Page 6 of 10 FirstFirst 12345678910 LastLast
Results 76 to 90 of 142

Thread: USB drivers for Win 7 on 8th generation Intel chipset

  1. #76
    Quote Originally Posted by blabberer View Post
    no absolutely not if you open notepad.exe on the same computer running windbg and if it breaks on ntdll!Kixxxstartyyy you are doing plain usermode debugging as if you are debugging it in ollydbg / x64dbg / whatever debug including visual-studio f5
    Thanks blabbs, I did get my feet wet, somewhat. I traced from the ntdll point where notepad stops well into ntdll and k32. I realize that is still user mode code.

    What would happen if I hit an entry point from ntdll into the kernel? Would it just stall, or kick me back to ntdll code after the kernel processes completed?

    Along the way, I experimented with the windows you suggested, changing the colours and fonts to suit. I had the code window setup with custom colours and the register window open.

    Takes a bit of getting used to with the 64-bit registers. I wondered if the leading zeros can be dumped when not in use.

    Could not find a flags register for imminent jumps. Have not looked hard yet.

    I wish the register windows could be arranged more horizontally than vertically. Maybe there's a way. Anyway, I began to feel quite comfortable stepping through the code with F8 and F10.

  2. #77
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,079
    Blog Entries
    5
    Quote Originally Posted by WaxfordSqueers View Post
    Takes a bit of getting used to with the 64-bit registers. I wondered if the leading zeros can be dumped when not in use.
    Blabberer probably has all kinds of interesting tricks, which is why I enjoy discussing this, I always learn something. I noticed that the Registers window is blank for me and gives the error message "Registers are not yet known". If you google that, it's a known problem in some situations and there's even an extension to address it:

    https://github.com/mbikovitsky/WingDbg

    Maybe you haven't come across that problem yet. Instead I use the Watch window and add the registers manually - @rip, @rax, @rbx, etc. If you use the 32 bit equivalents - @eip, @eax, etc. you'll get them as such without the higher order portion of the 64 bit address if you don't want to look at it. But I think that just adds to confusion because it's not immediately apparent if you're looking at a 64 bit address or a dword value.

  3. #78
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,486
    Blog Entries
    15
    sure register windows can be docked horizontally play with workspaces dock it to your taste and save the workspace layout

    register display can be customised to suit what one wants

    I don't use gui much I like kd and I prefer hitting r rather than lifting mouse

    but if and when I use gui I simply put eax below rax ebx below rbx and so on

    Name:  horreg.gif
Views: 126
Size:  119.4 KB
    Last edited by blabberer; March 23rd, 2019 at 03:34.

  4. #79
    Quote Originally Posted by Kayaker View Post
    I noticed that the Registers window is blank for me and gives the error message "Registers are not yet known". If you google that, it's a known problem in some situations and there's even an extension to address it:
    Thanks for tip. Have not yet encountered that one but I have downloaded the earlier version of wdbg as suggested at a link on the site. It claims the earlier version will run on W10 just fine and does not give the register problem with earlier versions of windoze.

  5. #80
    Quote Originally Posted by blabberer View Post
    sure register windows can be docked horizontally.....
    I don't use gui much I like kd and I prefer hitting r rather than lifting mouse
    I wasn't referring to docking, I meant laying out the registers horizontally rather than having to use a scroll bar to access those ones off the bottom.

    What kind of mouse do you have to lift? You don't mean a moose do you, as my Scottish ancestors would pronounce it?

    I just push mine around. It squeaks when I do and I have to offer it a bit of cheese to keep it quiet.

  6. #81
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,486
    Blog Entries
    15
    f8 and f10 can print three registers per line
    gui layout isn't configurable

    by default register printing is disabled in kernel mode

    to enable printing when broken or during stepping

    just do

    .prompt_allow +reg

    with that if you f8 or f10 or stop on an event you will get a display like this (both host and target are winx64 1809


