WinXP will clear debug register automatically?

Hi:
I found a strange thing that debug register(DR0-DR3) will be cleared
to zero by system in winXP! But when I set the debug register(DR0-DR3)
in Win2K,their value will not be changed until I change them myself.
Do you konw why winXP clear the debug register(DR0-DR3) termly?
How can I hold the debug register values in Winxp.
Thaks all!

–

Best Regards!

XunFeng Yu

¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª

Xi’an Saming Technology Co., Ltd.
http://www.saming.com

Email£ºxxxxx@3ming.net

Address£º309R. Optoelectronics Business Incubator£¬
No.77 Keji 2nd Road,
Xi¡¯an Hi-tech Industries Development Zone£¬P.R.China
¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª

Instead of setting breakpoints in assembly, why not use DbgBreakPoint() instead? It has the plus side that it works and is portable.

d

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of yxf
Sent: Wednesday, July 20, 2005 1:46 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] WinXP will clear debug register automatically?

Hi:
I found a strange thing that debug register(DR0-DR3) will be cleared
to zero by system in winXP! But when I set the debug register(DR0-DR3)
in Win2K,their value will not be changed until I change them myself.
Do you konw why winXP clear the debug register(DR0-DR3) termly?
How can I hold the debug register values in Winxp.
Thaks all!

–

Best Regards!

XunFeng Yu

???

Xi’an Saming Technology Co., Ltd.
http://www.saming.com

Email??xxxxx@3ming.net

Address??309R. Optoelectronics Business Incubator??
No.77 Keji 2nd Road,
Xi??an Hi-tech Industries Development Zone??P.R.China
???

---

Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Just a guess, but he might need a break on a IO range, data …
DbgBrekPoint() wont doit.

Dan

----- Original Message -----
From: “Doron Holan”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, July 20, 2005 6:14 PM
Subject: RE: [ntdev] WinXP will clear debug register automatically?

Instead of setting breakpoints in assembly, why not use DbgBreakPoint()
instead? It has the plus side that it works and is portable.

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of yxf
Sent: Wednesday, July 20, 2005 1:46 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] WinXP will clear debug register automatically?

Hi:
I found a strange thing that debug register(DR0-DR3) will be cleared
to zero by system in winXP! But when I set the debug register(DR0-DR3)
in Win2K,their value will not be changed until I change them myself.
Do you konw why winXP clear the debug register(DR0-DR3) termly?
How can I hold the debug register values in Winxp.
Thaks all!

–

Best Regards!

XunFeng Yu

¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª

Xi’an Saming Technology Co., Ltd.
http://www.saming.com<br><br>Email£ºxxxxx@3ming.net

Address£º309R. Optoelectronics Business Incubator£¬
No.77 Keji 2nd Road,
Xi¡¯an Hi-tech Industries Development Zone£¬P.R.China
¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

ba w4

in windbg doesn't work?

d

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Dan Partelly
Sent: Wednesday, July 20, 2005 8:42 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] WinXP will clear debug register automatically?

Just a guess, but he might need a break on a IO range, data ...
DbgBrekPoint() wont doit.

Dan

----- Original Message -----
From: "Doron Holan"
To: "Windows System Software Devs Interest List"
Sent: Wednesday, July 20, 2005 6:14 PM
Subject: RE: [ntdev] WinXP will clear debug register automatically?

Instead of setting breakpoints in assembly, why not use DbgBreakPoint()
instead? It has the plus side that it works and is portable.

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of yxf
Sent: Wednesday, July 20, 2005 1:46 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] WinXP will clear debug register automatically?

Hi:
I found a strange thing that debug register(DR0-DR3) will be cleared
to zero by system in winXP! But when I set the debug register(DR0-DR3)
in Win2K,their value will not be changed until I change them myself.
Do you konw why winXP clear the debug register(DR0-DR3) termly?
How can I hold the debug register values in Winxp.
Thaks all!

--

Best Regards!

XunFeng Yu

????????????????????????????????????????

Xi'an Saming Technology Co., Ltd.
http://www.saming.com

Email??xxxxx@3ming.net

Address??309R. Optoelectronics Business Incubator??
No.77 Keji 2nd Road,
Xi??an Hi-tech Industries Development Zone??P.R.China
????????????????????????????????????????

