WINDBG VMWARE and my driver

OSR_Community_User · March 27, 2007, 12:38am

Hi,

I am new to system programming and debugging.

I studied many sites and by following

http://www.vmware.com/support/gsx3/…_debug_gsx.html

I installed WinXP SP2 as target operating system in VM ware and configured the Serial port COM1 on the target system

now when i run the command from Host system (also WINXP SP3)

C:/WINDBG> windbg -k com: port=\.\pipe\COM1,pipe

WinDBG opens the COM1 port but next to it, it says

Waiting to reconnect …

Later to it there is no response

how can i debug the driver or sys file?

Can you kindly guide me through steps.

I will be really really thankful to you.

Regards,

OSR_Community_User · March 27, 2007, 8:23am

Actually, it sounds like you have it setup more or less correctly, at
least as far as I can tell. What you are missing is one of the
following to break in to the debugger:

Press Ctrl+Break
-OR-
Select “Break” from the Debug Menu
-OR-
Click the Icon that looks like “Pause”
Start WinDbg with -b -d
Add /BREAK to the target’s Boot.INI configuration

For the moment, just Press Ctrl+Break (1). You should see a command
prompt at the bottom of the command window. When it appears, make sure
you have your symbol path set:

!sym noisy
.sympath srv*c:\symbols*http://msdl.microsoft.com/download/symbols
.reload -f -n
lml

c:\symbols can be replaced with any local folder that you wish to use a
symbol cache.

These take a while. The lml should produce a list of modules that have
symbols loaded. If nt (ntoskrnl/ntkrnlmp/…) does not have symbols
loaded or just export symbols loaded something is amiss.

mm

>> xxxxx@yahoo.com 2007-03-27 00:37 >>>
Hi,

I am new to system programming and debugging.

I studied many sites and by following

http://www.vmware.com/support/gsx3/…_debug_gsx.html

I installed WinXP SP2 as target operating system in VM ware and
configured the Serial port COM1 on the target system

now when i run the command from Host system (also WINXP SP3)

C:/WINDBG> windbg -k com: port=\.\pipe\COM1,pipe

WinDBG opens the COM1 port but next to it, it says

Waiting to reconnect …

Later to it there is no response

how can i debug the driver or sys file?

Can you kindly guide me through steps.

I will be really really thankful to you.

Regards,

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · March 28, 2007, 1:39am

MM thanks for your kind reply

Yup it apparently seems that i have dont setup Ok but i cant debug sys files.

I am student to learn debugging of SYS files at my own.

Please guide me steps to proceed debugging through VMWare

I will be thankful to anysort of help regarding this

Regards,

OSR_Community_User · March 29, 2007, 9:58am

Do you mean setting up debugging under VMWare or the actual debugging
process?

>> xxxxx@yahoo.com 2007-03-28 01:38 >>>
MM thanks for your kind reply

Yup it apparently seems that i have dont setup Ok but i cant debug sys
files.

I am student to learn debugging of SYS files at my own.

Please guide me steps to proceed debugging through VMWare

I will be thankful to anysort of help regarding this

Regards,

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · April 2, 2007, 4:20am

No No i mean to say debugging process under VMWARE.

I have debugged exe and dll on my Local PC but for sys file (which is my target for debugging)

i installed VMWARE (WIN-XP using SP-2)

Please guide me through detailed steps.

How will i use the sys file and is there any need in changing the configuration of Port??

As example you may attach a simple sys file and guide me through all steps

I am really stuck in it and I will be really thankful for your kind favor

Regards,

OSR_Community_User · April 3, 2007, 6:07am

i followed

http://www.catch22.net/tuts/vmware.asp and now i am able to have

Opened \.\pipe\com_1
Waiting to reconnect…
Connected to Windows XP 2600 x86 compatible target, ptr64 FALSE
Kernel Debugger connection established. (Initial Breakpoint requested)
Symbol search path is: srv*c:\windbgSymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 1) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp1.020828-1920
Kernel base = 0x804d4000 PsLoadedModuleList = 0x8054be30
Debug session time: Tue Apr 3 15:04:33.906 2007 (GMT+5)
System Uptime: 0 days 2:13:08.562
Break instruction exception - code 80000003 (first chance)
*******************************************************************************
* *
* You are seeing this message because you pressed either *
* CTRL+C (if you run kd.exe) or, *
* CTRL+BREAK (if you run WinDBG), *
* on your debugger machine’s keyboard. *
* *
* THIS IS NOT A BUG OR A SYSTEM CRASH *
* *
* If you did not intend to break into the debugger, press the “g” key, then *
* press the “Enter” key now. This message might immediately reappear. If it *
* does, press “g” and “Enter” again. *
* *
*******************************************************************************
nt!RtlpBreakWithStatusInstruction:
805103fa cc int 3

but how shall i start by my driver???

