驱动开发
centos-com
忘了近处忘了远处忘了源自何处道无界知识无界你我无界在茫茫宇宙中任何人任何有智慧的物种都可以随意转载和修改但禁止商用.
展开
-
VMware实现单机使用WinDbg进行调试的方法
VMware实现单机使用WinDbg进行调试的方法转载请保留本人网址:http://blog.csdn.net/sunboyhch具体步骤如下: 1 设置 VMware 的虚拟com 1.1 运行 VMware ,点击 "Edit virtual machine settings" 1.2 点击 "Add..." 来运行 VMware 的 Hardware Wizard原创 2007-10-15 21:10:00 · 764 阅读 · 0 评论 -
handling IRPs 17: Call to Action and Resources
Call to Action and ResourcesCall to action for driver developers: · Return STATUS_CONTINUE_COMPLETION or STATUS_MORE_PROCESSING_REQUIRED from all IoCompletion routines.·原创 2013-06-15 17:42:58 · 791 阅读 · 0 评论 -
handling IRPs 15: Building IRPs
Building IRPsDrivers can create two types of IRPs:· Threaded IRPs, also called synchronous requests.· Nonthreaded IRPs, also called asynchronous requests.Threaded IRPsT原创 2013-06-15 17:40:22 · 883 阅读 · 0 评论 -
Handling IRPs: Definition 2: IRP as a Thread-Independent Call Stack
Definition 2: IRP as a Thread-Independent Call StackPerforming an I/O operation typically requires more than one driver for a device. Each driver for a device creates a device object, and these de原创 2013-06-15 17:19:19 · 868 阅读 · 0 评论 -
Handling IRPs 3: Passing an IRP to the Next Lower Driver
Passing an IRP to the Next Lower DriverPassing an IRP to the next lower driver (also calledforwarding an IRP) is the IRP equivalent of a subroutine call. When a driver forwards an IRP, it must p原创 2013-06-15 17:20:42 · 679 阅读 · 0 评论 -
Handling IRPs 4: Completing an IRP
Completing an IRPWhen I/O is complete, the driver that completed the I/O calls theIoCompleteRequest routine. This routine moves the IRP stack pointer to point to the next higher location in the原创 2013-06-15 17:22:35 · 787 阅读 · 0 评论 -
Handling IRPs 7: IoCompletion Routines and Asynchronous I/O Responses
IoCompletion Routines and Asynchronous I/O ResponsesIf a driver sets an IoCompletion routine for an IRP, theIoCompletion routine can check the value of the Irp->PendingReturned field to determine原创 2013-06-15 17:28:08 · 1070 阅读 · 0 评论 -
Handling IRPs 8: Propagating the Pending Bit
Propagating the Pending BitAny time a driver handling an I/O request returns the response of the next-lower driver, the value of the pending bit in its I/O stack location (SL_PENDING_RETURNED in the原创 2013-06-15 17:28:55 · 917 阅读 · 0 评论 -
Handling IRPs 11: Life Cycle of a File Object
Life Cycle of a File Object A file object is created each time a device is opened. Each file object represents a single use of an individual file, and maintains state information for that use (suc原创 2013-06-15 17:33:58 · 1041 阅读 · 0 评论 -
handling IRPs 14: Success, Error, and Warning Status for IRP Completion
Success, Error, and Warning Status for IRP CompletionWhen a driver completes an IRP with a success or warning status, the I/O Manager: · Copies the data from the buffer specified in th原创 2013-06-15 17:37:47 · 911 阅读 · 0 评论 -
windebug 指令详解
1. 线程相关线程命令是以~开始,后面跟线程id(不是tid,是windbg从0开始的一个编号),或者.,#,*等~. 表示当前线程~# 表示异常或者产生调试事件的线程~* 表示所有线程~1 表示一号线程~2 s 表示选择2号线程作为当前线程~3 f 冻结三号线程~3 u 解冻三号线程~2 n 挂起二号线程~2 m 恢复二线程线程指令还可以与其他指令混合原创 2014-07-17 21:16:44 · 2515 阅读 · 0 评论 -
WinDbg 命令集锦
//断点相关bp + 地址 设置断点bl 显示已经设定的断点bu + 地址 设置断点,但是这种类型断点再下一次启动时被记录bc 清除断点对于断点范围,可以用*匹配,-表示一个范围,表达多个可用,号隔开程序入口伪寄存器WinDbg里有个伪寄存器叫$exentry,里面记录了程序的入口点。所以我们只要在命令输入栏里输入bp $exentry(bp就是用来下断点原创 2014-07-17 21:35:59 · 489 阅读 · 0 评论 -
Handling IRPs 9: Summary of Guidelines for Pending IRPs
smmary of Guidelines for Pending IRPsDriver writers must follow certain guidelines when handling IRPs for which STATUS_PENDING can be returned. Ignoring these guidelines may cause post-processing to原创 2013-06-15 17:30:35 · 735 阅读 · 0 评论 -