---
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

---
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ''
To unsubscribe send a blank email to xxxxx@lists.osr.com

---
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

Doron,

You suggest a programmatic behaviour with your DbgBreak…(), then when I
say why it might not be enough, you fallback on using a debugger. This is
NOT fair

D

----- Original Message -----
From: “Doron Holan”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, July 20, 2005 7:15 PM
Subject: RE: [ntdev] WinXP will clear debug register automatically?

ba w4


in windbg doesn’t work?

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dan Partelly
Sent: Wednesday, July 20, 2005 8:42 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] WinXP will clear debug register automatically?

Just a guess, but he might need a break on a IO range, data …
DbgBrekPoint() wont doit.

Dan

----- Original Message -----
From: “Doron Holan”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, July 20, 2005 6:14 PM
Subject: RE: [ntdev] WinXP will clear debug register automatically?

Instead of setting breakpoints in assembly, why not use DbgBreakPoint()
instead? It has the plus side that it works and is portable.

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of yxf
Sent: Wednesday, July 20, 2005 1:46 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] WinXP will clear debug register automatically?

Hi:
I found a strange thing that debug register(DR0-DR3) will be cleared
to zero by system in winXP! But when I set the debug register(DR0-DR3)
in Win2K,their value will not be changed until I change them myself.
Do you konw why winXP clear the debug register(DR0-DR3) termly?
How can I hold the debug register values in Winxp.
Thaks all!

–

Best Regards!

XunFeng Yu

¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª

Xi’an Saming Technology Co., Ltd.
http://www.saming.com<br><br>Email£ºxxxxx@3ming.net

Address£º309R. Optoelectronics Business Incubator£¬
No.77 Keji 2nd Road,
Xi¡¯an Hi-tech Industries Development Zone£¬P.R.China
¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Doron Holan wrote:

ba w4

>
>in windbg doesn't work?
>
>

Sure it does (although he was actually breaking on an I/O port access
rather than memory). However, what the original poster was almost
certainly trying to do is virtualize an I/O port programmatically. That
is, he doesn't just want to break into the debugger when an I/O port
access happens, he wants to trap it in his driver and take some action.

My own guess, without actually knowing for sure, is that such a hack
will not work at all while windbg is connected. I would guess that
windbg resets the debug registers every time it lets the
system-under-test start up again..

--
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Mucking with platform specific registers, esp ones whose usage is not defined by the OS and then asking it doesn’t work is not that fair either ;).

If you are figuring out what memory/io address to set a bp in code, then you need the debugger to be present when the trap occurs anyways. If you are doing that, breaking into windbg to set it up does not sound that unreasonable to me.

d

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Dan Partelly
Sent: Wednesday, July 20, 2005 9:40 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] WinXP will clear debug register automatically?

Doron,

You suggest a programmatic behaviour with your DbgBreak…(), then when I
say why it might not be enough, you fallback on using a debugger. This is
NOT fair

D

----- Original Message -----
From: “Doron Holan”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, July 20, 2005 7:15 PM
Subject: RE: [ntdev] WinXP will clear debug register automatically?

ba w4


in windbg doesn’t work?

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dan Partelly
Sent: Wednesday, July 20, 2005 8:42 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] WinXP will clear debug register automatically?

Just a guess, but he might need a break on a IO range, data …
DbgBrekPoint() wont doit.

Dan

----- Original Message -----
From: “Doron Holan”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, July 20, 2005 6:14 PM
Subject: RE: [ntdev] WinXP will clear debug register automatically?

Instead of setting breakpoints in assembly, why not use DbgBreakPoint()
instead? It has the plus side that it works and is portable.

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of yxf
Sent: Wednesday, July 20, 2005 1:46 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] WinXP will clear debug register automatically?

Hi:
I found a strange thing that debug register(DR0-DR3) will be cleared
to zero by system in winXP! But when I set the debug register(DR0-DR3)
in Win2K,their value will not be changed until I change them myself.
Do you konw why winXP clear the debug register(DR0-DR3) termly?
How can I hold the debug register values in Winxp.
Thaks all!

–

Best Regards!

XunFeng Yu

???

