Prev: 86 Opinion Dsiconsolas.com
Next: IEEE1284 / USB converter
From: BobS0327 on 20 Oct 2009 19:14
How would I debug a userland api call such as CreateFile to trace its
calling of the native NtCreateFile?

I'm assuming I can do this using kd.exe.



From: Kerem Gümrükcü on 21 Oct 2009 02:11
Hi Stranger (Whats your name?),

well from where do you want to intercept the call,
from usermode or from kernelmode, e.g. do you
run your debugger in usermode or in kernelmode?
Generally you set a breakpoint for the function call,
see the WinDbg Documentation for the
Topic "Using Breakpoints".

If you do not run WinDbg, then your debugger mostly
will have the same option to set a breakpoint on some
function you want to catch,...


Regards

Kerem



--
-----------------------
Beste Gr�sse / Best regards / Votre bien devoue
Kerem G�mr�kc�
Latest Project: http://www.pro-it-education.de/software/deviceremover
Latest Open-Source Projects: http://entwicklung.junetz.de
-----------------------

"BobS0327" <BobSut48(a)ptdprolog.net> schrieb im Newsbeitrag
news:hblg72$u48$1(a)aioe.org...
> How would I debug a userland api call such as CreateFile to trace its
> calling of the native NtCreateFile?
>
> I'm assuming I can do this using kd.exe.
>
>
>
From: Le Chaud Lapin on 2 Nov 2009 22:44
On Oct 20, 5:14 pm, "BobS0327" <BobSu...(a)ptdprolog.net> wrote:
> How would I debug a userland api call such as CreateFile to trace its
> calling of the native NtCreateFile?
>
> I'm assuming I can do this using kd.exe.

1. Write tiny program that invokes CreateFile().
2. Set breakpoint at invocation of CreateFile().
3. Run program.
4. When break point hits, go into assembly-language mode.
5. Enjoy. :)

-Le Chaud Lapin-
 | 
Pages: 1
Prev: 86 Opinion Dsiconsolas.com
Next: IEEE1284 / USB converter