Or down the rabbit hole chasing a bunny in a waistecoat .
Where is sos.dll? WinDbg documentations says it is located in \clr10 of
Debugging Tools for Windows. It isn’t, in fact \clr10 does not even exist,
it never has to my knowledge. So where do I go to get sos.dll? I do find it
in \Windows\WinSxs, but if that is the correct place then please change the
docs to reflect it as such.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
You?ll find it shipping with the CLR. Typically, %systemroot%\Microsoft.NET\Framework[64]\vXXX\sos.dll.
The quick way to load it when local debugging a CLR process is the command:
.loadby sos mscorwks
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Wednesday, April 28, 2010 9:31 AM
To: Kernel Debugging Interest List
Subject: [windbg] Off to see the Wizard …
Or down the rabbit hole chasing a bunny in a waistecoat ?
Where is sos.dll? WinDbg documentations says it is located in \clr10 of Debugging Tools for Windows. It isn?t, in fact \clr10 does not even exist, it never has to my knowledge. So where do I go to get sos.dll? I do find it in \Windows\WinSxs, but if that is the correct place then please change the docs to reflect it as such.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
__________ Information from ESET Smart Security, version of virus signature database 5068 (20100428) __________
The message was checked by ESET Smart Security.
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Thanks, Skywing. I tried that on a 64 bit OS running 64 bit WinDbg, loading
both files from Framework64 and both fail with “syntax error in extension
string”. WinDbg is 6.12.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Skywing
Sent: Wednesday, April 28, 2010 1:50 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] Off to see the Wizard …
You’ll find it shipping with the CLR. Typically,
%systemroot%\Microsoft.NET\Framework[64]\vXXX\sos.dll.
The quick way to load it when local debugging a CLR process is the command:
.loadby sos mscorwks
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Wednesday, April 28, 2010 9:31 AM
To: Kernel Debugging Interest List
Subject: [windbg] Off to see the Wizard …
Or down the rabbit hole chasing a bunny in a waistecoat .
Where is sos.dll? WinDbg documentations says it is located in \clr10 of
Debugging Tools for Windows. It isn’t, in fact \clr10 does not even exist,
it never has to my knowledge. So where do I go to get sos.dll? I do find it
in \Windows\WinSxs, but if that is the correct place then please change the
docs to reflect it as such.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
__________ Information from ESET Smart Security, version of virus signature
database 5068 (20100428) __________
The message was checked by ESET Smart Security.
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
__________ Information from ESET Smart Security, version of virus signature
database 5069 (20100428) __________
The message was checked by ESET Smart Security.
I’ve found sos.dll and mscorwks, and have attempted to load them till I am
blue in the face. Finally, after turning a lovely shade of purple, “.chain”
says they are loaded, but when I excute any of the commands, I now get the
following:
0:000> !CLRStacks
!CLRStacks
The call to LoadLibrary(ext) failed, Win32 error 0n2
“The system cannot find the file specified.”
Please check your debugger configuration and/or network access.
The call to LoadLibrary(exts) failed, Win32 error 0n2
“The system cannot find the file specified.”
Please check your debugger configuration and/or network access.
The call to LoadLibrary(uext) failed, Win32 error 0n2
“The system cannot find the file specified.”
Please check your debugger configuration and/or network access.
The call to LoadLibrary(ntsdexts) failed, Win32 error 0n2
“The system cannot find the file specified.”
Please check your debugger configuration and/or network access.
