Hello ,
I develop driver since 15 years and Vista driver development is a horror.
I need debug messages and have enabled the “session Manager\debug Print”
settings with IHVDRIVER and 0xFFFFFFFF. For the development phase each
developper need a system without any restrictions. Don’t security hell
and driver signing hell …
Now some times WINDBG is totaly flooded with messages like
“d:\rtm_edw\base\win32\fusion****” . How can I stop that ???
I’am not able to debug my system !
elli
ELLI:
I unfortunately don’t know the answer to your question, but I hope
there is one and it is “yes,” because I get it sometimes as well.
Without making any accusations, if one can not prevent this, it would
make an excellent anti-debugging technology, albeit a very crude one,
along the lines of what some third party products (including a fine,
fine Internet Security Suite that is spoken of in nothing but glowing
terms on these lists) do with Int 0x1/0x3. I certainly hope that there
is a better answer that this, but, if not, and if you get really, really
desperate, you can do what I did with that one (where SoftICE wasn’t an
option, as it did not suffer from this problem (though overall WinDbg is
vastly superior at this point) and replace the handler, which, in your
case, would be a lot harder (I’ve done this one as well, a long time ago
for totally different reasons (that turned out to be incorrect and of my
own doing)), as int 0x2D is much, much more complicated and absolutely
guarantees a bluescreen with every mistake you make along the way. If
you get to this point, best of luck, and you might take a look at the
Appendicies in Gary Nebbett’s really excellent “Windows NT/2000 Native
API Reference,” if you can still find it (I think it is out of print).
mm
>> xxxxx@ellisoft.de 2006-10-10 06:34 >>>
Hello ,
I develop driver since 15 years and Vista driver development is a
horror.
I need debug messages and have enabled the “session Manager\debug
Print”
settings with IHVDRIVER and 0xFFFFFFFF. For the development phase each
developper need a system without any restrictions. Don’t security hell
and driver signing hell …
Now some times WINDBG is totaly flooded with messages like
“d:\rtm_edw\base\win32\fusion****” . How can I stop that ???
I’am not able to debug my system !
elli
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
> Now some times WINDBG is totaly flooded with messages like
“d:\rtm_edw\base\win32\fusion****” . How can I stop that ???
If (if!) the flooding is the (only) problem, try .ofilter
----- Original Message -----
From: “Martin O’Brien”
To: “Windows System Software Devs Interest List”
Sent: Tuesday, October 10, 2006 10:01 AM
Subject: Re: [ntdev] VISTA RC1/2 How disable messages like
“d:\rtm_edw\base\win32\fusion.…”
> ELLI:
>
> I unfortunately don’t know the answer to your question, but I hope
> there is one and it is “yes,” because I get it sometimes as well.
> Without making any accusations, if one can not prevent this, it would
> make an excellent anti-debugging technology, albeit a very crude one,
> along the lines of what some third party products (including a fine,
> fine Internet Security Suite that is spoken of in nothing but glowing
> terms on these lists) do with Int 0x1/0x3. I certainly hope that there
> is a better answer that this, but, if not, and if you get really, really
> desperate, you can do what I did with that one (where SoftICE wasn’t an
> option, as it did not suffer from this problem (though overall WinDbg is
> vastly superior at this point) and replace the handler, which, in your
> case, would be a lot harder (I’ve done this one as well, a long time ago
> for totally different reasons (that turned out to be incorrect and of my
> own doing)), as int 0x2D is much, much more complicated and absolutely
> guarantees a bluescreen with every mistake you make along the way. If
> you get to this point, best of luck, and you might take a look at the
> Appendicies in Gary Nebbett’s really excellent “Windows NT/2000 Native
> API Reference,” if you can still find it (I think it is out of print).
>
> mm
>
>>>> xxxxx@ellisoft.de 2006-10-10 06:34 >>>
> Hello ,
>
> I develop driver since 15 years and Vista driver development is a
> horror.
> I need debug messages and have enabled the “session Manager\debug
> Print”
> settings with IHVDRIVER and 0xFFFFFFFF. For the development phase each
> developper need a system without any restrictions. Don’t security hell
> and driver signing hell …
>
> Now some times WINDBG is totaly flooded with messages like
> “d:\rtm_edw\base\win32\fusion\ ****” . How can I stop that ???
>
> I’am not able to debug my system !
>
> elli
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
Or use DebugView and exclude filters (who needs a debugger, anyway :).
I’m surprised how MS developers are uncareful in this late phase of development :-/
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of sh_alex[SMTP:xxxxx@comcast.net]
Reply To: Windows System Software Devs Interest List
Sent: Tuesday, October 10, 2006 4:27 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] VISTA RC1/2 How disable messages like “d:\rtm_edw\base\win32\fusion.…”
> Now some times WINDBG is totaly flooded with messages like
> “d:\rtm_edw\base\win32\fusion****” . How can I stop that ???
If (if!) the flooding is the (only) problem, try .ofilter
----- Original Message -----
From: “Martin O’Brien”
> To: “Windows System Software Devs Interest List”
> Sent: Tuesday, October 10, 2006 10:01 AM
> Subject: Re: [ntdev] VISTA RC1/2 How disable messages like
> “d:\rtm_edw\base\win32\fusion.…”
>
>
> > ELLI:
> >
> > I unfortunately don’t know the answer to your question, but I hope
> > there is one and it is “yes,” because I get it sometimes as well.
> > Without making any accusations, if one can not prevent this, it would
> > make an excellent anti-debugging technology, albeit a very crude one,
> > along the lines of what some third party products (including a fine,
> > fine Internet Security Suite that is spoken of in nothing but glowing
> > terms on these lists) do with Int 0x1/0x3. I certainly hope that there
> > is a better answer that this, but, if not, and if you get really, really
> > desperate, you can do what I did with that one (where SoftICE wasn’t an
> > option, as it did not suffer from this problem (though overall WinDbg is
> > vastly superior at this point) and replace the handler, which, in your
> > case, would be a lot harder (I’ve done this one as well, a long time ago
> > for totally different reasons (that turned out to be incorrect and of my
> > own doing)), as int 0x2D is much, much more complicated and absolutely
> > guarantees a bluescreen with every mistake you make along the way. If
> > you get to this point, best of luck, and you might take a look at the
> > Appendicies in Gary Nebbett’s really excellent “Windows NT/2000 Native
> > API Reference,” if you can still find it (I think it is out of print).
> >
> > mm
> >
> >>>> xxxxx@ellisoft.de 2006-10-10 06:34 >>>
> > Hello ,
> >
> > I develop driver since 15 years and Vista driver development is a
> > horror.
> > I need debug messages and have enabled the “session Manager\debug
> > Print”
> > settings with IHVDRIVER and 0xFFFFFFFF. For the development phase each
> > developper need a system without any restrictions. Don’t security hell
> > and driver signing hell …
> >
> > Now some times WINDBG is totaly flooded with messages like
> > “d:\rtm_edw\base\win32\fusion\ ****” . How can I stop that ???
> >
> > I’am not able to debug my system !
> >
> > elli
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>