Xi’an Saming Technology Co., Ltd.
http://www.saming.com<br><br>Email??xxxxx@3ming.net

Address??309R. Optoelectronics Business Incubator??
No.77 Keji 2nd Road,
Xi??an Hi-tech Industries Development Zone??P.R.China
???

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

OK fair enough but I am mystified at a program requirement to set a break on access range. This is debugger activity, not program (or driver) activity. I understand why one might put a simple breakpoint (DbgBreak()) as an assertion type diagnostic trap, anything above that level is (IMHO) not appropriate.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Dan Partelly
Sent: Wednesday, July 20, 2005 12:40 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] WinXP will clear debug register automatically?

Doron,

You suggest a programmatic behaviour with your DbgBreak…(), then when I
say why it might not be enough, you fallback on using a debugger. This is
NOT fair

D

----- Original Message -----
From: “Doron Holan”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, July 20, 2005 7:15 PM
Subject: RE: [ntdev] WinXP will clear debug register automatically?

ba w4


in windbg doesn’t work?

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dan Partelly
Sent: Wednesday, July 20, 2005 8:42 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] WinXP will clear debug register automatically?

Just a guess, but he might need a break on a IO range, data …
DbgBrekPoint() wont doit.

Dan

----- Original Message -----
From: “Doron Holan”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, July 20, 2005 6:14 PM
Subject: RE: [ntdev] WinXP will clear debug register automatically?

Instead of setting breakpoints in assembly, why not use DbgBreakPoint()
instead? It has the plus side that it works and is portable.

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of yxf
Sent: Wednesday, July 20, 2005 1:46 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] WinXP will clear debug register automatically?

Hi:
I found a strange thing that debug register(DR0-DR3) will be cleared
to zero by system in winXP! But when I set the debug register(DR0-DR3)
in Win2K,their value will not be changed until I change them myself.
Do you konw why winXP clear the debug register(DR0-DR3) termly?
How can I hold the debug register values in Winxp.
Thaks all!

–

Best Regards!

XunFeng Yu

???

Xi’an Saming Technology Co., Ltd.
http://www.saming.com<br><br>Email??xxxxx@3ming.net

Address??309R. Optoelectronics Business Incubator??
No.77 Keji 2nd Road,
Xi??an Hi-tech Industries Development Zone??P.R.China
???

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@stratus.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

yxf wrote:

Hi:
I found a strange thing that debug register(DR0-DR3) will be cleared
to zero by system in winXP! But when I set the debug register(DR0-DR3)
in Win2K,their value will not be changed until I change them myself.
Do you konw why winXP clear the debug register(DR0-DR3) termly?
How can I hold the debug register values in Winxp.

Are you running with the kernel debugger, or does this also happen
without the debugger? I, for one, would not be surprised to find that
windbg restores the debug registers to some known state every time it
releases control.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Also, thinking about it a little more, how does this work on an MP machine? I would hazard a guess that you would need to set the registers on all available procs (unless these registers are somehow shared among them?).

d

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Roddy, Mark
Sent: Wednesday, July 20, 2005 9:46 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] WinXP will clear debug register automatically?

OK fair enough but I am mystified at a program requirement to set a break on access range. This is debugger activity, not program (or driver) activity. I understand why one might put a simple breakpoint (DbgBreak()) as an assertion type diagnostic trap, anything above that level is (IMHO) not appropriate.

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Dan Partelly
Sent: Wednesday, July 20, 2005 12:40 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] WinXP will clear debug register automatically?

Doron,

You suggest a programmatic behaviour with your DbgBreak…(), then when I
say why it might not be enough, you fallback on using a debugger. This is
NOT fair

D

----- Original Message -----
From: “Doron Holan”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, July 20, 2005 7:15 PM
Subject: RE: [ntdev] WinXP will clear debug register automatically?

ba w4


in windbg doesn’t work?

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dan Partelly
Sent: Wednesday, July 20, 2005 8:42 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] WinXP will clear debug register automatically?

Just a guess, but he might need a break on a IO range, data …
DbgBrekPoint() wont doit.

Dan

----- Original Message -----
From: “Doron Holan”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, July 20, 2005 6:14 PM
Subject: RE: [ntdev] WinXP will clear debug register automatically?

Instead of setting breakpoints in assembly, why not use DbgBreakPoint()
instead? It has the plus side that it works and is portable.

