KdSystemDebugControl returns STATUS_INVALID_INFO_CLASS using NDK

OSR_Community_User · January 20, 2012, 4:08pm

Hi all. I’m using win7 32bit and testing on analogous os in virtual machine (with /debug on already set). I’m also using the NDK to use KdSystemDebugControl with its classes.

Using KdSystemDebugControl with SysDbgEnableKernelDebugger I obtain as NTSTATUS STATUS_INVALID_INFO_CLASS (0xc0000003).

From Alex Ionescu’s paper we can read:

“Note that the STATUS_INVALID_INFO_CLASS return code might be due
to the fact that these classes have only been implemented in later
kernels (such as Vista or a n upcoming Windows Server 2003 SP2).”

So why I get this NTSTATUS value? Thx

Abecrombie.

Ken_Johnson · January 20, 2012, 5:37pm

Why do you think that you need to call this function?

S (Msft)

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@yahoo.it
Sent: Friday, January 20, 2012 1:10 PM
To: Windows File Systems Devs Interest List
Subject: [ntfsd] KdSystemDebugControl returns STATUS_INVALID_INFO_CLASS using NDK

Hi all. I’m using win7 32bit and testing on analogous os in virtual machine (with /debug on already set). I’m also using the NDK to use KdSystemDebugControl with its classes.

Using KdSystemDebugControl with SysDbgEnableKernelDebugger I obtain as NTSTATUS STATUS_INVALID_INFO_CLASS (0xc0000003).

From Alex Ionescu’s paper we can read:

“Note that the STATUS_INVALID_INFO_CLASS return code might be due to the fact that these classes have only been implemented in later kernels (such as Vista or a n upcoming Windows Server 2003 SP2).”

So why I get this NTSTATUS value? Thx

Abecrombie.

NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · January 21, 2012, 2:30am

dont hack my windows bro

OSR_Community_User · January 21, 2012, 6:19am

Hello, thanks for your reply!

I’m disassembling kldbgdrv.sys, the driver that windbg uses for enable local kernel debugging and do kernel stuff from the user windbg’s shell.

So I’m trying to emulate this behaviour, to learn more about windbg.

If you gyus have a solution, we can talk about it.

Thanks, Abecrombie

OSR_Community_User · January 22, 2012, 11:44am

Solved: using IDA I found out that I can use DeviceIOControl with IOCTL 22C007h and pass as input buffer the specified operation