Debugger commands (stack frame navigation) that makes my life easier

One thing that I have always found clunky is stack frame navigation in windbg/kd. Previously, I thought you had only a couple of options. The first option, if you are using WinDBG, is that you can bring up the call stack window. I have found that this is not a great thing to do b/c…

9

New debugger package is now public

You can download the package from WHDC.  It is hard for me to keep track of when they go public, we get internal drops more often and so it is hard for me to know when fixes see the (external) light of day.  Enjoy.

2

Debugger commands (!error, .enable_long_status) that makes my life easier

One thing you learn very quickly when writing a driver is that NTSTATUS is used almost everywhere. The consistency is nice, especially compared to user mode where errors can be an HRESULT, LONG, or DWORD (yes they are all the same underlying type, but they have different meanings, particularly for success/failure checks). The problem with…

5

Why does my COM port disappear when I enable the kernel debugger?

A lot of folks are told to connect a kernel debugger (over a serial calbe) to their systems if it is constantly blue screening or if there are suspected issues in the kernel or a loaded driver. Most of these folks do not have the skills to debug the issue themselves, they are just setting…

1

Previous command completion in WinDBG

One of the features I like about kd is that since you are using a console window, you get a lot of the console functionality for free. The 2 features that I really like are tab (err, F8) completion and the listing of command history (F7). On the other hand, windbg has a lot going…

3

Yet another verifier? Yeah, KMDF has one too!

One of the prominant design goals throughout KMDF’s development cycle was to create a system that had a built in and deeply integrated verifier from the start. Furthermore, we had a goal to create a system that was easier to verify (as compared to WDM) at runtime and at compile time. The WDM driver verifier…

3

How to break in at the call site that invokes the break point

I think everyone at some point in time wants to embed a break point in there code, whether it be for debugging purposes, path tracing, or detecting edge conditions that have not yet been tested. When I hit a break point, I would prefer that the debugger break in at the call frame which needs…

8

Debugger commands (gu) that make my life easier

It’s a quick one today. One of the great features about windbg is that it has a return to caller button . I tend to like to keep my hands on the keyboard even when I am using windbg and Shift+F11 is still too cumbersome (long live the home row!). In the past when I…

3

Debugger commands (!bpid) that make my life easier (part 6)

Today’s kernel debugger command is “!bpid”, break on process id. This command will break into an application in the application context from within the kernel debugger. Why would you want to do this? Well, you are not always in the right user mode context when you break into the kernel debugger, it is essentially random….

2

Debugger commands (dps, dpp) that make my life easier (part 5)

Today’s debugger command is “dps” (display pointers and symbols). You might be familiar with the “dds” command. While dds will always dump a DWORD, dps will dump pointers, where the pointer size is determined by the target. (I used to use dds because I only debugged 32 bit machines, but after debugging a 64 machine…

4