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of yxf
Sent: Wednesday, July 20, 2005 1:46 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] WinXP will clear debug register automatically?

Hi:
I found a strange thing that debug register(DR0-DR3) will be cleared
to zero by system in winXP! But when I set the debug register(DR0-DR3)
in Win2K,their value will not be changed until I change them myself.
Do you konw why winXP clear the debug register(DR0-DR3) termly?
How can I hold the debug register values in Winxp.
Thaks all!

–

Best Regards!

XunFeng Yu

???

Xi’an Saming Technology Co., Ltd.
http://www.saming.com<br><br>Email??xxxxx@3ming.net

Address??309R. Optoelectronics Business Incubator??
No.77 Keji 2nd Road,
Xi??an Hi-tech Industries Development Zone??P.R.China
???

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@stratus.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Roddy, Mark wrote:

OK fair enough but I am mystified at a program requirement to set a break on access range. This is debugger activity, not program (or driver) activity. I understand why one might put a simple breakpoint (DbgBreak()) as an assertion type diagnostic trap, anything above that level is (IMHO) not appropriate.

Not appropriate, perhaps, but it is not hard to think of useful
scenarios for this. I’m aware of one serial/USB converter that works by
virtualizing the UART I/O ports using the debug registers in exactly
this way. Further, given how unnecessarily difficult it is to create a
virtual serial port driver that works for the majority of serial
applications, I suspect this was probably an easier solution.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Doron,

Maybe he is writting a system debugger. I did once, and come up with a
pretty ntice clone, withe a limited functionality but
fully operational. Is this a fair usage and legitimate usage ?

> then you need the debugger to be present when the trap occurs anyways

Sorry, but you dont need a debugger at all. You need a interrupt handler to
handle the trap , and thats it. If you already went through the trouble of
writting code to set up DR , whats there to stop you
to write your Int1 handlers as well ?

Dan

----- Original Message -----
From: “Doron Holan”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, July 20, 2005 7:45 PM
Subject: RE: [ntdev] WinXP will clear debug register automatically?

Mucking with platform specific registers, esp ones whose usage is not
defined by the OS and then asking it doesn’t work is not that fair either
;).

If you are figuring out what memory/io address to set a bp in code, then you
need the debugger to be present when the trap occurs anyways. If you are
doing that, breaking into windbg to set it up does not sound that
unreasonable to me.

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dan Partelly
Sent: Wednesday, July 20, 2005 9:40 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] WinXP will clear debug register automatically?

Doron,

You suggest a programmatic behaviour with your DbgBreak…(), then when I
say why it might not be enough, you fallback on using a debugger. This is
NOT fair

D

----- Original Message -----
From: “Doron Holan”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, July 20, 2005 7:15 PM
Subject: RE: [ntdev] WinXP will clear debug register automatically?

ba w4


in windbg doesn’t work?

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dan Partelly
Sent: Wednesday, July 20, 2005 8:42 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] WinXP will clear debug register automatically?

Just a guess, but he might need a break on a IO range, data …
DbgBrekPoint() wont doit.

Dan

----- Original Message -----
From: “Doron Holan”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, July 20, 2005 6:14 PM
Subject: RE: [ntdev] WinXP will clear debug register automatically?

Instead of setting breakpoints in assembly, why not use DbgBreakPoint()
instead? It has the plus side that it works and is portable.

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of yxf
Sent: Wednesday, July 20, 2005 1:46 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] WinXP will clear debug register automatically?

Hi:
I found a strange thing that debug register(DR0-DR3) will be cleared
to zero by system in winXP! But when I set the debug register(DR0-DR3)
in Win2K,their value will not be changed until I change them myself.
Do you konw why winXP clear the debug register(DR0-DR3) termly?
How can I hold the debug register values in Winxp.
Thaks all!

–

Best Regards!

XunFeng Yu

¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª

Xi’an Saming Technology Co., Ltd.
http://www.saming.com<br><br>Email£ºxxxxx@3ming.net

Address£º309R. Optoelectronics Business Incubator£¬
No.77 Keji 2nd Road,
Xi¡¯an Hi-tech Industries Development Zone£¬P.R.China
¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Yes you are right. But is 100% doable. And would be even more easy to doit
if Nt kernel would expose more of it’s IPI support routines.