No export CLRStacks found
Doing a .chain I get this:
0:000> .chain
.chain
Extension DLL search Path:
c:\DebuggerS\WINXP;c:\DebuggerS\winext;c:\DebuggerS\winext\arcade;c:\Debugge
rS\pri;c:\DebuggerS;c:\DebuggerS\winext\arcade;C:\Windows\system32;C:\Window
s;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\Wi
ndows\Microsoft.NET\Framework64\v2.0.50727\
Extension DLL chain:
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\sos.dll: image
2.0.50727.4927, API 1.0.0, built Wed Jun 03 23:12:19 2009
[path: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\sos.dll]
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll: image
2.0.50727.4927, built Wed Jun 03 22:58:39 2009
[path: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll]
dbghelp: image 6.12.0002.633, API 6.1.6, built Mon Feb 01 14:15:44 2010
[path: c:\DebuggerS\dbghelp.dll]
ext: (Not loaded)
exts: (Not loaded)
uext: (Not loaded)
ntsdexts: (Not loaded)
So I supposed I should load ext, exts, uext, and ntsdexts. I’ve tried, many
many many times but always get this:
0:000> !load C:\WinDDK\7600.16385.1\Debuggers\winext\ext.dll
!load C:\WinDDK\7600.16385.1\Debuggers\winext\ext.dll
The call to LoadLibrary(C:\WinDDK\7600.16385.1\Debuggers\winext\ext.dll)
failed, Win32 error 0n126
“The specified module could not be found.”
Please check your debugger configuration and/or network access.
The files in question are indeed in that path but WinDbg while in the
initial breakpoint of a service, will NOT load them. However, when I do a
chain after forcing a breakpoint from WinDbg I find that hey are indeed
loaded.
0: kd> .chain
Extension DLL search Path:
C:\WinDDK\7600.16385.1\Debuggers\WINXP;C:\WinDDK\7600.16385.1\Debuggers\wine
xt;C:\WinDDK\7600.16385.1\Debuggers\winext\arcade;C:\WinDDK\7600.16385.1\Deb
uggers\pri;C:\WinDDK\7600.16385.1\Debuggers;C:\WinDDK\7600.16385.1\Debuggers
\winext\arcade;C:\Perl\site\bin;C:\Perl\bin;C:\Windows\system32;C:\Windows;C
:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0;C:\WinDD
K\7600.16385.1\Debuggers;C:\Program Files (x86)\Common Files\Roxio
Shared\DLLShared;C:\Program Files (x86)\Common Files\Roxio
Shared\DLLShared;C:\Program Files (x86)\Common Files\Roxio
Shared\DLLShared;C:\Program Files (x86)\Common Files\Roxio
Shared\12.0\DLLShared;C:\Program Files (x86)\Microsoft SQL
Server\100\Tools\Binn;C:\Program Files\Microsoft SQL
Server\100\Tools\Binn;C:\Program Files\Microsoft SQL
Server\100\DTS\Binn;C:\Program Files (x86)\Microsoft SQL
Server\100\Tools\Binn\VSShell\Common7\IDE;C:\Program Files (x86)\Microsoft
SQL Server\100\DTS\Binn;C:\Program Files (x86)\Microsoft Visual Studio
9.0\Common7\IDE\PrivateAssemblies;C:\Program Files\Microsoft Network
Monitor 3;c:\Program Files (x86)\Microsoft SQL
Server\90\Tools\binn;C:\Program Files\TortoiseSVN\bin;C:\Program
Files\Common Files\Microsoft Shared\Windows Live
Extension DLL chain:
C:\WinDDK\7600.16385.1\Debuggers\winext\uext.dll: image 6.12.0002.633,
API 1.0.0, built Mon Feb 01 14:15:36 2010
[path: C:\WinDDK\7600.16385.1\Debuggers\winext\uext.dll]
C:\WinDDK\7600.16385.1\Debuggers\winxp\ntsdexts.dll: image 6.1.7650.0,
API 1.0.0, built Mon Feb 01 14:15:18 2010
[path: C:\WinDDK\7600.16385.1\Debuggers\winxp\ntsdexts.dll]
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll: image
2.0.50727.4927, API 1.0.0, built Wed Jun 03 23:12:19 2009
[path: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll]
dbghelp: image 6.12.0002.633, API 6.1.6, built Mon Feb 01 14:15:44 2010
[path: C:\WinDDK\7600.16385.1\Debuggers\dbghelp.dll]
ext: image 6.12.0002.633, API 1.0.0, built Mon Feb 01 14:15:46 2010
[path: C:\WinDDK\7600.16385.1\Debuggers\winext\ext.dll]
exts: image 6.12.0002.633, API 1.0.0, built Mon Feb 01 14:15:38 2010
[path: C:\WinDDK\7600.16385.1\Debuggers\WINXP\exts.dll]
kext: image 6.12.0002.633, API 1.0.0, built Mon Feb 01 14:15:36 2010
[path: C:\WinDDK\7600.16385.1\Debuggers\winext\kext.dll]
kdexts: image 6.1.7650.0, API 1.0.0, built Mon Feb 01 14:15:29 2010
[path: C:\WinDDK\7600.16385.1\Debuggers\WINXP\kdexts.dll]
So whats the secret to debugging CLR code using the tools that the documents
say to use? Is this more “magic” designed to function only inside the
hallowed halls of the Redmond campus?
