How to debug kernel Drivers??

hello,
I just want to debug a driver with softice, I've never done it before, anyone can told me if I can do it without having source, I know that softice can do it if you've got them, but dunno how to do it without.... anyone knows if it's possible to hide sice of compuware driverstudio 3.1 ( on FTP) icedump I found don't work for version 4.3.1
Thanks a lot,long life to exetools
loman!

[peleon]

Hi,

When you have the driver loaded you can put in Softice: "driver drivername", then you will see the Dispatch routines addresses for that driver. Just set up a BPX in the routines addresses that you are interested to trace.

Regards.

thanks, when I'll be at home, I'll try!

Hi,

It would also be very useful to have the symbols set up for the driver...it will give you a lot of help..as well as the whole OS symbols, since the driver is likely to call other functions in the kernel.

Best regards,
Alex Ionescu
http://www.relsoft.net

Best way to debug kernel drivers, install target OS on VMWare,
install there debugger target components.

And Debug it from host OS.

I don't try WinDbg, but Driver Studio works fine.

I've never made softice work fine with vmware, but windbg was ok.

What should I attend to when I use softice under vmware?

Quote:

Originally Posted by loman

hello,
I just want to debug a driver with softice, I've never done it before, anyone can told me if I can do it without having source, I know that softice can do it if you've got them, but dunno how to do it without.... anyone knows if it's possible to hide sice of compuware driverstudio 3.1 ( on FTP) icedump I found don't work for version 4.3.1
Thanks a lot,long life to exetools
loman!

Also, try to get Windows Checked/Debug Build, it wil be very helpfull IMHO. Microsoft provides the Debug version to MSDN subscribers. I am sure someone on this forum might be having it.