DR registers are not shared between CPUs, unless you have code in Windows
which mirrors them.

Dan

----- Original Message -----
From: “Doron Holan”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, July 20, 2005 8:02 PM
Subject: RE: [ntdev] WinXP will clear debug register automatically?

Also, thinking about it a little more, how does this work on an MP machine?
I would hazard a guess that you would need to set the registers on all
available procs (unless these registers are somehow shared among them?).

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Roddy, Mark
Sent: Wednesday, July 20, 2005 9:46 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] WinXP will clear debug register automatically?

OK fair enough but I am mystified at a program requirement to set a break on
access range. This is debugger activity, not program (or driver) activity. I
understand why one might put a simple breakpoint (DbgBreak()) as an
assertion type diagnostic trap, anything above that level is (IMHO) not
appropriate.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dan Partelly
Sent: Wednesday, July 20, 2005 12:40 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] WinXP will clear debug register automatically?

Doron,

You suggest a programmatic behaviour with your DbgBreak…(), then when I
say why it might not be enough, you fallback on using a debugger. This is
NOT fair

D

----- Original Message -----
From: “Doron Holan”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, July 20, 2005 7:15 PM
Subject: RE: [ntdev] WinXP will clear debug register automatically?

ba w4


in windbg doesn’t work?

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Dan Partelly
Sent: Wednesday, July 20, 2005 8:42 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] WinXP will clear debug register automatically?

Just a guess, but he might need a break on a IO range, data …
DbgBrekPoint() wont doit.

Dan

----- Original Message -----
From: “Doron Holan”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, July 20, 2005 6:14 PM
Subject: RE: [ntdev] WinXP will clear debug register automatically?

Instead of setting breakpoints in assembly, why not use DbgBreakPoint()
instead? It has the plus side that it works and is portable.

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of yxf
Sent: Wednesday, July 20, 2005 1:46 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] WinXP will clear debug register automatically?

Hi:
I found a strange thing that debug register(DR0-DR3) will be cleared
to zero by system in winXP! But when I set the debug register(DR0-DR3)
in Win2K,their value will not be changed until I change them myself.
Do you konw why winXP clear the debug register(DR0-DR3) termly?
How can I hold the debug register values in Winxp.
Thaks all!

–

Best Regards!

XunFeng Yu

¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª

Xi’an Saming Technology Co., Ltd.
http://www.saming.com<br><br>Email£ºxxxxx@3ming.net

Address£º309R. Optoelectronics Business Incubator£¬
No.77 Keji 2nd Road,
Xi¡¯an Hi-tech Industries Development Zone£¬P.R.China
¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@stratus.com
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

Well

Debug register are only for debuggers. Unless you are writting CPU emulators
or debuggers they are best leave aside. Is not OK to use them for
virtualizing ports, altough …

Dan

----- Original Message -----
From: “Tim Roberts”
To: “Windows System Software Devs Interest List”
Sent: Wednesday, July 20, 2005 8:31 PM
Subject: Re: [ntdev] WinXP will clear debug register automatically?

> Roddy, Mark wrote:
>
>>OK fair enough but I am mystified at a program requirement to set a break
>>on access range. This is debugger activity, not program (or driver)
>>activity. I understand why one might put a simple breakpoint (DbgBreak())
>>as an assertion type diagnostic trap, anything above that level is (IMHO)
>>not appropriate.
>>
>
> Not appropriate, perhaps, but it is not hard to think of useful scenarios
> for this. I’m aware of one serial/USB converter that works by
> virtualizing the UART I/O ports using the debug registers in exactly this
> way. Further, given how unnecessarily difficult it is to create a virtual
> serial port driver that works for the majority of serial applications, I
> suspect this was probably an easier solution.
>
> –
> Tim Roberts, xxxxx@probo.com
> Providenza & Boekelheide, Inc.
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> To unsubscribe send a blank email to xxxxx@lists.osr.com

> From: Dan Partelly

Sorry, but you dont need a debugger at all. You need a
interrupt handler to
handle the trap , and thats it. If you already went through
the trouble of
writting code to set up DR , whats there to stop you
to write your Int1 handlers as well ?