Gary G. Little
H (952) 223-1349
C (952) 454-4629
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Skywing
Sent: Wednesday, April 28, 2010 1:50 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] Off to see the Wizard …
You’ll find it shipping with the CLR. Typically,
%systemroot%\Microsoft.NET\Framework[64]\vXXX\sos.dll.
The quick way to load it when local debugging a CLR process is the command:
.loadby sos mscorwks
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Wednesday, April 28, 2010 9:31 AM
To: Kernel Debugging Interest List
Subject: [windbg] Off to see the Wizard …
Or down the rabbit hole chasing a bunny in a waistecoat .
Where is sos.dll? WinDbg documentations says it is located in \clr10 of
Debugging Tools for Windows. It isn’t, in fact \clr10 does not even exist,
it never has to my knowledge. So where do I go to get sos.dll? I do find it
in \Windows\WinSxs, but if that is the correct place then please change the
docs to reflect it as such.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
__________ Information from ESET Smart Security, version of virus signature
database 5068 (20100428) __________
The message was checked by ESET Smart Security.
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
__________ Information from ESET Smart Security, version of virus signature
database 5069 (20100428) __________
The message was checked by ESET Smart Security.
__________ Information from ESET Smart Security, version of virus signature
database 5076 (20100430) __________
The message was checked by ESET Smart Security.
Gary, I’m a little confused by what the difference is between the two breakpoints you mention. I understand the first one (initial in service), but when are you ‘forcing’ the second one?
Also, what’s the os here?
Thanks,
mm
“Gary G. Little” wrote in message
news:xxxxx@windbg…
> I’ve found sos.dll and mscorwks, and have attempted to load them till I am
> blue in the face. Finally, after turning a lovely shade of purple,
> “.chain”
> says they are loaded, but when I excute any of the commands, I now get the
> following:
>
> 0:000> !CLRStacks
>
> !CLRStacks
>
> The call to LoadLibrary(ext) failed, Win32 error 0n2
>
> “The system cannot find the file specified.”
IIRC this error can mean that the DLL has some unresolved import.
Try Dependency viewer on it.
– pa
What Pavel just said is definitely by far the most common cause, but I don’t see how that could likely be the case with something like ‘ext.’
Also, I’m not familiar with ‘!load;’ how does it differ from ‘.load?’
Judging from the output, it looks like it’s calling/expecting something of the ‘.loadby’ form, which personally I’ve always found confusing.
mm
The OS is 64 bit Win7, with all updates. The target OS is also Wi7, 64 bit,
all updates.
By “forcing” I meant that WinDbg was running with “*Busy*: Debuggee is
running …” at the bottom of the Command window. I then used (Ctl+Break) or
simply put my mouse on the “Break” icon in the menu bar and selected it.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@evitechnology.com
Sent: Friday, April 30, 2010 2:59 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Off to see the Wizard …
Gary, I’m a little confused by what the difference is between the two
breakpoints you mention. I understand the first one (initial in service),
but when are you ‘forcing’ the second one?