Handling IRPs 6: Asynchronous I/O Responses
Asynchronous I/OResponsesA driver should return STATUS_PENDING from a dispatch routine when it cannot complete an I/O request synchronously in a timely manner. Understanding when to return STATU原创 2013-06-15 17:27:19 · 929 阅读 · 0 评论 -
windbg 和 vmware 单机调试步骤
转载请注明出处:http://blog.csdn.net/sunboyhch1 先在vmware里选择调试模式让虚拟机停止,等待windbg发出 g命令。2 打开windbg,出现断点提示,输入g,虚拟机继续运行。3 编辑你要调试的源代码,在你需要调试的代码中添加硬断点。如果不添加硬断点,将没有办法进入所调试的程序中。在你需要调试的程序中加入以下代码: DbgBre原创 2012-01-11 23:21:56 · 1126 阅读 · 0 评论 -
dump 调试
通过lm命令查看模块列表。通过.dump +path + fileName 命令生成dump文件。通过.opendump 命令(或菜单)加载dump文件。运行命令kb,显示调用栈的信息。如果有正确的符号设置,可以看到调用的函数名。如果你在调试自己驱动程序的蓝屏问题,请确保设置正确该驱动程序的符号路径,不然就会出现Stack unwind information not avai原创 2012-01-15 12:53:36 · 562 阅读 · 0 评论 -
Couldn't resolve error 的问题
1. 若符号存在D:\pathSymbols,输入命令:.sympath SRV*d:\pathSymbols*http://msdl.microsoft.com/download/symbols2 .[使用!sym noisy命令希望WinDBG在获得符号的时候取得更多的信息,接着使用!lmi命令让WinDBG查看Windows的ntoskrnl模块。然后使用.reload /f原创 2012-01-14 11:42:29 · 4754 阅读 · 0 评论 -
引入内核模式安全字符串函数
原文地址 http://www.osronline.com/ddkx/kmarch/other_0vfr.htm一、在内核驱动代码中引入安全字符串函数 有两种方式可以引入安全字符串函数: 如果代码需要在系统为Windows XP及以后版本运行时,可以使用内联的方式; 如果代码需要运行在早于Windows XP时,则必须使用链接库的方式。原创 2012-01-15 11:26:39 · 1073 阅读 · 0 评论 -
Windbg常用命令
在Windbg的命令行窗口输入"?", 则会输出帮助菜单, 在这个Menu中会显示一些常用的命令: (1)断点指令 B[C|D|E] [] clear|disable|enable breakpoints BL list breakpoints BP set soft breakpoints原创 2012-01-15 13:05:54 · 616 阅读 · 0 评论 -
内核模式安全字符串函数
基于Windows XP SP1以及随后的操作系统的Windows DDK版本提供了安全字符串函数。这类函数被设计的目的是用来取代相同功能的c/c++标准函数和其它微软提供的库函数。这类函数具有以下特征: 每个函数以目标缓冲区所占的字节大小作为其一个输入参数,因此可以保证在写入时不会超出缓冲区末端。每个函数的输出字符串均以NULL结尾(null-terminate),即使该函数可能原创 2013-05-05 21:34:01 · 819 阅读 · 1 评论 -
Handling IRPs: Introduction
IntroductionThe Microsoft® Windows® family of operating systems communicates with drivers by sending I/O request packets (IRPs). The data structure that encapsulates the IRP not only describes an原创 2013-06-14 20:38:08 · 675 阅读 · 0 评论 -
Handling IRPs 5: Synchronous I/O Responses
Synchronous I/OResponsesAlthough the Windows operating system is designed for asynchronous I/O, most applications issue synchronous I/O requests. Drivers can also issue both synchronous and asyn原创 2013-06-15 17:25:26 · 1031 阅读 · 0 评论 -
Handling IRPs 10: Optimizations
OptimizationsBy testing the value of the Irp->PendingReturned field, a driver can take advantage of the pending bit to optimize post-processing work for an I/O request. For example, a driver can u原创 2013-06-15 17:31:04 · 726 阅读 · 0 评论 -
handling IRPs 12: Data Transfer Mechanisms
Data Transfer MechanismsThe Windows family of operating systems supports three data transfer mechanisms:· Buffered I/O operates on a kernel-mode copy of the user’s data.· D原创 2013-06-15 17:35:44 · 685 阅读 · 0 评论 -
handling IRPs 16: Debugging I/O Problems
Debugging I/O ProblemsDriver writers can use the Driver Verifier and extensions to the Microsoft debuggers to debug problems in handling IRPs.Driver Verifier can catch errors in every aspect of原创 2013-06-15 17:41:24 · 762 阅读 · 0 评论 -
handling IRPs 13: I/O Control Codes (IOCTLs)
I/O Control Codes (IOCTLs)The I/O Manager sends an I/O control code (IOCTL) as part of the IRP for requests other than read or write requests. An IOCTL is a 32-bit control code that identifies an原创 2013-06-15 17:36:54 · 1059 阅读 · 0 评论 -
WinDebug的一些基本使用命令
查看当前线程的调用堆栈 kb查看全部线程的调用堆栈~*kb 显示分析的详细信息!analyze -v 继续执行g查看线程详细信息,例如线程入口地址~21 (数字代表线程id) 查看变量地址x 变量名,可以用通配符例如x 05memcorrupt!g_*用给定类型查看对象dt 类型名 地址例如dt CAppInf原创 2014-07-17 21:21:42 · 642 阅读 · 0 评论