0

I have a mini port network driver installed on my PC . I want to debug kernel mode to find the mistakes of my driver . i Know i can use WinDbg tool for getting logs but i heard about the Ndiskd extension . How to install this ? Is this a tool ? or can i use with command prompt or with WinDbg ? can i get setup by setup installation procedure ? what are the requirements needed ? i tried with WinDbg but i can't get the proper logs from that . So that's why i search on internet and got about the ndiskd .

tech_123
  • 90
  • 1
  • 10

1 Answers1

2

ndiskd is a debugger extension for WinDbg (or ntsd or kd, whatever you like most). Once you know this, it's just a matter on how to load the extension. There are three ways:

  1. .load ndiskd if it is placed in WinDbgs extension directory, which it is by default on my WinDbg 6.2.9200 and 9.2.9600 installations (winxp subdirectory). Use .extpath to see which directories are searched by default.

  2. .load <full path\ndiskd.dll>

  3. .loadby <reference module> ndiskd

I never used the latter in kernel debugging, the only real benefit is in .loadby sos clr, so I guess you go with one of the first two options.

Once you have done that, you can access the ndiskd debugger extension by its !-commands. To explicitly call such a command, use

!ndiskd.<command>

e.g.

!ndiskd.miniport
Thomas Weller
  • 55,411
  • 20
  • 125
  • 222
  • And be sure you have [set up symbols correctly](http://stackoverflow.com/questions/30019889/how-to-set-up-symbols-in-windbg) – Thomas Weller Oct 09 '15 at 07:56
  • but i can't locate ndiskd.dll in my PC – tech_123 Oct 09 '15 at 08:59
  • or i need to install WDK ? i install only Debugging tool for windows (x86) – tech_123 Oct 09 '15 at 09:01
  • Thanks lot ... i download from http://rxwen.blogspot.ca/2010/04/standalone-windbg-v6120002633.html and i need to set symbol path to my .pdb files ?? – tech_123 Oct 09 '15 at 09:39
  • @roger: please get a newer version than 6.12. It's quite old, see [WinDbg versions](http://debugging.wellisolutions.de/windbg-versions/). Download links are available on [Codemachine](http://codemachine.com/downloads.html) – Thomas Weller Oct 09 '15 at 09:49
  • @roger: yes, regarding symbols, do `.symfix c:\symbols` and `.sympath+ c:\mysymbols`, then `.reload`. – Thomas Weller Oct 09 '15 at 09:49
  • i got error like ... lkd> .load ndiskd lkd> !ndiskd.miniport MiniDriver Miniport Name _ .reload ndis.sys.... Type information missing error for DriverEntry Reload succeeded, but symbols aren't available. Below output maybe incomplete or incorrect until you fix your symbols. [Next link in list is not readable; aborting the list traversal] – tech_123 Oct 09 '15 at 10:23
  • @roger: Right now, there is a [known kernel symbol issue](http://stackoverflow.com/questions/32278634/is-there-a-known-issue-relating-to-windows-7-kernel-symbols) – Thomas Weller Oct 09 '15 at 10:37
  • this link is very useful worked for me https://groups.google.com/forum/#!topic/microsoft.public.windbg/yjBZdelvEU8 – tech_123 Oct 09 '15 at 11:30