    Code:
    kd> t
    rax=0000000000000001 rbx=fffff8025aa56180 rcx=0000000000000001
    rdx=0000000000000000 rsi=000000000000014b rdi=ffffb28157e6a040
    rip=fffff8025b7baca1 rsp=fffff8025df35b78 rbp=0000000000000002
     r8=00000000000000c5  r9=0000000000000000 r10=0000000000000101
    r11=0000000003234a75 r12=000000156c094a00 r13=0000000000000000
    r14=fffff78000000300 r15=0000000000000001
    iopl=0         nv up ei pl nz na pe nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202
    nt!DbgBreakPointWithStatus+0x1:
    fffff802`5b7baca1 c3              ret
    kd> t
    rax=0000000000000001 rbx=fffff8025aa56180 rcx=0000000000000001
    rdx=0000000000000000 rsi=000000000000014b rdi=ffffb28157e6a040
    rip=fffff8025b7cfac6 rsp=fffff8025df35b80 rbp=0000000000000002
     r8=00000000000000c5  r9=0000000000000000 r10=0000000000000101
    r11=0000000003234a75 r12=000000156c094a00 r13=0000000000000000
    r14=fffff78000000300 r15=0000000000000001
    iopl=0         nv up ei pl nz na pe nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202
    nt!KdCheckForDebugBreak+0x8eb6e:
    fffff802`5b7cfac6 90              nop
    kd> p
    rax=0000000000000001 rbx=fffff8025aa56180 rcx=0000000000000001
    rdx=0000000000000000 rsi=000000000000014b rdi=ffffb28157e6a040
    rip=fffff8025b7cfac7 rsp=fffff8025df35b80 rbp=0000000000000002
     r8=00000000000000c5  r9=0000000000000000 r10=0000000000000101
    r11=0000000003234a75 r12=000000156c094a00 r13=0000000000000000
    r14=fffff78000000300 r15=0000000000000001
    iopl=0         nv up ei pl nz na pe nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202
    nt!KdCheckForDebugBreak+0x8eb6f:
    fffff802`5b7cfac7 e9aa14f7ff      jmp     nt!KdCheckForDebugBreak+0x1e (fffff802`5b740f76)
    kd> p
    rax=0000000000000001 rbx=fffff8025aa56180 rcx=0000000000000001
    rdx=0000000000000000 rsi=000000000000014b rdi=ffffb28157e6a040
    rip=fffff8025b740f76 rsp=fffff8025df35b80 rbp=0000000000000002
     r8=00000000000000c5  r9=0000000000000000 r10=0000000000000101
    r11=0000000003234a75 r12=000000156c094a00 r13=0000000000000000
    r14=fffff78000000300 r15=0000000000000001
    iopl=0         nv up ei pl nz na pe nc
    cs=0010  ss=0018  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202
    nt!KdCheckForDebugBreak+0x1e:
    fffff802`5b740f76 4883c428        add     rsp,28h

  7. #82
    Quote Originally Posted by blabberer View Post
    f8 and f10 can print three registers per line
    gui layout isn't configurable]
    Thanks for on-going info blabbs.

    Had a break-through tonight re serial communication. Not what I wanted but something unexpected.

    Decided to try KD instead of wdbg. I just started it as KD but it knew to start a remote debug session and came up with the customary:

    Opened \\.\COM2
    Waiting to reconnect...

    Scratched my head for a bit and opened a KD session on target to try some commands. Verified that comm settings on that end were good but added one I had not known about

    KD /set dbgtransport kdcom.dll

    kdcom.dll is the dll on the target end with which windoze in debug mode loads early in the process. I looked at it quickly in IDA and it's full of communication jargon.

    BTW...I typed .server into the host KD window but nothing seemed to happen. I don't know if that helped but later, during a KD session, it opened a window of help functions. I noted a few of them for key combos like:

    <Ctrl-V><Enter> Toggle Verbose Mode
    <Ctrl-\><Enter> Debug Current Debugger

    One difference with KD is that I have a cursor, whereas with wdbg it is frozen. So I turned verbose mode to on in the host KD and when I used the Ctrl-\, Enter, it spawned a cdb.exe session with a verbose window. It told me in the verbosity to use...

    "-remote npipe:icfenable,pipe=cdb_pipe,server='my user ID'

    I presumed that meant to enter that line on KD in the target machine so I opened a cmd prompt in the target KD directory and added the above line to KD as a command line option. Lo and behold, KD on the target machine and CDB on the host started talking to each other. At least, commands entered in cdb on the host immediately show up in the KD target window over the serial port.

    I am stumped here because I have no idea what to enter. I'll have to study up on cdb and see what commands I can use. I tried <ctrl-W><Enter> from the KD instructions which is 'Print version information' in cdb and KD and cdb on both the target and the host spat out a lot of stuff about the machines.

