bdump's Issues
Wrong regs.json
Hi, I run it with my Win10 + Hyper-V (win10) and execute
!bdump "C:\\dump"
But it generate a wrong regs.json file
There are output from windbg
0: kd> r
rax=0000000000000001 rbx=0000000000000000 rcx=0000000000000038
rdx=00007ff618179d40 rsi=0000000000000000 rdi=0000005533cffbef
rip=00007ff618171531 rsp=0000005533cffa90 rbp=0000000000000000
r8=00000000000000f8 r9=fefefefefefefefe r10=0000000000000000
r11=0000005533cffaf7 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
CMakeProject1!main+0x71:
0033:00007ff6`18171531 488d542460 lea rdx,[rsp+60h]
Also I attached the regs.json file
regs.txt
Error: Unknown exception [at bdump (line 128 col 5)]
Hi. I'm dumping user process using !bdump "C:\temp\dump"
While saving register data, Error: Unknown exception [at bdump (line 128 col 5)]
occurs
line 128 is const User = host.currentThread.Registers.User;
in __collect_user function.
With some debugging, I figured out host.currentThread
occurs the error.(on running var curThread = host.currentThread;
, it raises same error)
add) host.currentProcess
too
kd> dx -r1 Debugger.State.Scripts.test.Contents.host
Debugger.State.Scripts.test.Contents.host : [object Object]
currentApiVersionSupported : [object Object]
currentApiVersionInitialized : [object Object]
diagnostics : [object Object]
metadata : [object Object]
namespace
currentSession : Remote KD: KdSrv:Server=@{<Local>},Trans=@{NET:Port=55555,Key=1pq9apo3ygxuf.3alfsb0xnsp1g.1j12s4iuq947e.3e7nv6a7o7t7y,Target}
currentProcess : Unknown exception
currentThread : Unknown exception
memory : [object Object]
typeSystem : [object Object]
Test Environment
- Windows 10, x86/x64 (tested on both arch VM)
- 1 vCPU, 4G RAM, Hyper-V enabled
- using 'windbg x86' / 'windbg preview' (tested both)
- used kdnet
- dumps x86 user-process
Steps
- !process 0 0 testprogram.exe
- .process /i [proc]
- g
- bp testprogram+0x1234
- g
.scriptload C:\temp\bdump.js
!bdump "C:\\temp\\dump"
Full logs
kd> !process 0 0 testprogram.exe
PROCESS af60f840 SessionId: 1 Cid: 1554 Peb: 07e37000 ParentCid: 0bb8
DirBase: bffff880 ObjectTable: a138fbc0 HandleCount: 712.
Image: testprogram.exe
kd> .process /i af60f840
You need to continue execution (press 'g' <enter>) for the context
to be switched. When the debugger breaks in again, you will be in
the new process context.
kd> g
Break instruction exception - code 80000003 (first chance)
nt!RtlpBreakWithStatusInstruction:
8537cdc4 cc int 3
kd> .reload
Connected to Windows 10 19041 x86 compatible target at (Thu Nov 4 15:03:21.843 2021 (UTC + 9:00)), ptr64 FALSE
Loading Kernel Symbols
...............................................................
................................................................
...............................................
Loading User Symbols
................................................................
................................................................
........
Loading unloaded module list
...........
kd> bp 0x1234+testprogram
kd> g
Breakpoint 0 hit
testprogram+0x1234:
001b:xxxxxxxx 8bff mov edi,edi
kd> .scriptload C:\temp\bdump.js
[bdump] Usage: !bdump "C:\\path\\to\\dump"
[bdump] Usage: !bdump_full "C:\\path\\to\\dump"
[bdump] Usage: !bdump_active_kernel "C:\\path\\to\\dump"
[bdump] This will create a dump directory and fill it with a memory and register files
[bdump] NOTE: you must include the quotes and escape the backslashes!
JavaScript script successfully loaded from 'C:\temp\bdump.js'
kd> !bdump "C:\\temp\\dump"
[bdump] creating dir...
[bdump] saving regs...
Error: Unknown exception [at bdump (line 128 col 5)]
- Related issue: microsoft/WinDbg-Samples#13
CR8/IRQL Register
The CR8 register ist set to 0xf when WinDBG is in a breakpoint. Consequently, this value is stored to the regs.json file. However, this is not the correct value before the breakpoint was hit
kd> r cr8
cr8=000000000000000f
kd> !irql
Debugger saved IRQL for processor 0x0 -- 0 (LOW_LEVEL)
Could not recover cs!
could not recover cs (different line failure than previous issue)
0:000> !bdump "C:\Users\demo\Desktop\bdump\dump"
!bdump "C:\Users\demo\Desktop\bdump\dump"
[bdump] creating dir...
[bdump] saving regs...
[bdump] could not recover cs!
Error: Unknown exception [at bdump (line 82 col 5)]
0:000> dg cs
dg cs
P Si Gr Pr Lo
Sel Base Limit Type l ze an es ng Flags
0033 Unable to get descriptor
I dont see what I'm possibly doing wrong. I am connected over a remote kernel Debugger from my Host Win10 x64 to my Hyper-V VM Win10 x64 machine. I launch the target application on my target VM using the command "ntsd -d MYAPP".
Does it possibly have to do anything with my symbols? (I'm having a hard time to set them up propberly using the documented way from examples given by Microsoft) I'm kinda completly lost right here.
Help much appreciated.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.