original Message-----
From: Michal Vodicka [mailto:xxxxx@veridicom.cz.nospam]
Sent: Wednesday, January 29, 2003 1:17 PM
To: NT Developers Interest List
Alberto,
how breakpoints work in pageable user mode memory? I guess SI has to
restore them at every page-in. If so, why it doesn’t restore hooks the
same way? As Dan wrote, hooks should be necessary only when OS is
active. The other possibility is SI doesn’t and it would explain why my
breakpoints are missed sometimes in user mode code…
What bothers me more is disabled write protection which seems totally
unnecessary. Any explanation?
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]
From:
xxxxx@compuware.com[SMTP:xxxxx@compuware.com]
Reply To: xxxxx@lists.osr.com
Sent: Wednesday, January 29, 2003 5:22 PM
To: xxxxx@lists.osr.com
Subject: [ntdev] RE: SoftICE and DisablePagingExecutiveRemember, SoftICE is active when the OS is not available. It’s us and
the iron, and nothing else.Alberto.
-----Original Message-----
From: Dan Partelly [mailto:xxxxx@rdsor.ro]
Sent: Wednesday, January 29, 2003 11:06 AM
To: NT Developers Interest List
Subject: [ntdev] RE: SoftICE and DisablePagingExecutiveWhy is this Alberto ? Most of my hooks work just fine on pagable
memory …----- Original Message -----
From: “Moreira, Alberto”
> To: “NT Developers Interest List”
> Sent: Wednesday, January 29, 2003 5:12 PM
> Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
>
>
> > It’s a royal pain to hook something that’s paging in and out !
> >
> > Alberto.
> >
> >
> > -----Original Message-----
> > From: Arun [mailto:xxxxx@deccanetdesignstele.com]
> > Sent: Wednesday, January 29, 2003 2:36 AM
> > To: NT Developers Interest List
> > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> >
> >
> > Hi Alberto,
> >
> > I recently found a bug in a part of my driver code which was written
> > to
> be
> > paged out wrongly. I couldn’t spot the bug while softICE is running
> > and later found out the reason. Can you please describe the
> > technical difficulty faced by softICE if paging is enabled? I will
> > be happy if you could tell me the place where it is documented,
> > instead. I am curious to know the reason.
> >
> > Is it the same case with WinDBG also?
> >
> > Thanks,
> > Arun
> >
> > —
> > You are currently subscribed to ntdev as:
> > xxxxx@compuware.com To unsubscribe send a blank email to
> > xxxxx@lists.osr.com
> >
> >
> >
> > The contents of this e-mail are intended for the named addressee
only.
> It
> > contains information that may be confidential. Unless you are the
> > named addressee or an authorized designee, you may not copy or use
> > it, or
> disclose
> > it to anyone else. If you received it in error please notify us
> immediately
> > and then destroy it.
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@rdsor.ro To
> > unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
>
> —
> You are currently subscribed to ntdev as:
> xxxxx@compuware.com To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>
>
>
> The contents of this e-mail are intended for the named addressee only.
> It contains information that may be confidential. Unless you are the
> named addressee or an authorized designee, you may not copy or use it,
> or disclose it to anyone else. If you received it in error please
> notify us immediately and then destroy it.
>
>
>
> —
> You are currently subscribed to ntdev as: michal.vodicka@st.com To
> unsubscribe send a blank email to xxxxx@lists.osr.com
>
—
You are currently subscribed to ntdev as: xxxxx@microsoft.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
The latest versions of SoftIce don’t require the reboot to turn off write
protection. Maybe they found another way or it isn’t needed anymore.
----- Original Message -----
From: “Michal Vodicka”
To: “NT Developers Interest List”
Sent: Wednesday, January 29, 2003 4:16 PM
Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> Alberto,
>
> how breakpoints work in pageable user mode memory? I guess SI has to
restore
> them at every page-in. If so, why it doesn’t restore hooks the same way?
As
> Dan wrote, hooks should be necessary only when OS is active. The other
> possibility is SI doesn’t and it would explain why my breakpoints are
missed
> sometimes in user mode code…
>
> What bothers me more is disabled write protection which seems totally
> unnecessary. Any explanation?
>
> Best regards,
>
> Michal Vodicka
> STMicroelectronics Design and Application s.r.o.
> [michal.vodicka@st.com, http:://www.st.com]
>
> > ----------
> > From:
> > xxxxx@compuware.com[SMTP:xxxxx@compuware.com]
> > Reply To: xxxxx@lists.osr.com
> > Sent: Wednesday, January 29, 2003 5:22 PM
> > To: xxxxx@lists.osr.com
> > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> >
> > Remember, SoftICE is active when the OS is not available. It’s us and
the
> > iron, and nothing else.
> >
> > Alberto.