    Then both left me a prompt as: 0.002>

    It's amazing that I have cdb on the host talking to KD on the target but I can't get either wdbg or KD past the 'waiting to reconnect' message. KD has responded to the <cntl> key functions but it's still not connected to the target.

    Ah, well, tomorrow is another debugging day. At least i feel better getting that action.

  8. #83
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,486
    Blog Entries
    15
    ctrl+\ is shortcut key for debugging the debugger

    another command for it is doing .dbgdbg in the command window

    0.002> is an usermode prompt

    i am not sure what you have done

    kd as far as i know doesn't take a switch set do you mean bcdedit /set ??

    if you are using a serial pipe windbg should say

    Opened \\.\pipe\dbpipe
    Waiting to reconnect...


    you say \\.\com so you have an actual serial com port open

    and you say your target opened a pipe ??

    i cannot decipher it as either heads or tails


    here is an overview of how kdcom works by sending packets (from the kdvmware fast debug protocol driver author)

    http://articles.sysprogs.org/kdvmware/kdcom/
    Last edited by blabberer; March 24th, 2019 at 12:51.

  9. #84
    Quote Originally Posted by blabberer View Post
    i am not sure what you have done
    kd as far as i know doesn't take a switch set do you mean bcdedit /set ??
    You have no idea what I've done???...I don't have a clue.

    Quote Originally Posted by blabberer View Post
    you say \\.\com so you have an actual serial com port open
    and you say your target opened a pipe ??
    I am using a serial cable and bcdedit has set it up as COM2. It was also bcdedit in which I used the /set command.

    I seem to have succeeded in opening a .server connection from host as server to target as client.

    I started by opening KD in host and got:


    Code:
    C:\Program Files\Debugging Tools for Windows (x64)>kd
    
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    Opened \\.\COM2
    Waiting to reconnect...
    Then I entered:

    .server
    ^\

    And received:

    Code:
    Debugger spawned, connect with
        "-remote npipe:icfenable,pipe=cdb_pipe,server=xxxx-PC"
    xxxx-PC is my user name replace with x's.

    ***********

    It also opened a cdb session as:

    Code:
    Server started with 'npipe:icfenable,pipe=cdb_pipe'
    
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    *** wait with pending attach
    Symbol search path is: srv*c:\syms*https://msdl.microsoft.com/download/symbols
    Executable search path is:
    ModLoad: 00000001`3f3c0000 00000001`3f443000   C:\Program Files\Debugging Tools
    for Windows (x64)\kd.exe
    ModLoad: 00000000`776a0000 00000000`7783f000   C:\Windows\SYSTEM32\ntdll.dll
    ModLoad: 00000000`77580000 00000000`7769f000   C:\Windows\system32\kernel32.dll
    ModLoad: 000007fe`fd300000 000007fe`fd36a000   C:\Windows\system32\KERNELBASE.dl
    l
    ModLoad: 000007fe`ff250000 000007fe`ff2ef000   C:\Windows\system32\msvcrt.dll
    ModLoad: 00000000`739b0000 00000000`73e35000   C:\Program Files\Debugging Tools
    for Windows (x64)\dbgeng.dll
    ModLoad: 00000000`73810000 00000000`739a6000   C:\Program Files\Debugging Tools
    for Windows (x64)\dbghelp.dll
    ModLoad: 000007fe`fc310000 000007fe`fc31c000   C:\Windows\system32\VERSION.dll
    ModLoad: 000007fe`fd600000 000007fe`fd6db000   C:\Windows\system32\ADVAPI32.dll
    ModLoad: 000007fe`ff8d0000 000007fe`ff8ef000   C:\Windows\SYSTEM32\sechost.dll
    ModLoad: 000007fe`fe110000 000007fe`fe23d000   C:\Windows\system32\RPCRT4.dll
    ModLoad: 00000001`80000000 00000001`8005e000   C:\Windows\system32\guard64.dll
    ModLoad: 00000000`77480000 00000000`7757a000   C:\Windows\system32\USER32.dll
    ModLoad: 000007fe`fd8c0000 000007fe`fd927000   C:\Windows\system32\GDI32.dll
    ModLoad: 000007fe`ff320000 000007fe`ff32e000   C:\Windows\system32\LPK.dll
    ModLoad: 000007fe`ff350000 000007fe`ff41b000   C:\Windows\system32\USP10.dll
    ModLoad: 000007fe`ff2f0000 000007fe`ff31e000   C:\Windows\system32\IMM32.DLL
    ModLoad: 000007fe`fe000000 000007fe`fe109000   C:\Windows\system32\MSCTF.dll
    ModLoad: 000007fe`fd1a0000 000007fe`fd1a9000   C:\Windows\system32\fltlib.dll
    ModLoad: 000007fe`fd030000 000007fe`fd087000   C:\Windows\system32\apphelp.dll
    (9f0.ed0): Break instruction exception - code 80000003 (first chance)
    ntdll!DbgBreakPoint:
    00000000`7770b1d0 cc              int     3
    0:002>
    ****************

