Debug drivers -OllyDBG?SoftICE?

[winndy]

I tried to dubug hddUsbMonitor v2.37.
But it need to debug drivers.

I got this from a forum .
It says you cannot debug drivers using OD.

Quote:

And that drivers run in ring0. OllyDbg is a ring3 debugger, so it
can't debug drivers - even though NT drivers are PE files. It's a fine
tool for ring3 debugging, though.

I even could not load .sys to OD.
Will this function be added in OD 2.0?

SoftICE is powerful,But OD is more convenient.

Is there any tuts talking Debug drivers using SoftICE.


Regards

[toro]

hi
if you have more than one pc, use visual softice. its convenient too.

Hi winndy ,

I've worked with SoftICE , i think it's the most powerful debugger for device drivers. And as toro said , the Visual SoftICE is realy the best . Even if you haven't more than 1 PC , don't be worried ! Install a VMware on your PC and use it as your second PC then the connection could be stablished via a COM port.
Try the SoftICE , it would be valuable.

Regards,
Just4UriM

as you rightly say ollydbg is a user mode debugger so it cannot debug drivers
to debug drivers you need a kernel mode debugger if you are comfortable with softice then you can use that as others have recommended
else get windbg from microsoft (its free and consist of both and use mode debugger aks windbg.exe and a kernel mode debugger kdb)
to use kdb you would need two pcs connected through one would act as host and other client if you dont have two pcs you can install one of those virtual machine ware (vmware virtual pc ) and debug drivers

take a look at the link below for configuring vmware to be used as second pc

http://silverstr.ufies.org/lotr0/windbg-vmware.html

http://www.catch22.net/tuts/vmware.asp

though windbg and kdbs gui is kinda fuzzy to use at first if you get used to it
it proves to be an excellent debugger

if you dont want to debug but just analyze some functions statically (dead listing approach) then getting the file loaded into ida should do a nice job
or get livekd from sysinternals and use it in conjunction with windbg to poke

[Maximus]

Well, you could give a try to Syser Debugger.
It is an interesting attempt, and it features both a r3 and a r0 debugger.
It is not character-based too, and seems very a very powerful attempt to me. Try to see if it works fine for you.
www.sysersoft.com
it is made by 2(?) cool chinese guys, and its manual is... in chinese!!
Anyway, sice commands are accepted.
Give it a look, might be good 4u.

A little note: when my friend research "StarForce", he sad he easily used OD, but it was on Win95/98, not on NT.

[winndy]

Hi,everybody

I really appreciate your help.
I'll see and try .

Thanks again
-----

Yours truly
winndy