Dan

It will be hard to do on x64 Windows that have kernel patch
protection:
http://www.microsoft.com/whdc/driver/kernel/64bitPatching.mspx

The protection code looks moderately obfuscated so it would be
not easy to circumvent.

Dmitriy Budko, VMware

Thanks all at first! Actually, I am writing a driver which seems like a
system debugger.
In my driver I set a I/O access breakpoint using DR0-DR7 and I have
a INT1 interrupt handler to handle the trap.It works well in Win2K.
But when I ran my driver in WinXP ,I found DR0-DR7 would be reset by system
termly,
so my I/O access breakpoint would be disabled.
There is no windbg in system and not an MP machine.

“Dan Partelly” :xxxxx@ntdev…
> Doron,
>
> Maybe he is writting a system debugger. I did once, and come up with a
> pretty ntice clone, withe a limited functionality but
> fully operational. Is this a fair usage and legitimate usage ?
>
> >> then you need the debugger to be present when the trap occurs anyways
>
> Sorry, but you dont need a debugger at all. You need a interrupt handler
to
> handle the trap , and thats it. If you already went through the trouble of
> writting code to set up DR , whats there to stop you
> to write your Int1 handlers as well ?
>
> Dan
>
> ----- Original Message -----
> From: “Doron Holan”
> To: “Windows System Software Devs Interest List”
> Sent: Wednesday, July 20, 2005 7:45 PM
> Subject: RE: [ntdev] WinXP will clear debug register automatically?
>
>
> Mucking with platform specific registers, esp ones whose usage is not
> defined by the OS and then asking it doesn’t work is not that fair either
> ;).
>
> If you are figuring out what memory/io address to set a bp in code, then
you
> need the debugger to be present when the trap occurs anyways. If you are
> doing that, breaking into windbg to set it up does not sound that
> unreasonable to me.
>
> d
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Dan Partelly
> Sent: Wednesday, July 20, 2005 9:40 AM
> To: Windows System Software Devs Interest List
> Subject: Re: [ntdev] WinXP will clear debug register automatically?
>
> Doron,
>
> You suggest a programmatic behaviour with your DbgBreak…(), then when I
> say why it might not be enough, you fallback on using a debugger. This is
> NOT fair
>
>
> D
>
>
> ----- Original Message -----
> From: “Doron Holan”
> To: “Windows System Software Devs Interest List”
> Sent: Wednesday, July 20, 2005 7:15 PM
> Subject: RE: [ntdev] WinXP will clear debug register automatically?
>
>
> ba w4

>
> in windbg doesn’t work?
>
> d
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Dan Partelly
> Sent: Wednesday, July 20, 2005 8:42 AM
> To: Windows System Software Devs Interest List
> Subject: Re: [ntdev] WinXP will clear debug register automatically?
>
> Just a guess, but he might need a break on a IO range, data …
> DbgBrekPoint() wont doit.
>
> Dan
>
>
> ----- Original Message -----
> From: “Doron Holan”
> To: “Windows System Software Devs Interest List”
> Sent: Wednesday, July 20, 2005 6:14 PM
> Subject: RE: [ntdev] WinXP will clear debug register automatically?
>
>
> Instead of setting breakpoints in assembly, why not use DbgBreakPoint()
> instead? It has the plus side that it works and is portable.
>
> d
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of yxf
> Sent: Wednesday, July 20, 2005 1:46 AM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] WinXP will clear debug register automatically?
>
>
> Hi:
> I found a strange thing that debug register(DR0-DR3) will be cleared
> to zero by system in winXP! But when I set the debug register(DR0-DR3)
> in Win2K,their value will not be changed until I change them myself.
> Do you konw why winXP clear the debug register(DR0-DR3) termly?
> How can I hold the debug register values in Winxp.
> Thaks all!
>
>
> –
>
>
>
>
> Best Regards!
>
> XunFeng Yu
>
> ¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª
>
> Xi’an Saming Technology Co., Ltd.
> http://www.saming.com
>
> Email£ºxxxxx@3ming.net
>
> Address£º309R. Optoelectronics Business Incubator£¬
> No.77 Keji 2nd Road,
> Xi¡¯an Hi-tech Industries Development Zone£¬P.R.China
> ¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª
>
>
>
>
>
>
>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@windows.microsoft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>

Thanks all at first! Actually, I am writing a driver which seems like a
system debugger.
In my driver I set a I/O access breakpoint using DR0-DR7 and I have
a INT1 interrupt handler to handle the trap.It works well in Win2K.
But when I ran my driver in WinXP ,I found DR0-DR7 would be reset by system
termly,
so my I/O access breakpoint would be disabled.
There is no windbg in system and not an MP machine.