> >
> >
> > -----Original Message-----
> > From: Dan Partelly [mailto:xxxxx@rdsor.ro]
> > Sent: Wednesday, January 29, 2003 11:06 AM
> > To: NT Developers Interest List
> > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> >
> >
> > Why is this Alberto ? Most of my hooks work just fine on
> > pagable memory …
> >
> > ----- Original Message -----
> > From: “Moreira, Alberto”
> > To: “NT Developers Interest List”
> > Sent: Wednesday, January 29, 2003 5:12 PM
> > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> >
> >
> > > It’s a royal pain to hook something that’s paging in and out !
> > >
> > > Alberto.
> > >
> > >
> > > -----Original Message-----
> > > From: Arun [mailto:xxxxx@deccanetdesignstele.com]
> > > Sent: Wednesday, January 29, 2003 2:36 AM
> > > To: NT Developers Interest List
> > > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> > >
> > >
> > > Hi Alberto,
> > >
> > > I recently found a bug in a part of my driver code which was written
to
> > be
> > > paged out wrongly. I couldn’t spot the bug while softICE is running
and
> > > later found out the reason. Can you please describe the technical
> > > difficulty faced by softICE if paging is enabled? I will be happy if
you
> > > could tell me the place where it is documented, instead. I am curious
to
> > > know the reason.
> > >
> > > Is it the same case with WinDBG also?
> > >
> > > Thanks,
> > > Arun
> > >
> > > —
> > > You are currently subscribed to ntdev as:
xxxxx@compuware.com
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > >
> > >
> > >
> > > The contents of this e-mail are intended for the named addressee only.
> > It
> > > contains information that may be confidential. Unless you are the
named
> > > addressee or an authorized designee, you may not copy or use it, or
> > disclose
> > > it to anyone else. If you received it in error please notify us
> > immediately
> > > and then destroy it.
> > >
> > >
> > >
> > > —
> > > You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > >
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@compuware.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> >
> > The contents of this e-mail are intended for the named addressee only.
It
> > contains information that may be confidential. Unless you are the named
> > addressee or an authorized designee, you may not copy or use it, or
> > disclose
> > it to anyone else. If you received it in error please notify us
> > immediately
> > and then destroy it.
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: michal.vodicka@st.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@yoshimuni.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
The latest version is from DS 2.7? I looked into registry and have
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
Management\EnforceWriteProtection set to 0. Also, I remember I tried to
re-enable it and SI didn’t work but I’m not sure about version.
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]
From: xxxxx@yoshimuni.com[SMTP:xxxxx@yoshimuni.com]
Reply To: xxxxx@lists.osr.com
Sent: Wednesday, January 29, 2003 10:39 PM
To: xxxxx@lists.osr.com
Subject: [ntdev] RE: SoftICE and DisablePagingExecutiveThe latest versions of SoftIce don’t require the reboot to turn off write
protection. Maybe they found another way or it isn’t needed anymore.----- Original Message -----
From: “Michal Vodicka”
> To: “NT Developers Interest List”
> Sent: Wednesday, January 29, 2003 4:16 PM
> Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
>
>
> > Alberto,
> >
> > how breakpoints work in pageable user mode memory? I guess SI has to
> restore
> > them at every page-in. If so, why it doesn’t restore hooks the same way?
> As
> > Dan wrote, hooks should be necessary only when OS is active. The other
> > possibility is SI doesn’t and it would explain why my breakpoints are
> missed
> > sometimes in user mode code…
> >
> > What bothers me more is disabled write protection which seems totally
> > unnecessary. Any explanation?
> >
> > Best regards,
> >
> > Michal Vodicka
> > STMicroelectronics Design and Application s.r.o.
> > [michal.vodicka@st.com, http:://www.st.com]
> >
> > > ----------
> > > From:
> > > xxxxx@compuware.com[SMTP:xxxxx@compuware.com]
> > > Reply To: xxxxx@lists.osr.com
> > > Sent: Wednesday, January 29, 2003 5:22 PM
> > > To: xxxxx@lists.osr.com
> > > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> > >
> > > Remember, SoftICE is active when the OS is not available. It’s us and
> the
> > > iron, and nothing else.
> > >
> > > Alberto.
> > >
> > >
> > > -----Original Message-----
> > > From: Dan Partelly [mailto:xxxxx@rdsor.ro]
> > > Sent: Wednesday, January 29, 2003 11:06 AM
> > > To: NT Developers Interest List
> > > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> > >
> > >
> > > Why is this Alberto ? Most of my hooks work just fine on
> > > pagable memory …
> > >
> > > ----- Original Message -----
> > > From: “Moreira, Alberto”
> > > To: “NT Developers Interest List”
> > > Sent: Wednesday, January 29, 2003 5:12 PM
> > > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> > >
> > >
> > > > It’s a royal pain to hook something that’s paging in and out !
> > > >
> > > > Alberto.