Also, what’s the os here?
Thanks,
mm
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
__________ Information from ESET Smart Security, version of virus signature
database 5076 (20100430) __________
The message was checked by ESET Smart Security.
__________ Information from ESET Smart Security, version of virus signature
database 5076 (20100430) __________
The message was checked by ESET Smart Security.
Yeah … that’s me right now, definitely confused.
You can load the ext variants, infact they are loaded, when WinDbg first
loads. But if I execute a CLR command and I get an error message that says
they aren’t loaded, and any attempt to load them while in that breakpoint
complains they can’t be loaded. I’ve set the _NT_DEBUGGER_EXTENSION_PATH to:
“C:\Windows\Microsoft.NET\Framework64\v2.0.50727;C:\WinDDK\7600.16385.1\Debu
ggers\winxp;C:\WinDDK\7600.16385.1\Debuggers\winext;” which is all the paths
in question.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@evitechnology.com
Sent: Friday, April 30, 2010 3:08 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Off to see the Wizard …
What Pavel just said is definitely by far the most common cause, but I don’t
see how that could likely be the case with something like ‘ext.’
Also, I’m not familiar with ‘!load;’ how does it differ from ‘.load?’
Judging from the output, it looks like it’s calling/expecting something of
the ‘.loadby’ form, which personally I’ve always found confusing.
mm
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
__________ Information from ESET Smart Security, version of virus signature
database 5076 (20100430) __________
The message was checked by ESET Smart Security.
__________ Information from ESET Smart Security, version of virus signature
database 5076 (20100430) __________
The message was checked by ESET Smart Security.
OK. So, given that you’re debugging a service, are you doing this remotely or via the kernel debugger?
As you’re running on Win 7, I’m wondering if the reason that the initial breakpoint case and the later case are different might have something to do with the whole session zero thing.
Also, depending on what type of remote we’re talking about (if any), the paths could be different. Maybe.
mm
Here’s an example of some of the frustration in working with this
scatalogically bovine interface. I’ve restarted WinDbg, done a chain to find
everything in place that I need. Yet when I execute a command, “!GCRoot” I
get this:
" Failed to find runtime DLL (mscorwks.dll), 0x80004005
Extension commands need mscorwks.dll in order to have something to do."
If I then use “g” to start the target and start the service I want to debug
I get the next dump.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
--------------------------------------Screen dump before starting
service-------------------------------------
0: kd> .chain
Extension DLL search Path:
C:\Windows\Microsoft.NET\Framework64\v2.0.50727;C:\WinDDK\7600.16385.1\Debug
gers\winxp;C:\WinDDK\7600.16385.1\Debuggers\winext;;C:\WinDDK\7600.16385.1\D
ebuggers\WINXP;C:\WinDDK\7600.16385.1\Debuggers\winext;C:\WinDDK\7600.16385.