“yxf” :xxxxx@ntdev…
>
> Hi:
> I found a strange thing that debug register(DR0-DR3) will be cleared
> to zero by system in winXP! But when I set the debug register(DR0-DR3)
> in Win2K,their value will not be changed until I change them myself.
> Do you konw why winXP clear the debug register(DR0-DR3) termly?
> How can I hold the debug register values in Winxp.
> Thaks all!
>
>
> –
>
>
>
>
> Best Regards!
>
> XunFeng Yu
>
> ¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª
>
> Xi’an Saming Technology Co., Ltd.
> http://www.saming.com
>
> Email£ºxxxxx@3ming.net
>
> Address£º309R. Optoelectronics Business Incubator£¬
> No.77 Keji 2nd Road,
> Xi¡¯an Hi-tech Industries Development Zone£¬P.R.China
> ¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª
>
>
>
>
>
>
>
>
>
>

Try following flag so that you are noticed before the debug register changed.

GD (general detect enable) flag (bit 13) ?? Enables (when set) debug-register protection, which causes a debug exception to be generated prior to any MOV instruction that accesses a debug register. When such a condition is detected, the BD flag in debug status register DR6 is set prior to generating the exception. This condition is provided to support in-circuit emulators. (When the emulator needs to access the debug registers, emulator software can set the GD flag to prevent interference from the program currently executing on the processor.) The processor clears the GD flag upon entering to the debug exception handler, to allow the handler access to the debug registers.
(From IA-32 Manual Volume 3)

Best Regards
Raymond Zhang

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of yxf
Sent: 2005??7??21?? 10:05
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] WinXP will clear debug register automatically?

Thanks all at first! Actually, I am writing a driver which seems like a
system debugger.
In my driver I set a I/O access breakpoint using DR0-DR7 and I have
a INT1 interrupt handler to handle the trap.It works well in Win2K.
But when I ran my driver in WinXP ,I found DR0-DR7 would be reset by system
termly,
so my I/O access breakpoint would be disabled.
There is no windbg in system and not an MP machine.

Actually,I know the GD flag!But what can I do after a debug exception was
generated?
Because the debug exception will be generated before the MOV instruction
that access a debug register not after…

“Zhang, Raymond” :xxxxx@ntdev…
Try following flag so that you are noticed before the debug register
changed.

GD (general detect enable) flag (bit 13) ¡ª Enables (when set)
debug-register protection, which causes a debug exception to be generated
prior to any MOV instruction that accesses a debug register. When such a
condition is detected, the BD flag in debug status register DR6 is set prior
to generating the exception. This condition is provided to support
in-circuit emulators. (When the emulator needs to access the debug
registers, emulator software can set the GD flag to prevent interference
from the program currently executing on the processor.) The processor clears
the GD flag upon entering to the debug exception handler, to allow the
handler access to the debug registers.
(From IA-32 Manual Volume 3)

Best Regards
Raymond Zhang

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of yxf
Sent: 2005Äê7ÔÂ21ÈÕ 10:05
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] WinXP will clear debug register automatically?

Thanks all at first! Actually, I am writing a driver which seems like a
system debugger.
In my driver I set a I/O access breakpoint using DR0-DR7 and I have
a INT1 interrupt handler to handle the trap.It works well in Win2K.
But when I ran my driver in WinXP ,I found DR0-DR7 would be reset by system
termly,
so my I/O access breakpoint would be disabled.
There is no windbg in system and not an MP machine.

Well , since you have a interrupt handler you modify to trap frame in such a
way that the mov into DR register is bypassed at iretd time. (modify return
EIP, is trivial)

But this is a list for device driver devlopment, and not
for learning IA32 architecture. Please stick to the list profile.

Dan

>Actually,I know the GD flag!But what can I do after a >>debug exception
>was
>generated?
>Because the debug exception will be generated before the >>MOV instruction
>that access a debug register not after…