How to break when a DLL is loaded in kernel debugger mode?

About

Asked 9/7, 2014 at 23:41 Answered 8/9, 2016 at 18:10

In user mode debugging, I usually break with the following command:

sxe ld Something.dll

I tried the same in kernel mode, but it is not working. Is there a different command?

Galton answered 9/7, 2014 at 23:41 Comment(1)

would setting an unresolved breakpoint on the entry point work: bu Something!_DllMainCRTStartup or bu Something!DllMain? – Alp 10/7, 2014 at 7:44

You will want to run:

!gflag +ksl
sxe ld Something.dll
g

You may also want to refer to [1], which discussing breaking into a process near boot-time using the above approach.

[1] How do I debug a process that starts at boot time?

Baba answered 8/9, 2016 at 18:10 Comment(2)

Works like a charm. This should be the accepted answer – Tacket 15/3, 2018 at 17:50

This does not seem to work for me. I'm trying to break into a DLL that is loaded as part of a scheduled task that happens at logon, but the kernel debugger never breaks in. – Cheryl 21/5, 2020 at 3:27

While doing kernel mode debugging : using sxe you will be able to break ONLY for kernel mode binaries like *.sys file.

Not for user mode binaries like *.dll

If you share what you are trying achieve may be we can find some other way to achieve that !

Bolick answered 10/7, 2014 at 5:2 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags