Who's never been annoyed to see a message such as this one during a debugging session:
fatal error LNK201: error writing program to database 'c:\...\mymodule.pdb'; check for...
Right?
This usually happens when you are working on a driver or even an user mode application while doing some debugging via WinDBG.
Basically what the problem is that, windbg will open the symbol file for your module (.pdb) without shared access.
If it's a driver, you could simply unload the driver from memory, but for an user application, the debugger sometimes retains the lock on the symbols file.
In WinDBG, to remediate the issue, just type: .reload -u
You can them resume running your VM and VC++ will be able to compile your program.
Which brings me to another trick related to VMWare and kernel debugging.
Break-in
Sometimes you need to pause the VM and attach to a process or check some parts of the memory or whatever. In that case, most people will just click the 'Break' button or do a CTRL-BREAK in the UI. This can take a small amount of time and is not always instant.
In order to do this in a bit of a faster way, is to push the 'Print Screen' key while you have grabbed the input inside the VM. This will force WinDBG to break into the running VM and you'll be able to do whatever you want.
Attaching to a process while kernel debugging
Here's an interesting one...
There are some times when you need to attach to a process while inside a kernel debugging session, but the commands may not be all that intuitive to use.
First, break into the VM runtime (See above).
Then, list the processes and pick the one you want to debug with !process 0 0
This will return something along those lines (more than the one entry I showed here):
PROCESS 848f5d40 SessionId: 1 Cid: 016c Peb: 7ffdf000 ParentCid: 06a0
DirBase: 35aaf000 ObjectTable: 9f6a3ad8 HandleCount: 118
Image: taskmgr.exe
To attach to that process: .process /i 848f5d40
The /i basically mean that you want to go into interactive mode and the number is the process handle.
The debugger will then tell you to press 'g' <enter> to continue. Which you will oblige thus, sending you into the context of the process. You may now debug at your leisure.
In order to verify that you are where you want to be you can type: !peb
No comments:
Post a Comment