A Hole In My Head

Doron Holan's musings on drivers and other nibbles and bits

Browse by Tags

Tagged Content List
  • Blog Post: MSDN link on how to set up a user or kernel debugger

    This has got to be one of the top FAQs out there: how do I set up a kernel debugger? I just stumbled across a link on MSDN which gives instructions not only on how to set up a kernel debugger on all transports (serial, 1394, usb2), but also how to set up a user mode debugger or how to attach to a virtual...
  • Blog Post: Debugger commands (.step_filter) that make my life easier

    This is a pretty cool and somewhat obscure debugger command.  It allows you to tell the debugger what functions to skip if you are using the trace command ('t').  I think of the trace command as the 'step into' command though, but that is just me.  Let's say we have the following simple...
  • Blog Post: Getting 64 bit Vista to open my Inbox the way I want it to

    A bit over a year ago I had to figure out why my Mail key started behaving differently on Vista vs XP and wrote about how I fixed it.  Well, my dev box was so slow that I was able to employ enough sympathy that I got a new one.  While my old box was a 32 bit machine, the new one came preinstalled...
  • Blog Post: A must have book for any Windows developer

    I saw a book, Advanced Windows Debugging , in the Microsoft company store and quickly read through it. It looked pretty awesome in the level of detail and breadth that it covered. I ordered my own copy and I think it would be an invaluable resource for anyone who develops drivers or applications on Windows...
  • Blog Post: Changes to !poreqlist

    I posted about !poaction and !poreqlist about a year ago. I tend to use these extensions whenever I am debugging a power related issue in the framework. A few months ago, I ran !poreqlist and got the following output 0: kd> !poreqlist All active Power Irps from PoRequestPowerIrp PopReqestedPowerIrpList...
  • Blog Post: Debugger command (!list) that makes my life easier

    Yesterday I introduced the dl command and demonstrated some of its limitations. Today I will talk about !list . Let's take yesterday's data structure, MY_DATA. What if the LIST_ENTRY is at the end of the structure or there is more data in your structure that fits into two pointer sized fields so that...
  • Blog Post: Debugger command (dl) that makes my life easier

    The use of the LIST_ENTRY structure in WDM is quite pervasive. It is used for nearly all list keeping tasks. I have used it extensively in the past and KMDF uses it quite a bit as well. There are two debugger commands that help in viewing the contents of a list. I will talk about dl today and !list...
  • Blog Post: Viewing your KMDF log in a mini-dump (and other post mortem features)

    Your KMDF driver log can also be available in a mini-dump under certain circumstances. If you have a full kernel dump or a full memory dump, the log will be always present (barring any memory corruption or problems writing out the dump file). KMDF will attempt to write your driver's log to the mini...
  • Blog Post: Customizing the KMDF log for your driver

    Yesterday I talked about the KMDF log. The KMDF log is a great tool to debug why a DDI call has failed or diagnose the cause of a bugcheck in your driver. You can customize different attributes of the log so that you can better debug your driver. The customizations available to you are: The...
  • Blog Post: How can I view the KMDF log for my driver?

    A lot of developers have a great experience with KMDF, but then they sometimes hit a wall. They add a chunk of code and the drivers start failing because something in the new code was not implemented correctly. The first question that comes to mind is "how do I figure out what went wrong?" The framework...
  • Blog Post: Debugger commands (stack frame navigation) that makes my life easier

    One thing that I have always found clunky is stack frame navigation in windbg/kd. Previously, I thought you had only a couple of options. The first option, if you are using WinDBG, is that you can bring up the call stack window. I have found that this is not a great thing to do b/c WinDBG will...
  • Blog Post: New debugger package is now public

    You can download the package from WHDC . It is hard for me to keep track of when they go public, we get internal drops more often and so it is hard for me to know when fixes see the (external) light of day. Enjoy.
  • Blog Post: Debugger commands (!error, .enable_long_status) that makes my life easier

    One thing you learn very quickly when writing a driver is that NTSTATUS is used almost everywhere . The consistency is nice, especially compared to user mode where errors can be an HRESULT , LONG , or DWORD (yes they are all the same underlying type, but they have different meanings, particularly for...
  • Blog Post: Why does my COM port disappear when I enable the kernel debugger?

    A lot of folks are told to connect a kernel debugger (over a serial calbe) to their systems if it is constantly blue screening or if there are suspected issues in the kernel or a loaded driver. Most of these folks do not have the skills to debug the issue themselves, they are just setting up their...
  • Blog Post: Previous command completion in WinDBG

    One of the features I like about kd is that since you are using a console window, you get a lot of the console functionality for free. The 2 features that I really like are tab (err, F8) completion and the listing of command history (F7). On the other hand, windbg has a lot going for it (ignoring...
  • Blog Post: Yet another verifier? Yeah, KMDF has one too!

    One of the prominant design goals throughout KMDF's development cycle was to create a system that had a built in and deeply integrated verifier from the start. Furthermore, we had a goal to create a system that was easier to verify (as compared to WDM) at runtime and at compile time. The WDM driver...
  • Blog Post: How to break in at the call site that invokes the break point

    I think everyone at some point in time wants to embed a break point in there code, whether it be for debugging purposes, path tracing, or detecting edge conditions that have not yet been tested. When I hit a break point, I would prefer that the debugger break in at the call frame which needs the break...
  • Blog Post: Debugger commands (gu) that make my life easier

    It's a quick one today. One of the great features about windbg is that it has a return to caller button . I tend to like to keep my hands on the keyboard even when I am using windbg and Shift+F11 is still too cumbersome (long live the home row!). In the past when I wanted to return to the caller, especially...
  • Blog Post: Debugger commands (!bpid) that make my life easier (part 6)

    Today's kernel debugger command is "!bpid", break on process id. This command will break into an application in the application context from within the kernel debugger. Why would you want to do this? Well, you are not always in the right user mode context when you break into the kernel debugger, it...
  • Blog Post: Debugger commands (dps, dpp) that make my life easier (part 5)

    Today's debugger command is "dps" (display pointers and symbols). You might be familiar with the "dds" command. While dds will always dump a DWORD, dps will dump pointers, where the pointer size is determined by the target. (I used to use dds because I only debugged 32 bit machines, but after debugging...
  • Blog Post: Avoiding #defines for constant data and using enums instead

    I think that the C preprocessor is a very powerful tool, but I like to limit my use of #defines. I have already touched on this when i talked about why I liked FORCEINLINE and I want to talk about it some more. I realize I can't eliminate the use of #defines throughout all of my code for various reasons...
  • Blog Post: Debugger commands (!sd) that make my life easier (part 3.1)

    Peter Wieland informed me that you can actually find the security descriptor (SD) using !object, you just have to work harder to get at it. It relies on an undocumented structure, but since this is not being used at runtime and !object also uses it, I think it is OK to show. Once you have the SD, you...
  • Blog Post: Debugger commands (dt, ??) that make my life easier (part 4)

    Today I will cover how to look at type information from the command line of windbg/kd. You can do all of this in the UI with a mouse, but that takes too long ;). I like to keep my hands on the keyboard and not move around. More importantly, by learning the command line way, you can embed commands to...
  • Blog Post: Debugger commands (!object) that make my life easier (part 3)

    Today I am going to write about !object. One of the tools you can get from sysinternals is WinObj.exe. This allows you to traverse the internal object hierarchy in Windows. It's a neat tool, but it uses internal undocumented APIs which means that when a new OS release comes out, the tool needs to be...
  • Blog Post: Real life usage of loading a driver as a dump file

    Today I got a callstack via email (from the NTDEV list), but no dump file. I needed to determine if the bugcheck was due to a KMDF or a USB core bug. Since I had no dump file, I had to work purely on what the message contained. The callstack did have symbols and offsets though, so I had a decent place...
Page 1 of 2 (29 items) 12