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Arun [mailto:xxxxx@deccanetdesignstele.com]
> > > > Sent: Wednesday, January 29, 2003 2:36 AM
> > > > To: NT Developers Interest List
> > > > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> > > >
> > > >
> > > > Hi Alberto,
> > > >
> > > > I recently found a bug in a part of my driver code which was written
> to
> > > be
> > > > paged out wrongly. I couldn’t spot the bug while softICE is running
> and
> > > > later found out the reason. Can you please describe the technical
> > > > difficulty faced by softICE if paging is enabled? I will be happy if
> you
> > > > could tell me the place where it is documented, instead. I am
> curious
> to
> > > > know the reason.
> > > >
> > > > Is it the same case with WinDBG also?
> > > >
> > > > Thanks,
> > > > Arun
> > > >
> > > > —
> > > > You are currently subscribed to ntdev as:
> xxxxx@compuware.com
> > > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > > >
> > > >
> > > >
> > > > The contents of this e-mail are intended for the named addressee
> only.
> > > It
> > > > contains information that may be confidential. Unless you are the
> named
> > > > addressee or an authorized designee, you may not copy or use it, or
> > > disclose
> > > > it to anyone else. If you received it in error please notify us
> > > immediately
> > > > and then destroy it.
> > > >
> > > >
> > > >
> > > > —
> > > > You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> > > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > > >
> > >
> > >
> > >
> > > —
> > > You are currently subscribed to ntdev as:
> xxxxx@compuware.com
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > >
> > >
> > >
> > > The contents of this e-mail are intended for the named addressee only.
> It
> > > contains information that may be confidential. Unless you are the
> named
> > > addressee or an authorized designee, you may not copy or use it, or
> > > disclose
> > > it to anyone else. If you received it in error please notify us
> > > immediately
> > > and then destroy it.
> > >
> > >
> > >
> > > —
> > > You are currently subscribed to ntdev as: michal.vodicka@st.com
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > >
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@yoshimuni.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
>
> —
> You are currently subscribed to ntdev as: michal.vodicka@st.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
I read something in the readme around version 2.5 or 2.6 that said they
didn’t need it anymore, but it could be they just figured out how to disable
the write protection without a reboot. Windbg is the better solution unless
you still have to do 9x drivers for the same hardware.
----- Original Message -----
From: “Michal Vodicka”
To: “NT Developers Interest List”
Sent: Wednesday, January 29, 2003 4:48 PM
Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> The latest version is from DS 2.7? I looked into registry and have
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
> Management\EnforceWriteProtection set to 0. Also, I remember I tried to
> re-enable it and SI didn’t work but I’m not sure about version.
>
> Best regards,
>
> Michal Vodicka
> STMicroelectronics Design and Application s.r.o.
> [michal.vodicka@st.com, http:://www.st.com]
>
> > ----------
> > From: xxxxx@yoshimuni.com[SMTP:xxxxx@yoshimuni.com]
> > Reply To: xxxxx@lists.osr.com
> > Sent: Wednesday, January 29, 2003 10:39 PM
> > To: xxxxx@lists.osr.com
> > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> >
> > The latest versions of SoftIce don’t require the reboot to turn off
write
> > protection. Maybe they found another way or it isn’t needed anymore.
> >
> > ----- Original Message -----
> > From: “Michal Vodicka”
> > To: “NT Developers Interest List”
> > Sent: Wednesday, January 29, 2003 4:16 PM
> > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> >
> >
> > > Alberto,
> > >
> > > how breakpoints work in pageable user mode memory? I guess SI has to
> > restore
> > > them at every page-in. If so, why it doesn’t restore hooks the same
way?
> > As
> > > Dan wrote, hooks should be necessary only when OS is active. The other
> > > possibility is SI doesn’t and it would explain why my breakpoints are
> > missed
> > > sometimes in user mode code…
> > >
> > > What bothers me more is disabled write protection which seems totally
> > > unnecessary. Any explanation?
> > >
> > > Best regards,
> > >
> > > Michal Vodicka
> > > STMicroelectronics Design and Application s.r.o.
> > > [michal.vodicka@st.com, http:://www.st.com]
> > >
> > > > ----------
> > > > From:
> > > > xxxxx@compuware.com[SMTP:xxxxx@compuware.com]
> > > > Reply To: xxxxx@lists.osr.com
> > > > Sent: Wednesday, January 29, 2003 5:22 PM
> > > > To: xxxxx@lists.osr.com
> > > > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> > > >
> > > > Remember, SoftICE is active when the OS is not available. It’s us
and
> > the
> > > > iron, and nothing else.
> > > >
> > > > Alberto.