1\Debuggers\winext\arcade;C:\WinDDK\7600.16385.1\Debuggers\pri;C:\WinDDK\760
0.16385.1\Debuggers;C:\WinDDK\7600.16385.1\Debuggers\winext\arcade;C:\Perl\s
ite\bin;C:\Perl\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;
C:\Windows\System32\WindowsPowerShell\v1.0;C:\WinDDK\7600.16385.1\Debuggers
;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared;C:\Program
Files (x86)\Common Files\Roxio Shared\DLLShared;C:\Program Files
(x86)\Common Files\Roxio Shared\DLLShared;C:\Program Files (x86)\Common
Files\Roxio Shared\12.0\DLLShared;C:\Program Files (x86)\Microsoft SQL
Server\100\Tools\Binn;C:\Program Files\Microsoft SQL
Server\100\Tools\Binn;C:\Program Files\Microsoft SQL
Server\100\DTS\Binn;C:\Program Files (x86)\Microsoft SQL
Server\100\Tools\Binn\VSShell\Common7\IDE;C:\Program Files (x86)\Microsoft
SQL Server\100\DTS\Binn;C:\Program Files (x86)\Microsoft Visual Studio
9.0\Common7\IDE\PrivateAssemblies;C:\Program Files\Microsoft Network
Monitor 3;c:\Program Files (x86)\Microsoft SQL
Server\90\Tools\binn;C:\Program Files\TortoiseSVN\bin;C:\Program
Files\Common Files\Microsoft Shared\Windows Live
Extension DLL chain:
mscorwks: image 2.0.50727.4927, built Wed Jun 03 22:58:39 2009
[path: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll]
sos: image 2.0.50727.4927, API 1.0.0, built Wed Jun 03 23:12:19 2009
[path: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll]
C:\WinDDK\7600.16385.1\Debuggers\winext\uext.dll: image 6.12.0002.633,
API 1.0.0, built Mon Feb 01 14:15:36 2010
[path: C:\WinDDK\7600.16385.1\Debuggers\winext\uext.dll]
C:\WinDDK\7600.16385.1\Debuggers\winxp\ntsdexts.dll: image 6.1.7650.0,
API 1.0.0, built Mon Feb 01 14:15:18 2010
[path: C:\WinDDK\7600.16385.1\Debuggers\winxp\ntsdexts.dll]
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll: image
2.0.50727.4927, API 1.0.0, built Wed Jun 03 23:12:19 2009
[path: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\SOS.dll]
dbghelp: image 6.12.0002.633, API 6.1.6, built Mon Feb 01 14:15:44 2010
[path: C:\WinDDK\7600.16385.1\Debuggers\dbghelp.dll]
ext: image 6.12.0002.633, API 1.0.0, built Mon Feb 01 14:15:46 2010
[path: C:\WinDDK\7600.16385.1\Debuggers\winext\ext.dll]
exts: image 6.12.0002.633, API 1.0.0, built Mon Feb 01 14:15:38 2010
[path: C:\WinDDK\7600.16385.1\Debuggers\winxp\exts.dll]
kext: image 6.12.0002.633, API 1.0.0, built Mon Feb 01 14:15:36 2010
[path: C:\WinDDK\7600.16385.1\Debuggers\winext\kext.dll]
kdexts: image 6.1.7650.0, API 1.0.0, built Mon Feb 01 14:15:29 2010
[path: C:\WinDDK\7600.16385.1\Debuggers\winxp\kdexts.dll]
0: kd> !GCRoot
Failed to find runtime DLL (mscorwks.dll), 0x80004005
Extension commands need mscorwks.dll in order to have something to do.
--------------------------------------Screen dump after starting
service-------------------------------------
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
CommandLine: “C:\Drivers\ICE\SynDIceService.exe”
The call to LoadLibrary(ext) failed, Win32 error 0n2
“The system cannot find the file specified.”
Please check your debugger configuration and/or network access.
The call to LoadLibrary(exts) failed, Win32 error 0n2
“The system cannot find the file specified.”
Please check your debugger configuration and/or network access.
The call to LoadLibrary(uext) failed, Win32 error 0n2
“The system cannot find the file specified.”
Please check your debugger configuration and/or network access.
The call to LoadLibrary(ntsdexts) failed, Win32 error 0n2
“The system cannot find the file specified.”
Please check your debugger configuration and/or network access.
Symbol search path is:
srv*C:\Symbols*http://msdl.microsoft.com/downloads/symbols
Executable search path is:
ModLoad: 00000000012c0000 00000000012c8000 SynDIceService.exe
ModLoad: 0000000077000000 00000000771ab000 ntdll.dll
ModLoad: 000007fef8b00000 000007fef8b66000
C:\Windows\SYSTEM32\MSCOREE.DLL
ModLoad: 0000000076de0000 0000000076eff000
C:\Windows\system32\KERNEL32.dll
ModLoad: 000007fefd050000 000007fefd0bb000
C:\Windows\system32\KERNELBASE.dll
(e40.904): Break instruction exception - code 80000003 (first chance)
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
ntdll.dll -
ntdll!CsrSetPriorityClass+0x40:
00000000`770b1220 cc int 3
0:000>
__________ Information from ESET Smart Security, version of virus signature
database 5076 (20100430) __________
The message was checked by ESET Smart Security.