    In the target, I opened a kd session with kd -kl. I had not noticed that the -kl parameters open kd locally. I had, however, rebooted the target and I don't know if that made a difference.

    *******************

    Note the first line in the cdb session:

    "Server started with 'npipe:icfenable,pipe=cdb_pipe'"

    And at the end of the kd session:

    "Debugger spawned, connect with
    "-remote npipe:icfenable,pipe=cdb_pipe,server=xxxx-PC""

    **************

    As I said in last post, I took that to mean I should enter that line in target kd session, which I did.

    kd target responded with:

    Code:
    C:\Program Files\Debugging Tools for Windows (x64)>kd -remote npipe:icfenable,pipe=cdb_pipe,server=YOGI-PC
    Connected to server with 'npipe:icfenable,pipe=cdb_pipe,server=xxxx-PC'
    
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    *** wait with pending attach
    Symbol search path is: srv*c:\syms*https://msdl.microsoft.com/download/symbols
    Executable search path is:
    ModLoad: 00000001`3f3c0000 00000001`3f443000   C:\Program Files\Debugging Tools for Windows (x64)\kd.exe
    ModLoad: 00000000`776a0000 00000000`7783f000   C:\Windows\SYSTEM32\ntdll.dll
    ModLoad: 00000000`77580000 00000000`7769f000   C:\Windows\system32\kernel32.dll
    ModLoad: 000007fe`fd300000 000007fe`fd36a000   C:\Windows\system32\KERNELBASE.dll
    ModLoad: 000007fe`ff250000 000007fe`ff2ef000   C:\Windows\system32\msvcrt.dll
    ModLoad: 00000000`739b0000 00000000`73e35000   C:\Program Files\Debugging Tools for Windows (x64)\dbgeng.dll
    ModLoad: 00000000`73810000 00000000`739a6000   C:\Program Files\Debugging Tools for Windows (x64)\dbghelp.dll
    ModLoad: 000007fe`fc310000 000007fe`fc31c000   C:\Windows\system32\VERSION.dll
    ModLoad: 000007fe`fd600000 000007fe`fd6db000   C:\Windows\system32\ADVAPI32.dll
    ModLoad: 000007fe`ff8d0000 000007fe`ff8ef000   C:\Windows\SYSTEM32\sechost.dll
    ModLoad: 000007fe`fe110000 000007fe`fe23d000   C:\Windows\system32\RPCRT4.dll
    ModLoad: 00000001`80000000 00000001`8005e000   C:\Windows\system32\guard64.dll
    ModLoad: 00000000`77480000 00000000`7757a000   C:\Windows\system32\USER32.dll
    ModLoad: 000007fe`fd8c0000 000007fe`fd927000   C:\Windows\system32\GDI32.dll
    ModLoad: 000007fe`ff320000 000007fe`ff32e000   C:\Windows\system32\LPK.dll
    ModLoad: 000007fe`ff350000 000007fe`ff41b000   C:\Windows\system32\USP10.dll
    ModLoad: 000007fe`ff2f0000 000007fe`ff31e000   C:\Windows\system32\IMM32.DLL
    ModLoad: 000007fe`fe000000 000007fe`fe109000   C:\Windows\system32\MSCTF.dll
    ModLoad: 000007fe`fd1a0000 000007fe`fd1a9000   C:\Windows\system32\fltlib.dll
    ModLoad: 000007fe`fd030000 000007fe`fd087000   C:\Windows\system32\apphelp.dll
    (9f0.ed0): Break instruction exception - code 80000003 (first chance)
    ntdll!DbgBreakPoint:
    00000000`7770b1d0 cc              int     3
    Live user mode: <Local>
    
