Dana Epp's ramblings at the Sanctuary: DevCon:WinDbg Advanced Debugging


« DevCon:Windows Core Testing Best Practices \| Main \| DevCon:How To Make Devices Secure » November 13, 2003 DevCon:WinDbg Advanced Debugging Without a debugger, you are nothing. Ok, maybe not... but it sure makes your life easier. I have always found gdb a great tool when on Unix (or even cygwin), but think Visual Studio's debugger is way easier to work with on Windows. It's one of the few saving graces for Visual Studio. However, its useless for kernelmode development. That is what WinDbg is for. And in this session, I am learning what it can really do! First off, if anyone from Microsoft is listening... make WINDBG work in Visual Studio! (Just my opinion of course) You have a really good app level debugger, why not do the same for kernelmode developers like me? Just learned something interesting about COM port debugging. You need to disable legacy USB support in the BIOS of the target machine if it doesn't connect right. Maybe this is the problem I am having in my VMWare sessions. I will have to check that out when I get back. You can use Microsoft's new symstore tool to build you own symbol server. It can easily be scripted, and can run as part of the build process. This is really useful when you need to manage all the different updates for a given kernel. Looks like Longhorn has a new native assertion failure. Instead of an asm int 3; you will now trigger a __asm int 0x2c; which gives you more control and handling of the software interrupt. Some interesting Windbg commands: .formats: Converts numbers to timetamps bu: Use to save breakpoints Pseudo registers: $threat - current thread, $ped - current ped (user mode), $ra - return address lm: Detailed info about loaded images .enable_unicode: Show ushorts as chars .enable_long_status: Show signed int as hex .frame: Switch the current frame on a stack .kdfiles: Allows debugger to transfer updates versions of drivers over serial port, to replace the current version installed on the target. DOesn't work for boot drivers. In that case, you need to use the special boot loader with debugger enabled .pcmd: Allows additional debugger info to be shown at each prompt Lots of neat tips here. I really need to read the updated docs. Posted by SilverStr at November 13, 2003 02:23 PM \| TrackBack		My 5 Favorite Books Writing Secure Code Secure Programming Cookbook Security Engineering Secure Coding Principles & Practice Inside the Security Mind My 5 Favorite Papers Smashing the Stack Penetration Studies Covert Channel Analysis of Trusted Systems DoD Trusted Computer System Evaluation Criteria NSA Security Recommendation Guides Archives December 2005 November 2005 October 2005 September 2005 August 2005 July 2005 June 2005 May 2005 April 2005 March 2005 February 2005 January 2005 December 2004 November 2004 October 2004 September 2004 August 2004 July 2004 June 2004 May 2004 April 2004 March 2004 February 2004 January 2004 December 2003 November 2003 October 2003 September 2003 August 2003 July 2003 June 2003 May 2003 April 2003 March 2003 February 2003 January 2003 December 2002 November 2002 October 2002 September 2002 August 2002 July 2002 GeoURL

November 13, 2003

DevCon:WinDbg Advanced Debugging