List of kernel modules unavailable until .reload - is this normal?
Pavel A.
enabled but not connected at boot time), lm command
does not show the full list of loaded modules and drivers.
It will show just nt and sometimes couple of drivers.
Only after .reload, lm command and Modules in windbg GUI
show the complete module list (with various symbols
states, either loaded, delayed or missing).
Even when lm can't see my driver, !dh command shows
it in the memory correctly.
The symbol path (correct) is set in the workspace specified
in windbg command line.
Is there any trick or option to get the list of modules without .reload?
I wanted to check that my driver is loaded,
and avoid .reload because it can take very long time
when symbols are unavailable.
!dh command is fine, but I'd like to do all this in my own tool (windbg
extension dll): detect connection to the target, detect the driver,
detect state of symbols, find and reload symbols if needed.
I can't distinguish between situations when
GetExpressionEx("mydriver!somevar") fails because mydriver is not
loaded, or the engine just doesn't see any modules.
Regards,
--pa
johndoe
dt nt!_LDR_DATA_TABLE_ENTRY -l InLoadOrderLinks.Flink -y
poi(PsLoadedModuleList) FullDllName
"Pavel A." <pav...@NOfastmailNO.fm> wrote in message
news:ucfD6CEn...@TK2MSFTNGP04.phx.gbl...
Pavel A.
> dt nt!_LDR_DATA_TABLE_ENTRY -l InLoadOrderLinks.Flink -y
> poi(PsLoadedModuleList) FullDllName
Thanks, Mr. Doe.
This gives:
kd> dt nt!_LDR_DATA_TABLE_ENTRY -l InLoaderLinks.Flink -y
poi(nt!PsLoadedModuleList) FullDllName
InLoaderLinks.Flink at 0x81dfc3b0
---------------------------------------------
+0x024 FullDllName : _UNICODE_STRING "\WINDOWS\system32\ntkrnlpa.exe"
0: kd> dt nt!_LDR_DATA_TABLE_ENTRY -l InLoaderLinks.Flink
poi(nt!PsLoadedModuleList) FullDllName
InLoaderLinks.Flink at 0x81dfc3b0
So, if windbg sees PsLoadedModuleList, why it won't display
all loaded modules?
( by the way, there's error in my previous post.
The !dt or !lmi commands also do not display anything
when lm doesn't work )
Windbg version is 6.9.3.113. Target is WinXP SP3 x86.
Regards,
--pa
Scott Noone
> enabled but not connected at boot time), lm command
> does not show the full list of loaded modules and drivers.
> It will show just nt and sometimes couple of drivers.
This is my experience also. My assumption has always been that since the
debugger didn't see the load notifications for the images its local copy of
the module list is busted. Only solutions are to connect at boot time or do
the .reload
-scott
--
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com
Looking forward to seeing you at the next OSR Kernel Debugging Class April
6, 2009 in Portland, OR!
"Pavel A." <pav...@NOfastmailNO.fm> wrote in message
news:ucfD6CEn...@TK2MSFTNGP04.phx.gbl...
David Craig
.kdfiles via the environment variable, so I need windbg to load my driver
from my host/development system. Windbg is much better than it used to be
and regressions (or new failures) are something to be expected and you
should keep the last several releases so you can switch as needed. I just
wish there was a transport other than 1394a, USB, and serial that was always
present as server blades are a real pain when none of those are available
and there are no slots to add any. I can't think of any other choice, but
recently I found myself wanting something that worked other than debugview
as it is not very interactive.
"Scott Noone" <sno...@osr.com> wrote in message
news:el452JOn...@TK2MSFTNGP05.phx.gbl...
pat styles [microsoft]
Scott's answer is correct. The code in the debugger that fixes up a module
list is inside of the .reload code and cannot be called independently.
.pat styles [microsoft]
"Pavel A." <pav...@NOfastmailNO.fm> wrote in message
news:#uOZstMn...@TK2MSFTNGP06.phx.gbl...