    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.
    
    command line: 'cdb.exe  -server npipe:icfenable,pipe=cdb_pipe -p 2544'  Debugger Process 0x166C
    dbgeng:  image 6.12.0002.633, built Mon Feb 01 12:15:54 2010
            [path: C:\Program Files\Debugging Tools for Windows (x64)\dbgeng.dll]
    dbghelp: image 6.12.0002.633, built Mon Feb 01 12:15:44 2010
            [path: C:\Program Files\Debugging Tools for Windows (x64)\dbghelp.dll]
            DIA version: 20921
    Extension DLL search Path:
        C:\Program Files\Debugging Tools for Windows.....(edited for brevity).
        
    Extension DLL chain:
        dbghelp: image 6.12.0002.633, API 6.1.6, built Mon Feb 01 12:15:44 2010
            [path: C:\Program Files\Debugging Tools for Windows (x64)\dbghelp.dll]
        ext: image 6.12.0002.633, API 1.0.0, built Mon Feb 01 12:15:46 2010
            [path: C:\Program Files\Debugging Tools for Windows (x64)\winext\ext.dll]
        exts: image 6.12.0002.633, API 1.0.0, built Mon Feb 01 12:15:38 2010
            [path: C:\Program Files\Debugging Tools for Windows (x64)\WINXP\exts.dll]
        uext: image 6.12.0002.633, API 1.0.0, built Mon Feb 01 12:15:36 2010
            [path: C:\Program Files\Debugging Tools for Windows (x64)\winext\uext.dll]
        ntsdexts: image 6.1.7650.0, API 1.0.0, built Mon Feb 01 12:15:18 2010
            [path: C:\Program Files\Debugging Tools for Windows (x64)\WINXP\ntsdexts.dll]
    0:002>
    If I go into the cdb window and enter a command, it is echoed in the target KD console.

    I don't see much use for that at the moment but it demonstrates I have a serial connection which I may be able to use to figure out why wdbg and kd on the host cannot connect to target.
    Last edited by WaxfordSqueers; March 25th, 2019 at 05:57.

  10. #85
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,486
    Blog Entries
    15
    there are inconsistencies but ill just note them but not dwell on them

    1) when a debugger is waiting to reconnect you cannot enter any commands only shortcut keys work
    so i don't know how you managed to enter .server

    i can acknowledge being able to type ctrl+\ (or ctrl+alt+\ in newer windbg) which will spawn a parent debugger debugging the current debugger
    from which it was spawned

    this parent debugger can connect to multiple targets all at once and provides a pipe to do so

    you opened a kd -remote this connected to the cdb_pipe (it is a named pipe it is not connecting via com port that is exclusively opened for kd )

    the actual comport which has been opened for exclusive access will be banged out in device manager

    here is a threeway snapshot just look at titles


    Name:  remote.JPG
Views: 131
Size:  240.3 KB

    or here is a snap shot of full blown session where i detach the first target but leave the pipe communicating


    Name:  repeater.JPG
Views: 106
Size:  275.5 KB
    Last edited by blabberer; March 25th, 2019 at 10:09.

  11. #86
    Quote Originally Posted by blabberer View Post
    1) when a debugger is waiting to reconnect you cannot enter any commands only shortcut keys work so i don't know how you managed to enter .server
    I was messing with it, nothing structured but based loosely on the following:

    https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/activating-a-debugging-server

    My understanding of a pipe is that it's a software connection but I had previously associated it with a VM. According to this article it can be used if a debugger is opened with an elevated command prompt.

    With regard to USB, I read that the kernel connects to the driver stack via a pipe which terminates in an endpoint, which is a buffer in a device. Obviously with two computers there has to be a medium for connecting them and it is likely via the network. I'm not so sure that could not happen via the serial port but I'll pull the network cable to verify that.

    I wonder if kdcom.dll can establish a pipe? It's done in a VM, why not over a real serial connection? KD definitely has control of the serial port but it was opened with an elevated cmd prompt and once I entered '.server', then ctrl-\ enter, why could KD not use the serial port, since it is connected to it?

    I'll get back to you with more on your reply and thanks again for your patience and effort to explain.