I’m using WinDbg connected via a firewire connection.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@evitechnology.com
Sent: Friday, April 30, 2010 3:39 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Off to see the Wizard …
OK. So, given that you’re debugging a service, are you doing this remotely
or via the kernel debugger?
As you’re running on Win 7, I’m wondering if the reason that the initial
breakpoint case and the later case are different might have something to do
with the whole session zero thing.
Also, depending on what type of remote we’re talking about (if any), the
paths could be different. Maybe.
mm
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
__________ Information from ESET Smart Security, version of virus signature
database 5076 (20100430) __________
The message was checked by ESET Smart Security.
__________ Information from ESET Smart Security, version of virus signature
database 5076 (20100430) __________
The message was checked by ESET Smart Security.
Well, in that case, I *THINK* that means that when the initial service break occurs, you’re running via NTSD, so the paths for symbols, exes, et. c. should be target relative, but when you crtl-break your way in, then paths are the usual case of host relative.
Does that make sense/help/fit with what you observe?
mm
In many ways it do. That means I need to install WinDDK\7600.16385.1 onto
the target to provide the ext paths.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@evitechnology.com
Sent: Friday, April 30, 2010 4:10 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Off to see the Wizard …
Well, in that case, I *THINK* that means that when the initial service break
occurs, you’re running via NTSD, so the paths for symbols, exes, et. c.
should be target relative, but when you crtl-break your way in, then paths
are the usual case of host relative.
Does that make sense/help/fit with what you observe?
mm
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
__________ Information from ESET Smart Security, version of virus signature
database 5076 (20100430) __________
The message was checked by ESET Smart Security.
__________ Information from ESET Smart Security, version of virus signature
database 5076 (20100430) __________
The message was checked by ESET Smart Security.
OK. Sounds like something to try, but then how are running windbg there currently?
mm
I had copied the …\Debuggers directory from my host machine … brilliant,
no? 
I’m not installiing the entire WDK. That will then have all the paths the
same on both machines.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@evitechnology.com
Sent: Friday, April 30, 2010 4:36 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Off to see the Wizard …
OK. Sounds like something to try, but then how are running windbg there
currently?
mm
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
__________ Information from ESET Smart Security, version of virus signature
database 5076 (20100430) __________
The message was checked by ESET Smart Security.
__________ Information from ESET Smart Security, version of virus signature
database 5076 (20100430) __________
The message was checked by ESET Smart Security.
Ooops … I mean I am NOW installing the WDK on the target.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Friday, April 30, 2010 4:48 PM
To: Kernel Debugging Interest List
Subject: RE: [windbg] Off to see the Wizard …
I had copied the …\Debuggers directory from my host machine … brilliant,
no?
I’m not installiing the entire WDK. That will then have all the paths the
same on both machines.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@evitechnology.com
Sent: Friday, April 30, 2010 4:36 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Off to see the Wizard …
OK. Sounds like something to try, but then how are running windbg there
currently?
mm
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
__________ Information from ESET Smart Security, version of virus signature
database 5076 (20100430) __________
The message was checked by ESET Smart Security.
__________ Information from ESET Smart Security, version of virus signature
database 5076 (20100430) __________
The message was checked by ESET Smart Security.
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
__________ Information from ESET Smart Security, version of virus signature
database 5076 (20100430) __________
The message was checked by ESET Smart Security.
__________ Information from ESET Smart Security, version of virus signature
database 5076 (20100430) __________
The message was checked by ESET Smart Security.