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Dan Partelly [mailto:xxxxx@rdsor.ro]
> > > > Sent: Wednesday, January 29, 2003 11:06 AM
> > > > To: NT Developers Interest List
> > > > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> > > >
> > > >
> > > > Why is this Alberto ? Most of my hooks work just fine on
> > > > pagable memory …
> > > >
> > > > ----- Original Message -----
> > > > From: “Moreira, Alberto”
> > > > To: “NT Developers Interest List”
> > > > Sent: Wednesday, January 29, 2003 5:12 PM
> > > > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> > > >
> > > >
> > > > > It’s a royal pain to hook something that’s paging in and out !
> > > > >
> > > > > Alberto.
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: Arun [mailto:xxxxx@deccanetdesignstele.com]
> > > > > Sent: Wednesday, January 29, 2003 2:36 AM
> > > > > To: NT Developers Interest List
> > > > > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> > > > >
> > > > >
> > > > > Hi Alberto,
> > > > >
> > > > > I recently found a bug in a part of my driver code which was
written
> > to
> > > > be
> > > > > paged out wrongly. I couldn’t spot the bug while softICE is
running
> > and
> > > > > later found out the reason. Can you please describe the technical
> > > > > difficulty faced by softICE if paging is enabled? I will be happy
if
> > you
> > > > > could tell me the place where it is documented, instead. I am
> > curious
> > to
> > > > > know the reason.
> > > > >
> > > > > Is it the same case with WinDBG also?
> > > > >
> > > > > Thanks,
> > > > > Arun
> > > > >
> > > > > —
> > > > > You are currently subscribed to ntdev as:
> > xxxxx@compuware.com
> > > > > To unsubscribe send a blank email to
xxxxx@lists.osr.com
> > > > >
> > > > >
> > > > >
> > > > > The contents of this e-mail are intended for the named addressee
> > only.
> > > > It
> > > > > contains information that may be confidential. Unless you are the
> > named
> > > > > addressee or an authorized designee, you may not copy or use it,
or
> > > > disclose
> > > > > it to anyone else. If you received it in error please notify us
> > > > immediately
> > > > > and then destroy it.
> > > > >
> > > > >
> > > > >
> > > > > —
> > > > > You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> > > > > To unsubscribe send a blank email to
xxxxx@lists.osr.com
> > > > >
> > > >
> > > >
> > > >
> > > > —
> > > > You are currently subscribed to ntdev as:
> > xxxxx@compuware.com
> > > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > > >
> > > >
> > > >
> > > > The contents of this e-mail are intended for the named addressee
only.
> > It
> > > > contains information that may be confidential. Unless you are the
> > named
> > > > addressee or an authorized designee, you may not copy or use it, or
> > > > disclose
> > > > it to anyone else. If you received it in error please notify us
> > > > immediately
> > > > and then destroy it.
> > > >
> > > >
> > > >
> > > > —
> > > > You are currently subscribed to ntdev as: michal.vodicka@st.com
> > > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > > >
> > >
> > >
> > > —
> > > You are currently subscribed to ntdev as: xxxxx@yoshimuni.com
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: michal.vodicka@st.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@yoshimuni.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
Guys,
Right now SoftICE needs both kernel paging and write protection to be turned
off. There’s all sorts of reasons for that, some historical, some real. Just
to give a hint, how do I maintain a hook on a piece of memory that is copied
directly from the hard drive upon a page-not-present fault, bypassing the
image in the swap file ? This kind of thing may not happen in user space.
Alberto.
-----Original Message-----
From: David J. Craig [mailto:xxxxx@yoshimuni.com]
Sent: Wednesday, January 29, 2003 5:04 PM
To: NT Developers Interest List
Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
I read something in the readme around version 2.5 or 2.6 that said they
didn’t need it anymore, but it could be they just figured out how to disable
the write protection without a reboot. Windbg is the better solution unless
you still have to do 9x drivers for the same hardware.
----- Original Message -----
From: “Michal Vodicka”
To: “NT Developers Interest List”
Sent: Wednesday, January 29, 2003 4:48 PM
Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> The latest version is from DS 2.7? I looked into registry and have
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory
> Management\EnforceWriteProtection set to 0. Also, I remember I tried to
> re-enable it and SI didn’t work but I’m not sure about version.
>
> Best regards,
>
> Michal Vodicka
> STMicroelectronics Design and Application s.r.o.
> [michal.vodicka@st.com, http:://www.st.com]
>
> > ----------
> > From: xxxxx@yoshimuni.com[SMTP:xxxxx@yoshimuni.com]
> > Reply To: xxxxx@lists.osr.com
> > Sent: Wednesday, January 29, 2003 10:39 PM
> > To: xxxxx@lists.osr.com
> > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> >
> > The latest versions of SoftIce don’t require the reboot to turn off
write
> > protection. Maybe they found another way or it isn’t needed anymore.
> >
> > ----- Original Message -----
> > From: “Michal Vodicka”
> > To: “NT Developers Interest List”
> > Sent: Wednesday, January 29, 2003 4:16 PM
> > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> >
> >
> > > Alberto,
> > >
> > > how breakpoints work in pageable user mode memory? I guess SI has to
> > restore
> > > them at every page-in. If so, why it doesn’t restore hooks the same
way?