  12. #87
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,486
    Blog Entries
    15
    i cant answer the why i don't understand theory or i rather wouldn't want to

    try this and understand for yourself or ask a new question

    start->run (win+r) -> cmd.exe -> cd %windbginstallationpath% -> cdb/windbg anybinary -> .cls -> .server npipe: pipe=waxford,icfenable



    this will start a server that any clients can connect to with -remote syntax

    open another cmd prompt

    Code:
    type net view and hit enter   
    
    get the name of servers running in the network like \\foo-pc
    
    query the debugging server running with 
    
    cdb -QR \\name you got from net view
    
    it willl reply 
    
    server \\ pipe=pipename (here pipename will be waxford fyi)
    
    connect to the server with 
    
    cdb -remote npipe: pipe=waxford ,server="foo-pc"
    now you can send any command and it will be executed and the results will be transferred to your screen (cmd.exe console screen)



    download pipelist from sysinternals and run it it will show the waxford pipe's details


    Code:
    C:\>pipelist | find "wax"
    waxford                                           3               -1
    download tcpview from sysinternals and look at epmap port (445)

    Code:
    process pid  proto   locadd     locport   remaddr     remport    state           spkt  sbytes  rpkt  rbytes
    System 4    TCPV6 [ipv6addr] 50351    [ipv6addr]  445         ESTABLISHED 23    3,003    24    2,285



    or open powershell and query


    Code:
    C:\>powershell -c "[system.Io.directory]::getfiles('\\.\\pipe\\')" | grep -i wax
    \\.\\pipe\\waxford

  13. #88
    Quote Originally Posted by blabberer View Post
    try this and understand for yourself or ask a new question
    Sorry I haven't got back, Blabbs, I am embroiled in permission issues on my desktop. Tried to run takeown and icacls on my C: drive and received access denied in Program Files and Windows directories.

    Meantime I have tried some of what you suggested in this post with success but not to the extent I need to do it.

    With regard to my physical connection, I have set up a serial port debugger on either end
    of my serial ports and I am getting good communication both ways. Wdbg is having serious problems and I don't think Microsoft has put much effort into clarifying the problem. I have read extensively on it, even in Microsoft tutorials, and they fail to adequately address the problem.

    No one on the Net I have come across has any more than a cursory understanding of this problem. I think that's because no one understands exactly how debugging mode works and there's no way to debug it during boot. At least, there's no way I have read about.

    My serial debugger is seeing wndg sending out it's message, which is basically Ascii iiii followed by <ACK> followed by a series of <NULL> bytes. It's waiting for a reply from the debugger but it's receiving nothing. If microsoft were not such a load of twits, they'd have acknowledged receipt of the host wdbg transmission or at least posted an error message to say what is wrong. However, I have yet to encounter an msoft error message that means anything in particular at any time. I have seen them on BSODS and they generally mean very little.

    The clue here, I think, is that wdbg becomes frozen while awaiting a reply. There is no way to enter commands. At least with KD, you can enter some commands. I entered '.server' for example followed by <ctrl-\> and got cdb to pop up.

    An <ACK> means acknowledge. The iiii in Ascii is 69,69,69,69, which means something in serial control language, but is the <ACK> a request to acknowledge or does it mean it acknowledges something it received? I think it's the former.

    Where do these 69s disappear on the other end? I have three different serial apps that see them but not windows debugger.

    I recall a method in older Windows OS's, which may still be available, where you could step into windows driver by driver, to see which ones were failing. That's what is required with debug mode, a forced step by step procedure so a person can see what is going on.

    I am beginning to think there are issues with Bluetooth drivers, which HP have installed on my laptop. They use COM5 and COM7 but for some reason the drivers are involved with a USB port. I may remove the Bluetooth module.

    I wanted to use COM10, well out of the way, and I can enter COM10 on my real serial port and on my USB-Serial converter. Guess what, Wdbg only allows COM1 to COM4. I have tried to force COM10 in wdbg at the command prompt and it has accepted it, but I have not been able to test it yet since I have become embroiled in the permissions issue.

    Microsoft networking is actually a horror show dreamed up by a sadistic idiot. They have a group policy client which runs just before logon but there's no way to access it since the group policy editor is not available unless you download a package from Microsoft. If you do, it tells you a domain is required and that means setting up a central computer to deal with the users and related permissions.

    I am not talking about gpedit.msc, which is a local policy editor. The group policy client is taking far too long to load and I am thinking maybe windows debugger is timing out due to the delay. I have tried to fix the problem but that requires gpmc.msc, which is the related group policy management console.

