Command
$ !stacks 2 wlan6ex
$ .thread $address // This can jump to specific thread for stack and local variable
$ db 0x ← 記憶體位置 可以看記憶體內容
$ !wmitrace.logger mtkwl
$ !wmitrace.logsave 0x10 C:\Windows\Temp\wifi.etl
$ bp wlan6ex!WdiOidRequest # 設中斷點在wlan6ex裡的WdiOidRequest (知道記憶體位置時使用)
$ bu wlan6ex!WdiOidRequest # 設中斷點在wlan6ex裡的WdiOidRequest (還不知道記憶體位置時使用)
$ CTRL + ATL + K #重開機時, 會中斷讓你設斷點
$ dt struct #查看資料結構裡的BYTE
$ x wl6ex !WdiOidRequest # 查詢在wl6ex symbol裡的是否有WdiOidRequest 要在前後加*
$ .crash #手動產生BSOD
$ kn #Dump Kernal Call Stack
$ r @rcx @rdx @r8 @r9 #dump Registry
$ pt #跳到這個function的最後
$ r @rax=0 #將rax這個回傳直的registry改成0
$ ed nt!Kd_DEFAULT_MASK 0xFFFFFFFF #顯示來自目標系統的所有偵錯訊息,類似從DbgView開啟”verbose kernel messages”
也可以從Registry 裡面去修改,如下圖
Replace driver with WinDbg
- Create map file for replacing specify driver file.
Example:
Create d:\map.ini
And local build driver at D:\wlan6ex.sys
# Use the
# for comments like this one
#
# kd> .kdfiles d:\map.ini
#
map
wlan6ex.sys
D:\wlan6ex.sys - Load the driver replacement map file by doing one of the following
Set environment variable _NT_KD_FILES=d:\map.ini
Use the “.kdfiles” command on WinDBG - Disable / Enable device or Reboot DUT (Debuggee) platform
Windbg with symbol
Use the path without pdb as Windbg path.
For exmaple: C:\Symbols
==> OK C:\Symbols
\ xxx.pdb ==> NG
Add MSFT Public symbol
https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/microsoft-public-symbols
Reference
- https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/-kdfiles–set-driver-replacement-map-
- https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/mapping-driver-files
- https://samfreetime.blogspot.com/2014/08/windows-8-kernel-debug-mode-debugging.html
- https://blog.yowko.com/windbg-symbol-file-path/
- 偵錯 Windows 驅動程式逐步實驗室 (回應核心模式) p-by-step-lab–echo-kernel-mode-
- [Help] DebugView not showing DbgPrint
- https://stackoverflow.com/questions/42703063/windbg-symbol-error
- Enable Debug Print: https://keikoblog.blogspot.com/2012/05/windows-debugging-2-kernel-debugging.html