How does .kdfiles intercept the driver loading event? I ask because I would
like to know if it is possible to use this feature to replace any binary
(e.g. a UM DLL), not just drivers.
It’s a kernel-only mechanism.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Takin
Nili-Esfahani
Sent: Friday, October 21, 2005 3:36 PM
To: Kernel Debugging Interest List
Subject: [windbg] Some information needed on .kdfiles
How does .kdfiles intercept the driver loading event? I ask because I
would like to know if it is possible to use this feature to replace any
binary (e.g. a UM DLL), not just drivers.
You are currently subscribed to windbg as: xxxxx@winse.microsoft.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
It would be cool though if it could do user mode stuff as
well 
There are so often user mode components that need
to be updated as well.
Thanks,
Joseph
Drew Bliss wrote:
It’s a kernel-only mechanism.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Takin
Nili-Esfahani
Sent: Friday, October 21, 2005 3:36 PM
To: Kernel Debugging Interest List
Subject: [windbg] Some information needed on .kdfilesHow does .kdfiles intercept the driver loading event? I ask because I
would like to know if it is possible to use this feature to replace any
binary (e.g. a UM DLL), not just drivers.
You are currently subscribed to windbg as: xxxxx@winse.microsoft.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
I agree it would be cool but it’s also hard and has some interesting
problems when code is shared between processes. We don’t have any plans
to make it work for Windows Vista.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Joseph Galbraith
Sent: Friday, October 21, 2005 4:19 PM
To: Kernel Debugging Interest List
Subject: Re: [windbg] Some information needed on .kdfiles
It would be cool though if it could do user mode stuff as well
There are so often user mode components that need to be updated as well.
Thanks,
Joseph
Drew Bliss wrote:
It’s a kernel-only mechanism.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Takin
Nili-Esfahani
Sent: Friday, October 21, 2005 3:36 PM
To: Kernel Debugging Interest List
Subject: [windbg] Some information needed on .kdfilesHow does .kdfiles intercept the driver loading event? I ask because I
would like to know if it is possible to use this feature to replace
any binary (e.g. a UM DLL), not just drivers.
You are currently subscribed to windbg as: xxxxx@winse.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
You are currently subscribed to windbg as: unknown lmsubst tag
argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
You are currently subscribed to windbg as: xxxxx@winse.microsoft.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
I don’t know if it helps any, and I’m sure it doesn’t change
the vista plans, but for my purposes it would be okay if
the debugger spat an error if the image was mapped into any
other process (i.e., if the code was shared.) It’d be especially
okay if that error message identified at least on other process
that had the image mapped.
Thanks,
Joseph
Drew Bliss wrote:
I agree it would be cool but it’s also hard and has some interesting
problems when code is shared between processes. We don’t have any plans
to make it work for Windows Vista.-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Joseph Galbraith
Sent: Friday, October 21, 2005 4:19 PM
To: Kernel Debugging Interest List
Subject: Re: [windbg] Some information needed on .kdfilesIt would be cool though if it could do user mode stuff as well
There are so often user mode components that need to be updated as well.Thanks,
Joseph
Drew Bliss wrote:
> It’s a kernel-only mechanism.
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Takin
> Nili-Esfahani
> Sent: Friday, October 21, 2005 3:36 PM
> To: Kernel Debugging Interest List
> Subject: [windbg] Some information needed on .kdfiles
>
> How does .kdfiles intercept the driver loading event? I ask because I> would like to know if it is possible to use this feature to replace
> any binary (e.g. a UM DLL), not just drivers.
>
>
>
> —
> You are currently subscribed to windbg as: xxxxx@winse.microsoft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> —
> You are currently subscribed to windbg as: unknown lmsubst tag
argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
You are currently subscribed to windbg as: xxxxx@winse.microsoft.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
You are currently subscribed to windbg as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
We’ll consider this for some future OS.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Joseph Galbraith
Sent: Friday, October 21, 2005 4:45 PM
To: Kernel Debugging Interest List
Subject: Re: [windbg] Some information needed on .kdfiles
I don’t know if it helps any, and I’m sure it doesn’t change the vista
plans, but for my purposes it would be okay if the debugger spat an
error if the image was mapped into any other process (i.e., if the code
was shared.) It’d be especially okay if that error message identified at
least on other process that had the image mapped.
Thanks,
Joseph
Drew Bliss wrote:
I agree it would be cool but it’s also hard and has some interesting
problems when code is shared between processes. We don’t have any
plans to make it work for Windows Vista.-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Joseph
Galbraith
Sent: Friday, October 21, 2005 4:19 PM
To: Kernel Debugging Interest List
Subject: Re: [windbg] Some information needed on .kdfilesIt would be cool though if it could do user mode stuff as well
There are so often user mode components that need to be updated as
well.Thanks,
Joseph
Drew Bliss wrote:
> It’s a kernel-only mechanism.
