Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

how to debug driver

2 views
Skip to first unread message

David

unread,
Nov 9, 2009, 10:15:27 PM11/9/09
to
hi all,

my filter crash and show information:

myfilter.sys -Address BA379990 base at BA378000,Datastamp 4aaf6a20

from the informations above can i know where function or line in my code
crash cause? anybody experience pls help me.

thank very much


Tim Roberts

unread,
Nov 10, 2009, 2:19:37 AM11/10/09
to

The right way is to hook up a kernel debugger and capture the crash there.
As long as you have the symbol path set up to your symbol files, it will
show you line numbers. The next best way is to look at the crash dump with
windbg.

Barring that, you can look up the address difference in your linker map.
That is, BA379990-BA378000 is 1990, which you can look up in the linker
map. The base is 00010000, so you'd look for "Rva+Base" of 00011990.

If don't create a map in every build, then you just aren't prepared for
debugging drivers.
--
Tim Roberts, ti...@probo.com
Providenza & Boekelheide, Inc.

David

unread,
Nov 10, 2009, 7:02:31 AM11/10/09
to
Thank you,

map file is .pdf file, correct?

"Tim Roberts" <ti...@probo.com> wrote in message
news:ro4if5p7hvqos3g4j...@4ax.com...

David

unread,
Nov 10, 2009, 7:06:34 AM11/10/09
to
How to create this map file?

"Tim Roberts" <ti...@probo.com> wrote in message
news:ro4if5p7hvqos3g4j...@4ax.com...

rogero

unread,
Nov 10, 2009, 7:40:17 AM11/10/09
to

David wrote:
> How to create this map file?

Add
/MAP[:filename]
to the link line.
It is also a good idea to keep every pdb with the corresponding
binary from each build, but sometimes it is easier to use the
map file as it is plain text.

Regards,
Roger.

Don Burn

unread,
Nov 10, 2009, 8:19:28 AM11/10/09
to
The map files in the PDB file and if you are building your driver with the
standard build tools it is created for you. If you are not using the
standard build tools, start by fixing that, trying to use a non-standard
build is the best way to break things.


--
Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply

"David" <david.ng...@gmail.com> wrote in message
news:uJRvu2fY...@TK2MSFTNGP06.phx.gbl...

> __________ Information from ESET NOD32 Antivirus, version of virus
> signature database 4591 (20091110) __________
>
> The message was checked by ESET NOD32 Antivirus.
>
> http://www.eset.com
>
>
>

__________ Information from ESET NOD32 Antivirus, version of virus signature database 4591 (20091110) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


Tim Roberts

unread,
Nov 11, 2009, 10:41:58 PM11/11/09
to
"David" <david.ng...@gmail.com> wrote:
>
>How to create this map file?

In your sources file:
LINKER_FLAGS = $(LINKER_FLAGS) -map

0 new messages