vadump and vprot commands

Chandra · November 18, 2007, 9:03am

Does anyone know why these windbg extensions doesn’t work as documented.
Here is what I got in a windbg session.

(Note: I switched process context already using “.process command”)

kd> !vadump
No export vadump found
kd> !vprot
No export vprot found

[now I load uext.dll extension dll]

kd> .load Uext.dll
kd> !vadump
kd> !vprot 0x7c80b50b
ERROR: !vprot: extension exception 0x80004001.
“QueryVirtual failed”

Thanks in advance,
Chandra

OSR_Community_User · November 18, 2007, 11:29pm

These commands work for user mode targets only. In kernel mode
you can use !process to get the VAD root and then !vad to dump
the VAD tree of a user process.

–
This posting is provided “AS IS” with no warranties, and confers no
rights.

“chandra97 97” wrote:

Does anyone know why these windbg extensions doesn’t work as documented.
Here is what I got in a windbg session.

(Note: I switched process context already using “.process command”)

kd> !vadump
No export vadump found
kd> !vprot
No export vprot found

[now I load uext.dll extension dll]

kd> .load Uext.dll
kd> !vadump
kd> !vprot 0x7c80b50b
ERROR: !vprot: extension exception 0x80004001.
“QueryVirtual failed”

Chandra · November 19, 2007, 9:33am

I thought if I switched to a process context using .process, I can use user
mode windbg commands?

Can we switch from a kernel mode windbg session to a user mode session
without closing the command window?

I know how to use !vad command, but its output is not the same as !vprot.
Basically I wanted to know region information for a give user mode virtual
address.
What is the way to translate output from !vad in kernel mode in the same
format as !vadump or !vprot in user mode?

Thanks again,
Chandra

On Nov 18, 2007 11:29 PM, Pavel Lebedinsky wrote:

> These commands work for user mode targets only. In kernel mode
> you can use !process to get the VAD root and then !vad to dump
> the VAD tree of a user process.
>
> –
> This posting is provided “AS IS” with no warranties, and confers no
> rights.
>
> “chandra97 97” wrote:
>
> > Does anyone know why these windbg extensions doesn’t work as documented.
> > Here is what I got in a windbg session.
> >
> > (Note: I switched process context already using “.process command”)
> >
> > kd> !vadump
> > No export vadump found
> > kd> !vprot
> > No export vprot found
> >
> > [now I load uext.dll extension dll]
> >
> > kd> .load Uext.dll
> > kd> !vadump
> > kd> !vprot 0x7c80b50b
> > ERROR: !vprot: extension exception 0x80004001.
> > “QueryVirtual failed”
>
>
>
> —
> You are currently subscribed to windbg as: xxxxx@gmail.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

OSR_Community_User · November 19, 2007, 10:16am

I don’t believe this to be the case. It is possible to break in to the
control the user mode debugger from the kernel debugger, but I wouldn’t
personally consider it one WinDbg’s finer qualities. See “Controlling
the User-Mode Debugger from the Kernel Debugger” in the WinDbg index.

Good luck,

mm

chandra97 97 wrote:

I thought if I switched to a process context using .process, I can use
user mode windbg commands?

Can we switch from a kernel mode windbg session to a user mode session
without closing the command window?

I know how to use !vad command, but its output is not the same as !vprot.
Basically I wanted to know region information for a give user mode
virtual address.
What is the way to translate output from !vad in kernel mode in the same
format as !vadump or !vprot in user mode?

Thanks again,
Chandra

On Nov 18, 2007 11:29 PM, Pavel Lebedinsky > mailto:xxxxx> wrote:
>
> These commands work for user mode targets only. In kernel mode
> you can use !process to get the VAD root and then !vad to dump
> the VAD tree of a user process.
>
> –
> This posting is provided “AS IS” with no warranties, and confers no
> rights.
>
> “chandra97 97” wrote:
>
> > Does anyone know why these windbg extensions doesn’t work as
> documented.
> > Here is what I got in a windbg session.
> >
> > (Note: I switched process context already using “.process command”)
> >
> > kd> !vadump
> > No export vadump found
> > kd> !vprot
> > No export vprot found
> >
> > [now I load uext.dll extension dll]
> >
> > kd> .load Uext.dll
> > kd> !vadump
> > kd> !vprot 0x7c80b50b
> > ERROR: !vprot: extension exception 0x80004001.
> > “QueryVirtual failed”
>
>
>
> —
> You are currently subscribed to windbg as: xxxxx@gmail.com
> mailto:xxxxx
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
> mailto:xxxxx
>
></mailto:xxxxx></mailto:xxxxx></mailto:xxxxx>

OSR_Community_User · November 21, 2007, 5:00am

“chandra97 97” wrote:

I thought if I switched to a process context using .process, I can use user
mode windbg commands?

Some commands might work, especially if all they do is dump structures
from memory. !vadump however calls VirtualQuery to get VA usage
data, so there’s no way it can work in a kernel mode session.

What is the way to translate output from !vad in kernel mode in the same
format as !vadump or !vprot in user mode?

VirtualQuery looks at the VAD to get some of the attributes like base
address and then checks individual PTEs (because a single VAD can
contain multiple pages with different protection, reserved pages, etc).

You can get all this information in kd using "!vad

1" which tells
you start and end virtual page numbers and default protection, and
"!pte " which shows the actual page state. But usually it's
easier to look at this from a user mode debugger.

--
This posting is provided "AS IS" with no warranties, and confers no
rights.