Looks like I did not answer your question. I’m running WinDbg remotely using
a 1394 connection. It’s the same connection I use for driver debug. Finally,
I’m getting sos and mscorwks to load, at least when I use .chain all of the
DLL’s are showing. I managed that via a parallel install of the WDK on both
target and host.
However, sos commands still do not work. If I run one I get the following:
!CLRStack
Failed to find runtime DLL (mscorwks.dll), 0x80004005
Extension commands need mscorwks.dll in order to have something to do.
However, .chain tells me this:
0:000> .chain
.chain
Extension DLL search Path:
C:\WinDDK\7600.16385.1\Debuggers\WINXP;C:\WinDDK\7600.16385.1\Debuggers\wine
xt;C:\WinDDK\7600.16385.1\Debuggers\winext\arcade;C:\WinDDK\7600.16385.1\Deb
uggers\pri;C:\WinDDK\7600.16385.1\Debuggers;C:\WinDDK\7600.16385.1\Debuggers
\winext\arcade;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Wi
ndows\System32\WindowsPowerShell\v1.0;C:\Windows\Microsoft.NET\Framework64\
v2.0.50727\
Extension DLL chain:
mscorwks: image 2.0.50727.4927, built Wed Jun 03 22:58:39 2009
[path: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll]
sos: image 2.0.50727.4927, API 1.0.0, built Wed Jun 03 23:12:19 2009
[path: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\sos.dll]
dbghelp: image 6.12.0002.633, API 6.1.6, built Mon Feb 01 14:15:44 2010
[path: C:\WinDDK\7600.16385.1\Debuggers\dbghelp.dll]
ext: image 6.12.0002.633, API 1.0.0, built Mon Feb 01 14:15:46 2010
[path: C:\WinDDK\7600.16385.1\Debuggers\winext\ext.dll]
exts: image 6.12.0002.633, API 1.0.0, built Mon Feb 01 14:15:38 2010
[path: C:\WinDDK\7600.16385.1\Debuggers\WINXP\exts.dll]
uext: image 6.12.0002.633, API 1.0.0, built Mon Feb 01 14:15:36 2010
[path: C:\WinDDK\7600.16385.1\Debuggers\winext\uext.dll]
ntsdexts: image 6.1.7650.0, API 1.0.0, built Mon Feb 01 14:15:18 2010
[path: C:\WinDDK\7600.16385.1\Debuggers\WINXP\ntsdexts.dll]
0:000>
I dunno, maybe if I go stand on my head in a corner and bray like a jackass,
perhaps this piece of offal might work.
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@evitechnology.com
Sent: Friday, April 30, 2010 4:36 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Off to see the Wizard …
OK. Sounds like something to try, but then how are running windbg there
currently?
mm
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
__________ Information from ESET Smart Security, version of virus signature
database 5076 (20100430) __________
The message was checked by ESET Smart Security.
__________ Information from ESET Smart Security, version of virus signature
database 5082 (20100503) __________
The message was checked by ESET Smart Security.
Just to make sure, have you looked at the ‘Debugging a Service Application’ topic in the Windbg docs (under ‘Debugging Techniques/Advanced Debugging Techniques’)?
mm
Yeah, I found that early on in this debaucle and have set the registry up
for kernel-mode debugging using NTSD.exe -d -y .
Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@evitechnology.com
Sent: Monday, May 03, 2010 12:29 PM
To: Kernel Debugging Interest List
Subject: RE:[windbg] Off to see the Wizard …
Just to make sure, have you looked at the ‘Debugging a Service Application’
topic in the Windbg docs (under ‘Debugging Techniques/Advanced Debugging
Techniques’)?
mm
—
WINDBG is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Information from ESET Smart Security, version of virus signature
database 5083 (20100503)
The message was checked by ESET Smart Security.
http://www.eset.com
Information from ESET Smart Security, version of virus signature
database 5083 (20100503)
The message was checked by ESET Smart Security.
http://www.eset.com