Breakpoint callback in kernel debugging

Sep 8, 2016 at 2:03 PM
Hi, I am using pykd 0.3.1.5 x64 on Windows 8.1x64 (target box is a Win7 x86 machine)

First of all it's the first time I use pykd in kernel space, so I apologize if this is a trivial question.
When I use pykd REPL in userspace and I set a breakpoint with a callback, I usually perform a "return execution.NoChange/Break/Go" and it all works well. In kernel debugging no matter what I return from the callback I always end up with the debugger in break state after the execution of the callback. Am I missing something obvious? Any help would be appreciated.
import pykd

def onProcess():
    print "Hi From Callback"
    return pykd.executionStatus.Go

print pykd.dbgCommand(".symfix;.sympath+ c:\Symbols")
print pykd.dbgCommand(".reload")
mydriver= pykd.module("mydriver")
h=pykd.setBp(mydriver.ProcessNotify, onProcess)
pykd.go()
kd> !py c:\test
Symbol search path is: srv*;c:\Symbols
Expanded Symbol search path is: cache*;SRV*http://msdl.microsoft.com/download/symbols;c:\symbols

Connected to Windows 7 7601 x86 compatible target at (Thu Sep  8 08:59:28.083 2016 (UTC - 4:00)), ptr64 FALSE
Loading Kernel Symbols
...............................................................
................................................................
................................
Loading User Symbols

Loading unloaded module list
......

Hi From Callback
kd> r
eax=8851da84 ebx=85a63398 ecx=88f89b18 edx=82b88cf4 esi=87058778 edi=88f89b18
eip=8851da84 esp=965dab58 ebp=965dab80 iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000202
mydriver!ProcessNotify:
8851da84 8bff            mov     edi,edi
Sep 9, 2016 at 8:48 AM
Hi!

You should use pykd.eventResult enum for returning from callback. See: https://pykd.codeplex.com/wikipage?title=PYKD%200.3.%20API%20Reference&referringTitle=Documentation#eventResult. Also, you can return False, 0 or None for continue execution.

pykd.executionStatus is returned by some routines ( getExecutionStatus, go, e.t.c ).

It is our fault. We changed breakpoint's behavior many times and there is no samples or clear documentation. I'm very sorry