please guide through example

Regards,

OSR_Community_User · April 3, 2007, 7:45am

I’m not sure what you are asking. Please include the previous posts
with your posts. Otherwise, no one has any idea of what you are taking
about. I think I responded to you before, so here goes. Have you
loaded your driver (outside of the debugger) yet. If the answer is no,
and you don’t know how, nothing personal, but you need to do some
homework. There’s a tremendous amount of information and a nasty
learning curve, and there’s no way to climb it other than to do it,
using this list for more specific questions along the way. I’m very
happy to help, but you’ve got to narrow it down a bit. If you can swing
it, I would consider taking a class from OSR or a similar (but
recommended) organization. I did not learn this way, but from
everything I have heard, it is hands down the fastest and least painful
way to get up and running. I do feel for you, as this part of the
learning process does indeed deeply suck, but what you’re asking for is
well beyond the scope of this list.

If I have misunderstood you, I apologize, and by all means please feel
free to submit further questions once you narrow it down a little.

>> xxxxx@yahoo.com 2007-04-03 06:06 >>>
i followed

http://www.catch22.net/tuts/vmware.asp and now i am able to have

Opened \.\pipe\com_1
Waiting to reconnect…
Connected to Windows XP 2600 x86 compatible target, ptr64 FALSE
Kernel Debugger connection established. (Initial Breakpoint
requested)
Symbol search path is:
srv*c:\windbgSymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows XP Kernel Version 2600 (Service Pack 1) UP Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 2600.xpsp1.020828-1920
Kernel base = 0x804d4000 PsLoadedModuleList = 0x8054be30
Debug session time: Tue Apr 3 15:04:33.906 2007 (GMT+5)
System Uptime: 0 days 2:13:08.562
Break instruction exception - code 80000003 (first chance)
*******************************************************************************
*
*
* You are seeing this message because you pressed either
*
* CTRL+C (if you run kd.exe) or,
*
* CTRL+BREAK (if you run WinDBG),
*
* on your debugger machine’s keyboard.
*
*
*
* THIS IS NOT A BUG OR A SYSTEM CRASH
*
*
*
* If you did not intend to break into the debugger, press the “g” key,
then *
* press the “Enter” key now. This message might immediately reappear.
If it *
* does, press “g” and “Enter” again.
*
*
*
*******************************************************************************
nt!RtlpBreakWithStatusInstruction:
805103fa cc int 3

but how shall i start by my driver???

please guide through example

Regards,

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Gianluca_Varenni · April 3, 2007, 11:31am

Ok,

now you can try to set a breakpoint to the DriverEntry of your driver, in
the command window use “bp !DriverEntry”. It will probably
tell you that the breakpoint has been deferred to when the driver itself is
loaded into memory. Then hit F5 (or “g” on the command line) to have the
system run.

As soon as the driver loads, it should hit the breakpoint and break into the
debugger.

Have a nice day
GV

----- Original Message -----
From:
To: “Windows System Software Devs Interest List”
Sent: Tuesday, April 03, 2007 3:06 AM
Subject: RE:[ntdev] WINDBG VMWARE and my driver

>i followed
>
> http://www.catch22.net/tuts/vmware.asp and now i am able to have
>
> Copyright (c) Microsoft Corporation. All rights reserved.
>
> Opened \.\pipe\com_1
> Waiting to reconnect…
> Connected to Windows XP 2600 x86 compatible target, ptr64 FALSE
> Kernel Debugger connection established. (Initial Breakpoint requested)
> Symbol search path is:
> srvc:\windbgSymbolshttp://msdl.microsoft.com/download/symbols
> Executable search path is:
> Windows XP Kernel Version 2600 (Service Pack 1) UP Free x86 compatible
> Product: WinNt, suite: TerminalServer SingleUserTS
> Built by: 2600.xpsp1.020828-1920
> Kernel base = 0x804d4000 PsLoadedModuleList = 0x8054be30
> Debug session time: Tue Apr 3 15:04:33.906 2007 (GMT+5)
> System Uptime: 0 days 2:13:08.562
> Break instruction exception - code 80000003 (first chance)
> ************
> *
>
> * You are seeing this message because you pressed either
>
> * CTRL+C (if you run kd.exe) or,
>
> * CTRL+BREAK (if you run WinDBG),
>
> * on your debugger machine’s keyboard.
>
> *
>
> * THIS IS NOT A BUG OR A SYSTEM CRASH
>
> *
>
> * If you did not intend to break into the debugger, press the “g” key,
> then
> * press the “Enter” key now. This message might immediately reappear. If
> it
> * does, press “g” and “Enter” again.
>
> *
>
>
> nt!RtlpBreakWithStatusInstruction:
> 805103fa cc int 3
>
>
>
>
> but how shall i start by my driver???
>
> please guide through example
>
> Regards,
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer