Avoiding #defines for constant data and using enums instead

I think that the C preprocessor is a very powerful tool, but I like to limit my use of #defines. I have already touched on this when i talked about why I liked FORCEINLINE and I want to talk about it some more. I realize I can’t eliminate the use of #defines throughout all of…

27

Debugger commands (!sd) that make my life easier (part 3.1)

Peter Wieland informed me that you can actually find the security descriptor (SD) using !object, you just have to work harder to get at it. It relies on an undocumented structure, but since this is not being used at runtime and !object also uses it, I think it is OK to show. Once you have…

2

Debugger commands (dt, ??) that make my life easier (part 4)

Today I will cover how to look at type information from the command line of windbg/kd. You can do all of this in the UI with a mouse, but that takes too long ;). I like to keep my hands on the keyboard and not move around. More importantly, by learning the command line way,…

4

Debugger commands (!object) that make my life easier (part 3)

Today I am going to write about !object. One of the tools you can get from sysinternals is WinObj.exe. This allows you to traverse the internal object hierarchy in Windows. It’s a neat tool, but it uses internal undocumented APIs which means that when a new OS release comes out, the tool needs to be…


Real life usage of loading a driver as a dump file

Today I got a callstack via email (from the NTDEV list), but no dump file. I needed to determine if the bugcheck was due to a KMDF or a USB core bug. Since I had no dump file, I had to work purely on what the message contained. The callstack did have symbols and offsets…

6

Debugger commands (!poaction, !poreqlist) that make my life easier (part 2)

Today’s commands are related to power, they are:!poreqlist !poaction !podev (covered in the last topic) !poreqlist will list all outstanding PIRPs on the machine that are a result of any driver calling PoRequestPowerIrp(). Remember how in the last topic, !podev did not tell you what the active deivce power irp was, only that there was…

3

Debugger commands (!drvobj, !devobj, !podev, !devstack) that make my life easier (part 1)

Over the next few days I’ll talk about different debugger commands which I use to make driver development easier, especially when debugging my driver.  Today I’ll talk about how to find your driver, the devices you created and any device object that any other driver has created.  The commands I’ll cover today are !drvobj!devobj!podev!devstack “!drvobj…

2

How to debug missing imports at driver load time

Debugging when your driver fails to load can be exasperating, especially if it is due to a missing import.  Windows 2000 would put up a dialog box telling the user which import was missing, but the user can’t do anything about it (unless she is the driver developer), so that dialog was removed post Windows…

8

Loading your driver in user mode

One of the very cool features of windbg/kd is that you can load any PE file as a dump file.  That means that you can load an exe, dll, or sys file as a dump file in the debugger.  Your driver won’t run ;), but you can look at alot of things in it.  All…

6