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Takin
> Nili-Esfahani
> Sent: Friday, October 21, 2005 3:36 PM
> To: Kernel Debugging Interest List
> Subject: [windbg] Some information needed on .kdfiles
>
> How does .kdfiles intercept the driver loading event? I ask because
> I> would like to know if it is possible to use this feature to replace
> any binary (e.g. a UM DLL), not just drivers.
>
>
>
> —
> You are currently subscribed to windbg as: xxxxx@winse.microsoft.com
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>
> —
> You are currently subscribed to windbg as: unknown lmsubst tag
argument: ‘’
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>
You are currently subscribed to windbg as: xxxxx@winse.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
You are currently subscribed to windbg as: unknown lmsubst tag
argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
You are currently subscribed to windbg as: xxxxx@winse.microsoft.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
While we are on the subject…it would be really cool if the debugger
allowed the tranfering of any file from the host to the target. That way
you could update INFs or DLLs or whatever you needed and just reboot from
the debugger. Visual SoftIce had this feature and that is one I find it
hard to live without.
Bill M.
“Takin Nili-Esfahani” wrote in message
news:xxxxx@windbg…
> How does .kdfiles intercept the driver loading event? I ask because I
> would like to know if it is possible to use this feature to replace any
> binary (e.g. a UM DLL), not just drivers.
>
>
We can investigate this for a future release.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill McKenzie
Sent: Saturday, October 22, 2005 3:06 PM
To: Kernel Debugging Interest List
Subject: Re:[windbg] Some information needed on .kdfiles
While we are on the subject…it would be really cool if the debugger
allowed the tranfering of any file from the host to the target. That
way you could update INFs or DLLs or whatever you needed and just reboot
from the debugger. Visual SoftIce had this feature and that is one I
find it hard to live without.
Bill M.
“Takin Nili-Esfahani” wrote in message
news:xxxxx@windbg…
> How does .kdfiles intercept the driver loading event? I ask because I
> would like to know if it is possible to use this feature to replace
> any binary (e.g. a UM DLL), not just drivers.
>
>
—
You are currently subscribed to windbg as: xxxxx@winse.microsoft.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
Just to be clear, that would be a future OS release (post Vista), not
debugger release.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Drew Bliss
Sent: Saturday, October 22, 2005 4:40 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] Some information needed on .kdfiles
We can investigate this for a future release.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill McKenzie
Sent: Saturday, October 22, 2005 3:06 PM
To: Kernel Debugging Interest List
Subject: Re:[windbg] Some information needed on .kdfiles
While we are on the subject…it would be really cool if the debugger
allowed the tranfering of any file from the host to the target. That
way you could update INFs or DLLs or whatever you needed and just reboot
from the debugger. Visual SoftIce had this feature and that is one I
find it hard to live without.
Bill M.
“Takin Nili-Esfahani” wrote in message
news:xxxxx@windbg…
> How does .kdfiles intercept the driver loading event? I ask because I
> would like to know if it is possible to use this feature to replace
> any binary (e.g. a UM DLL), not just drivers.
>
>
—
You are currently subscribed to windbg as: xxxxx@winse.microsoft.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
—
You are currently subscribed to windbg as: unknown lmsubst tag argument:
‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
In most cases, intercepting user-mode DLLs is a *lot* easier than attaching
KD, .kdfiles, etc.
NT has supported the “.local” file since Windows 2000. If you are debugging
“foo.exe”, created a file “foo.exe.local” in the same directory. (The
contents are ignored – only its existence is significant.) The DLL loader
will then prefer DLLs found in the same directory as foo.exe. This lets
your app bind to preferred versions of C runtimes, or any DLL at all that
you want.
Of course, this may not be what you want, if you want a certain DLL replaced
for *every* potential client of the DLL. But it certainly is handy in some
circumstances. If you DO want to replace a system DLL, you’ll need to read
up on disabling System File Protection (SFP), which can only be done while
KD is attached.
– arlie
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Takin Nili-Esfahani
Sent: Friday, October 21, 2005 6:36 PM
To: Kernel Debugging Interest List
Subject: [windbg] Some information needed on .kdfiles
How does .kdfiles intercept the driver loading event? I ask because I would
like to know if it is possible to use this feature to replace any binary
(e.g. a UM DLL), not just drivers.
You are currently subscribed to windbg as: xxxxx@stonestreetone.com To
unsubscribe send a blank email to xxxxx@lists.osr.com