    The damnable thing is that you can enter gpresult in a cmd shell and it will give you errors in the group policy which can slow down boot time considerably, but you need gpmc.msc to deal with it. When you load gpmc, after downloading the package, it won't let you access local group policy to fix the errors, because you need to be on a domain running active desktop.

    Whoever designed this system are raving idiots. They have completely missed the mark, confusing the needs of a home user with the needs of a business with servers, domains and networks.

    I tried a network connection with wdbg, following the instruction in a Microsoft tutorial, only to be met with the error message that the debuggee cannot be found. They require only that you select a port in wdbg, suggesting an address above 50,000. I randomly selected 55555. No go. I did everything by the book, entering the requires commands in a cmd shell and received a long key. No debuggee can be found.

    A casual home user should not have such issues. It should be dead, stupid simple yet Microsoft have turned it into an IT-weenie horror show. I can't even connect two computers with Telnet due to the anal requirements of Windows permissions over a network.

    Unix should have been abandoned 30 years ago but Microsoft is only now beginning to implement Unix openly. That's where all this crap about permissions comes from plus the rocket-science of omitting file extensions that make it immediately clear what kind of file you are examining. In DOS life it is foo.exe, foo.txt. foo.bin, foo.jpg, etc. In Unix it is foo, foo, foo foo, etc., and they are OK with that because they are all weenies.

    At this point, you are likely pulling your hair out wondering why I am messing with physical connections. I am doing it basically because hardware is my game and such connections are 'supposed' to be logical. They are far from logical due to intervening issues that Microsoft does not address like firewall issues and their anal, idiotic system of permissions that manage at times to issue 'access denied' error windows requiring administrative rights when I am the administrator.

  14. #89
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,486
    Blog Entries
    15
    sure take your time
    go round over one less than thousand times

  15. #90
    Quote Originally Posted by blabberer View Post
    sure take your time go round over one less than thousand times
    Question...is there a way for me to set up a debugging session on the target so I can find out why it is not responding to the host?

    Learned a trick of which you may be aware. Don't go away it applies to debugging, which I go into after.

    You can use the 'Ease of Access' icon at the logon screen as a link to cmd.exe. Therefore, you can start a command window at the logon screen. I have already done that to load drivers.

    The Ease of access app is utilman.exe, found in Windows/system32. It is referenced in the registry under HKLM/Software/Microsoft/WindowsNT/CurrentVersion/Image File Execution Options. Under Utilman you find 'Debugger'. It's a matter of changing the Debugger value to cmd.exe, and voila, the Ease of Access icon opens up a command window.

    I just tested that by double-clicking Utilman in sys32 and it opened a command window.

    I see no evidence that the command window opens with elevated privileges but there is a command line to do that. Thus far, I've had no need for it but this command line should give cmd.exe permanent administrative privileges. Don't know if that is good or bad.

    cmd.exe /c takeown /f "%1" && icacls "%1" /grant administrators:F

    I just applied that via the Run command and now cmd.exe opens as: Administrator: Command Prompt.

    To the question:

    Could I run KD from the logon screen using such a cmd window? I tried it at the logon window by pressing 'Ease of Access' icon and KD opens fine in the command window. I used the KD -kl option however.

    If I use just KD it gives me error 0n2..."The system cannot find the file specified". That's because I don't know what file I am looking for.

    I can play with this, and I will, but you'll know whether or not I'm wasting my time.

    I was also able to open windbg at the logon screen. I launched 'Attach to a Process' to see if I could find a process related to debug. I am currently making a list of them and identifying each one with debug off and debug on. Hopefully I can find a process that might get me into the debugging process on the target.

    BTW...all this is taking place on the target machine.

Similar Threads

  1. Key generation
    By rebx in forum The Newbie Forum
    Replies: 4
    Last Post: December 17th, 2011, 12:46
  2. License generation WLSCGEN
    By calvin in forum The Newbie Forum
    Replies: 0
    Last Post: March 2nd, 2010, 04:38
  3. how does certificate generation work ?
    By p_2001 in forum The Newbie Forum
    Replies: 15
    Last Post: March 17th, 2009, 11:57
  4. FlexLM license generation
    By Killer_l00p in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: June 18th, 2001, 13:14
  5. FlexLM license generation
    By Killer_l00p in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: June 15th, 2001, 05:30

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •