Native NT program debugging…

The WinDbg .kdfiles command is pretty sweet for getting fresh system binaries onto a debugging target, but there is no user-mode equivalent which stinks big time.

This recently became even more frustrating for me as I was developing a small native NT application to compact the hard-disk of a Virtual PC guest OS during boot time. For those uninformed, these are programs which the Session Manager (SMSS.EXE) picks up from the HKLM\CurrentControlSet\Session Manager\BootExecute registry value. They are called Native because they are restricted to using the Native NT API as they run before the system brings up the Win32 or any other subsystem.

Anyway, I started out with a breakpoint and a memory flag I could set to either exit the program without debugging it, or continue into the body of the program which may or may not end cleanly and allow the system to continue booting up. Either way, I would have to completely boot into user-mode and copy the new images over, then reboot and start all over. It was a painful ordeal.

Then suddenly this floppy disk drops out of the sky into my lap and a booming voice says “Hey buddy, why do you think you still have one of these?”.

Yeah, so SMSS works well with DOS paths and floppy drives which isn’t surprising since the OS, which includes file systems and volumes, is loaded by the time a USERMODE program gets to run. DOH!

The only problem I have run into, and this is with Virtual PC, is that VPC requires exclusive access to the floppy while the guest OS is running. To work around that, you have to always shutdown when the program exits via ZwShutdownSystem(ShutdownPowerOff) or by simply shutting it down.

So long live the completely outdated and entirely useless floppy drive!

This entry was posted in Programming. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s