> > As
> > > Dan wrote, hooks should be necessary only when OS is active. The other
> > > possibility is SI doesn’t and it would explain why my breakpoints are
> > missed
> > > sometimes in user mode code…
> > >
> > > What bothers me more is disabled write protection which seems totally
> > > unnecessary. Any explanation?
> > >
> > > Best regards,
> > >
> > > Michal Vodicka
> > > STMicroelectronics Design and Application s.r.o.
> > > [michal.vodicka@st.com, http:://www.st.com]
> > >
> > > > ----------
> > > > From:
> > > > xxxxx@compuware.com[SMTP:xxxxx@compuware.com]
> > > > Reply To: xxxxx@lists.osr.com
> > > > Sent: Wednesday, January 29, 2003 5:22 PM
> > > > To: xxxxx@lists.osr.com
> > > > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> > > >
> > > > Remember, SoftICE is active when the OS is not available. It’s us
and
> > the
> > > > iron, and nothing else.
> > > >
> > > > Alberto.
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Dan Partelly [mailto:xxxxx@rdsor.ro]
> > > > Sent: Wednesday, January 29, 2003 11:06 AM
> > > > To: NT Developers Interest List
> > > > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> > > >
> > > >
> > > > Why is this Alberto ? Most of my hooks work just fine on
> > > > pagable memory …
> > > >
> > > > ----- Original Message -----
> > > > From: “Moreira, Alberto”
> > > > To: “NT Developers Interest List”
> > > > Sent: Wednesday, January 29, 2003 5:12 PM
> > > > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> > > >
> > > >
> > > > > It’s a royal pain to hook something that’s paging in and out !
> > > > >
> > > > > Alberto.
> > > > >
> > > > >
> > > > > -----Original Message-----
> > > > > From: Arun [mailto:xxxxx@deccanetdesignstele.com]
> > > > > Sent: Wednesday, January 29, 2003 2:36 AM
> > > > > To: NT Developers Interest List
> > > > > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> > > > >
> > > > >
> > > > > Hi Alberto,
> > > > >
> > > > > I recently found a bug in a part of my driver code which was
written
> > to
> > > > be
> > > > > paged out wrongly. I couldn’t spot the bug while softICE is
running
> > and
> > > > > later found out the reason. Can you please describe the technical
> > > > > difficulty faced by softICE if paging is enabled? I will be happy
if
> > you
> > > > > could tell me the place where it is documented, instead. I am
> > curious
> > to
> > > > > know the reason.
> > > > >
> > > > > Is it the same case with WinDBG also?
> > > > >
> > > > > Thanks,
> > > > > Arun
> > > > >
> > > > > —
> > > > > You are currently subscribed to ntdev as:
> > xxxxx@compuware.com
> > > > > To unsubscribe send a blank email to
xxxxx@lists.osr.com
> > > > >
> > > > >
> > > > >
> > > > > The contents of this e-mail are intended for the named addressee
> > only.
> > > > It
> > > > > contains information that may be confidential. Unless you are the
> > named
> > > > > addressee or an authorized designee, you may not copy or use it,
or
> > > > disclose
> > > > > it to anyone else. If you received it in error please notify us
> > > > immediately
> > > > > and then destroy it.
> > > > >
> > > > >
> > > > >
> > > > > —
> > > > > You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> > > > > To unsubscribe send a blank email to
xxxxx@lists.osr.com
> > > > >
> > > >
> > > >
> > > >
> > > > —
> > > > You are currently subscribed to ntdev as:
> > xxxxx@compuware.com
> > > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > > >
> > > >
> > > >
> > > > The contents of this e-mail are intended for the named addressee
only.
> > It
> > > > contains information that may be confidential. Unless you are the
> > named
> > > > addressee or an authorized designee, you may not copy or use it, or
> > > > disclose
> > > > it to anyone else. If you received it in error please notify us
> > > > immediately
> > > > and then destroy it.
> > > >
> > > >
> > > >
> > > > —
> > > > You are currently subscribed to ntdev as: michal.vodicka@st.com
> > > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> > > >
> > >
> > >
> > > —
> > > You are currently subscribed to ntdev as: xxxxx@yoshimuni.com
> > > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: michal.vodicka@st.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@yoshimuni.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
—
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.
Hi, Michal,
As I pointed out in another post, one problem is those cases where a page is
refreshed directly from its disk library or executable image and not from
the swap file. There’s a few other reasons too, some real, some historical.
As for missing breakpoints, it shouldn’t happen - if it does it’s a bug,
please let me know !
Alberto.
