could I debug kernel outside of Windbg?

Sep 2, 2013 at 8:05 AM
Edited Sep 2, 2013 at 8:07 AM
I don't want to run pykd in windbg
could pykd implement a "debugKernel" function?

for example:
I want to run "pykd.dbgCommand('!process 0 0')" outside of Windbg
Coordinator
Sep 2, 2013 at 10:58 AM
Now is not supported. You can write issue (feature request). It is not difficult to implement.
Coordinator
Sep 2, 2013 at 4:35 PM
changeset/85045: (not yet released)
Python 2.7.5 (default, May 15 2013, 22:44:16) [MSC v.1500 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import pykd
>>> pykd.attachKernel(r"com:pipe,resets=0,reconnect,port=\\.\pipe\kd_Windows_7_RTM")
>>> ext = pykd.loadExt(r"C:\Program Files\Debugging Tools for Windows (x64)\winxp\kdexts.dll")
>>> print pykd.dbgCommand("!process 0 0 explorer.exe")
PROCESS 8421b030  SessionId: 1  Cid: 0528    Peb: 7ffdc000  ParentCid: 015c
    DirBase: 2ed50280  ObjectTable: 999d8eb0  HandleCount: 759.
    Image: explorer.exe


>>>
Sep 3, 2013 at 1:34 AM
Edited Sep 3, 2013 at 1:50 AM
nice! that's I need
would it be supported in next version?

and it's better to support debug local and remote kernel~
Coordinator
Sep 3, 2013 at 8:12 AM
I have a look to code from changeset/85045,. Local kernel debugging is supported. You simply call attachKernel without argument.
If you can not build pykd yourself, write to me to pykd.codeplex@hotmail.com and I will make you private build.
Sep 23, 2015 at 4:16 PM
Not sure if I am doing something wrong or not so I thought that I would just ask:

I am using version 0.3.0.30 of PyKd (along with python 2.7.10) and am trying to issue a command to the debug engine. However, when I display the results of the command I only receive the string None rather than what was expected (this happens for any command that I try to pass through to the debugger).

For clarity, here is a screen capture of what I am doing and what I am seeing:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\System32>cd \

C:\>python
Python 2.7.10 (default, May 23 2015, 09:40:32) [MSC v.1500 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import pykd
>>> pykd.attachKernel(r"com:pipe,resets=0,reconnect,port=\\.\pipe\com_1")
>>> ext = pykd.loadExt(r"C:\WinDDK\7600.16385.1\Debuggers\winext\kext.dll")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
pykd.DbgException: failed to load extension with error 193
>>> ext = pykd.loadExt(r"C:\WinDDK\7600.16385.1\Debuggers\winext\kext.dll")
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
pykd.DbgException: failed to load extension with error 193
>>> pykd.isKernelDebugging()
True
>>> print pykd.dbgCommand("!process 0 0 explorer.exe")
None
>>>
Since the target state is sitting at the desktop I would have expected the return value to contain the explorer process information.

Am I not doing something correctly or misunderstanding the use of PyKd from outside Windbg?

Thanks.

-- Michael --
Coordinator
Sep 23, 2015 at 5:17 PM
193 is ERROR_BAD_EXE_FORMAT
Probaly you python is 32 bit and extension dll (kdexts.dll) is 64 bit
Coordinator
Sep 23, 2015 at 5:23 PM
Pay attention: command "process" is exported from the ~\winxp\kdexts.dll, and not from ~\winext\kext.dll
Sep 24, 2015 at 12:04 PM
Thanks for pointing that out as I completely missed it! I guess that it just takes another set of eyes sometimes.

Have a great day.