-----Original Message-----
From: Michal Vodicka [mailto:xxxxx@veridicom.cz.nospam]
Sent: Wednesday, January 29, 2003 4:17 PM
To: NT Developers Interest List
Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
Alberto,
how breakpoints work in pageable user mode memory? I guess SI has to restore
them at every page-in. If so, why it doesn’t restore hooks the same way? As
Dan wrote, hooks should be necessary only when OS is active. The other
possibility is SI doesn’t and it would explain why my breakpoints are missed
sometimes in user mode code…
What bothers me more is disabled write protection which seems totally
unnecessary. Any explanation?
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]
From:
xxxxx@compuware.com[SMTP:xxxxx@compuware.com]
Reply To: xxxxx@lists.osr.com
Sent: Wednesday, January 29, 2003 5:22 PM
To: xxxxx@lists.osr.com
Subject: [ntdev] RE: SoftICE and DisablePagingExecutiveRemember, SoftICE is active when the OS is not available. It’s us and the
iron, and nothing else.Alberto.
-----Original Message-----
From: Dan Partelly [mailto:xxxxx@rdsor.ro]
Sent: Wednesday, January 29, 2003 11:06 AM
To: NT Developers Interest List
Subject: [ntdev] RE: SoftICE and DisablePagingExecutiveWhy is this Alberto ? Most of my hooks work just fine on
pagable memory …----- Original Message -----
From: “Moreira, Alberto”
> To: “NT Developers Interest List”
> Sent: Wednesday, January 29, 2003 5:12 PM
> Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
>
>
> > It’s a royal pain to hook something that’s paging in and out !
> >
> > Alberto.
> >
> >
> > -----Original Message-----
> > From: Arun [mailto:xxxxx@deccanetdesignstele.com]
> > Sent: Wednesday, January 29, 2003 2:36 AM
> > To: NT Developers Interest List
> > Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> >
> >
> > Hi Alberto,
> >
> > I recently found a bug in a part of my driver code which was written to
> be
> > paged out wrongly. I couldn’t spot the bug while softICE is running and
> > later found out the reason. Can you please describe the technical
> > difficulty faced by softICE if paging is enabled? I will be happy if you
> > could tell me the place where it is documented, instead. I am curious to
> > know the reason.
> >
> > Is it the same case with WinDBG also?
> >
> > Thanks,
> > Arun
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@compuware.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
> >
> > The contents of this e-mail are intended for the named addressee only.
> It
> > contains information that may be confidential. Unless you are the named
> > addressee or an authorized designee, you may not copy or use it, or
> disclose
> > it to anyone else. If you received it in error please notify us
> immediately
> > and then destroy it.
> >
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@compuware.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> The contents of this e-mail are intended for the named addressee only. It
> contains information that may be confidential. Unless you are the named
> addressee or an authorized designee, you may not copy or use it, or
> disclose
> it to anyone else. If you received it in error please notify us
> immediately
> and then destroy it.
>
>
>
> —
> You are currently subscribed to ntdev as: michal.vodicka@st.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
—
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.
Hi Alberto,
As I pointed out in another post, one problem is those cases where a page
is
refreshed directly from its disk library or executable image and not from
the swap file.
Sorry, I don’t understand the difference. I’m probably missing something but
if you hook page-in, you’d simply look if a page is modified and restore
breakpoint/hook if not. It should be the same in user mode where image
sections are backed by executables (unless your modification causes copy on
write and modified page is copied to pagefile).
There’s a few other reasons too, some real, some historical.
Is there any reason for disabling write protection other than historical?
As for missing breakpoints, it shouldn’t happen - if it does it’s a bug,
please let me know !
I believe I reported it long time ago but it wasn’t easily reproducible and
you know what it means. I don’t remember when encountered it last time; I’ll
inform you if see it again.
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]
There are ways around it, yes. And sure enough, the reasons for write
protection disable are historical. The reasons why we didn’t bother changing
it will become clear pretty soon, watch this space !
Alberto.
-----Original Message-----
From: Michal Vodicka [mailto:xxxxx@veridicom.cz.nospam]
Sent: Wednesday, January 29, 2003 6:02 PM
To: NT Developers Interest List
Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
Hi Alberto,
As I pointed out in another post, one problem is those cases where a page
is
refreshed directly from its disk library or executable image and not from
the swap file.
Sorry, I don’t understand the difference. I’m probably missing something but
if you hook page-in, you’d simply look if a page is modified and restore
breakpoint/hook if not. It should be the same in user mode where image
sections are backed by executables (unless your modification causes copy on
write and modified page is copied to pagefile).
There’s a few other reasons too, some real, some historical.
Is there any reason for disabling write protection other than historical?
As for missing breakpoints, it shouldn’t happen - if it does it’s a bug,
please let me know !
I believe I reported it long time ago but it wasn’t easily reproducible and
you know what it means. I don’t remember when encountered it last time; I’ll
inform you if see it again.
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.
One more thing ,Alberto, donno if this ever was fixed since I encountered
it long long ago, and if you are aware of it, sometimes if you put
a breakpoint into a user image with NTICE, the breakpoint will be actually
commited into the image file, corrupting it. I remember
it was occuring only in some odd circumstances. I might have some notes on
this somewhere on my HDD .
----- Original Message -----
From: “Moreira, Alberto”
To: “NT Developers Interest List”
Sent: Thursday, January 30, 2003 5:20 PM
Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> There are ways around it, yes. And sure enough, the reasons for write
> protection disable are historical. The reasons why we didn’t bother
changing
> it will become clear pretty soon, watch this space !
>
> Alberto.
>
>
> -----Original Message-----
> From: Michal Vodicka [mailto:xxxxx@veridicom.cz.nospam]
> Sent: Wednesday, January 29, 2003 6:02 PM
> To: NT Developers Interest List
> Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
>
>
> Hi Alberto,
>
> > As I pointed out in another post, one problem is those cases where a
page
> > is
> > refreshed directly from its disk library or executable image and not
from
> > the swap file.
> >
> Sorry, I don’t understand the difference. I’m probably missing something
but
> if you hook page-in, you’d simply look if a page is modified and restore
> breakpoint/hook if not. It should be the same in user mode where image
> sections are backed by executables (unless your modification causes copy
on
> write and modified page is copied to pagefile).
>
> > There’s a few other reasons too, some real, some historical.
> >
> Is there any reason for disabling write protection other than historical?
>
> > As for missing breakpoints, it shouldn’t happen - if it does it’s a bug,
> > please let me know !
> >
> I believe I reported it long time ago but it wasn’t easily reproducible
and
> you know what it means. I don’t remember when encountered it last time;
I’ll
> inform you if see it again.
>
> Best regards,
>
> Michal Vodicka
> STMicroelectronics Design and Application s.r.o.
> [michal.vodicka@st.com, http:://www.st.com]
>
>
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@compuware.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> The contents of this e-mail are intended for the named addressee only. It
> contains information that may be confidential. Unless you are the named
> addressee or an authorized designee, you may not copy or use it, or
disclose
> it to anyone else. If you received it in error please notify us
immediately
> and then destroy it.
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
It’ll help if you can get me some background info, this may be a bug.
Alberto.
-----Original Message-----
From: Dan Partelly [mailto:xxxxx@rdsor.ro]
Sent: Thursday, January 30, 2003 10:30 AM
To: NT Developers Interest List
Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
One more thing ,Alberto, donno if this ever was fixed since I encountered
it long long ago, and if you are aware of it, sometimes if you put
a breakpoint into a user image with NTICE, the breakpoint will be actually
commited into the image file, corrupting it. I remember
it was occuring only in some odd circumstances. I might have some notes on
this somewhere on my HDD .
----- Original Message -----
From: “Moreira, Alberto”
To: “NT Developers Interest List”
Sent: Thursday, January 30, 2003 5:20 PM
Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> There are ways around it, yes. And sure enough, the reasons for write
> protection disable are historical. The reasons why we didn’t bother
changing
> it will become clear pretty soon, watch this space !
>
> Alberto.
>
>
> -----Original Message-----
> From: Michal Vodicka [mailto:xxxxx@veridicom.cz.nospam]
> Sent: Wednesday, January 29, 2003 6:02 PM
> To: NT Developers Interest List
> Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
>
>
> Hi Alberto,
>
> > As I pointed out in another post, one problem is those cases where a
page
> > is
> > refreshed directly from its disk library or executable image and not
from
> > the swap file.
> >
> Sorry, I don’t understand the difference. I’m probably missing something
but
> if you hook page-in, you’d simply look if a page is modified and restore
> breakpoint/hook if not. It should be the same in user mode where image
> sections are backed by executables (unless your modification causes copy
on
> write and modified page is copied to pagefile).
>
> > There’s a few other reasons too, some real, some historical.
> >
> Is there any reason for disabling write protection other than historical?
>
> > As for missing breakpoints, it shouldn’t happen - if it does it’s a bug,
> > please let me know !
> >
> I believe I reported it long time ago but it wasn’t easily reproducible
and
> you know what it means. I don’t remember when encountered it last time;
I’ll
> inform you if see it again.
>
> Best regards,
>
> Michal Vodicka
> STMicroelectronics Design and Application s.r.o.
> [michal.vodicka@st.com, http:://www.st.com]
>
>
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@compuware.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> The contents of this e-mail are intended for the named addressee only. It
> contains information that may be confidential. Unless you are the named
> addressee or an authorized designee, you may not copy or use it, or
disclose
> it to anyone else. If you received it in error please notify us
immediately
> and then destroy it.
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
—
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.
Sorry, I found some of my notes.
The problem is not that the breakpoints gets commited into the file, cause
they aint, i was remembering wrong.
Actually it seems they persist in the cache.
----- Original Message -----
From: “Moreira, Alberto”
To: “NT Developers Interest List”
Sent: Thursday, January 30, 2003 5:20 PM
Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> There are ways around it, yes. And sure enough, the reasons for write
> protection disable are historical. The reasons why we didn’t bother
changing
> it will become clear pretty soon, watch this space !
>
> Alberto.
>
>
> -----Original Message-----
> From: Michal Vodicka [mailto:xxxxx@veridicom.cz.nospam]
> Sent: Wednesday, January 29, 2003 6:02 PM
> To: NT Developers Interest List
> Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
>
>
> Hi Alberto,
>
> > As I pointed out in another post, one problem is those cases where a
page
> > is
> > refreshed directly from its disk library or executable image and not
from
> > the swap file.
> >
> Sorry, I don’t understand the difference. I’m probably missing something
but
> if you hook page-in, you’d simply look if a page is modified and restore
> breakpoint/hook if not. It should be the same in user mode where image
> sections are backed by executables (unless your modification causes copy
on
> write and modified page is copied to pagefile).
>
> > There’s a few other reasons too, some real, some historical.
> >
> Is there any reason for disabling write protection other than historical?
>
> > As for missing breakpoints, it shouldn’t happen - if it does it’s a bug,
> > please let me know !
> >
> I believe I reported it long time ago but it wasn’t easily reproducible
and
> you know what it means. I don’t remember when encountered it last time;
I’ll
> inform you if see it again.
>
> Best regards,
>
> Michal Vodicka
> STMicroelectronics Design and Application s.r.o.
> [michal.vodicka@st.com, http:://www.st.com]
>
>
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@compuware.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> The contents of this e-mail are intended for the named addressee only. It
> contains information that may be confidential. Unless you are the named
> addressee or an authorized designee, you may not copy or use it, or
disclose
> it to anyone else. If you received it in error please notify us
immediately
> and then destroy it.
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
I hadn’t heard about this one yet ! We looked at the code today, looks like
it can’t happen, but you never know for sure. If you hit this condition
again, can you maybe get me some information about it ? It’s obviously a
bug, but it’s going to be a bit tough to duplicate on our own.
Alberto.
-----Original Message-----
From: Dan Partelly [mailto:xxxxx@rdsor.ro]
Sent: Thursday, January 30, 2003 10:43 AM
To: NT Developers Interest List
Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
Sorry, I found some of my notes.
The problem is not that the breakpoints gets commited into the file, cause
they aint, i was remembering wrong.
Actually it seems they persist in the cache.
----- Original Message -----
From: “Moreira, Alberto”
To: “NT Developers Interest List”
Sent: Thursday, January 30, 2003 5:20 PM
Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
> There are ways around it, yes. And sure enough, the reasons for write
> protection disable are historical. The reasons why we didn’t bother
changing
> it will become clear pretty soon, watch this space !
>
> Alberto.
>
>
> -----Original Message-----
> From: Michal Vodicka [mailto:xxxxx@veridicom.cz.nospam]
> Sent: Wednesday, January 29, 2003 6:02 PM
> To: NT Developers Interest List
> Subject: [ntdev] RE: SoftICE and DisablePagingExecutive
>
>
> Hi Alberto,
>
> > As I pointed out in another post, one problem is those cases where a
page
> > is
> > refreshed directly from its disk library or executable image and not
from
> > the swap file.
> >
> Sorry, I don’t understand the difference. I’m probably missing something
but
> if you hook page-in, you’d simply look if a page is modified and restore
> breakpoint/hook if not. It should be the same in user mode where image
> sections are backed by executables (unless your modification causes copy
on
> write and modified page is copied to pagefile).
>
> > There’s a few other reasons too, some real, some historical.
> >
> Is there any reason for disabling write protection other than historical?
>
> > As for missing breakpoints, it shouldn’t happen - if it does it’s a bug,
> > please let me know !
> >
> I believe I reported it long time ago but it wasn’t easily reproducible
and
> you know what it means. I don’t remember when encountered it last time;
I’ll
> inform you if see it again.
>
> Best regards,
>
> Michal Vodicka
> STMicroelectronics Design and Application s.r.o.
> [michal.vodicka@st.com, http:://www.st.com]
>
>
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@compuware.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
>
> The contents of this e-mail are intended for the named addressee only. It
> contains information that may be confidential. Unless you are the named
> addressee or an authorized designee, you may not copy or use it, or
disclose
> it to anyone else. If you received it in error please notify us
immediately
> and then destroy it.
>
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
—
You are currently subscribed to ntdev as: xxxxx@compuware.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
The contents of this e-mail are intended for the named addressee only. It
contains information that may be confidential. Unless you are the named
addressee or an authorized designee, you may not copy or use it, or disclose
it to anyone else. If you received it in error please notify us immediately
and then destroy it.