----- Original Message ----- From: "noil sg" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, April 25, 2002 8:29 PM Subject: Re: [WinPcap-users] trace windump via vc++6.0 (sp3)
> Thanks for the great help. > To use just one machine for the debugging, what kind > of tools you are using? Softice? I understand to use Softice is a complex (and commercial) kernel debugger. If you want simply catch the debug messages sent by the drivers (if compiled in debug mode), you can use debugview, which is free. DebugView is developed by the folks at sysinternals. GV > windbg, u have to connect two machines via serial > link. > Thanks again, > henry > --- Gianluca Varenni <[EMAIL PROTECTED]> > wrote: > > ----- Original Message ----- > > From: "noil sg" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Thursday, April 25, 2002 9:51 AM > > Subject: Re: [WinPcap-users] trace windump via > > vc++6.0 (sp3) > > > > > > > Well, i am able to trace into packet.dll now. is > > this > > > really a kernel model driver?? > > > > packet.dll is a user level dll, not a kernel one. > > The real > > kernel driver is npf.sys (system32/drivers/npf.sys). > > > > If you want to debug it, you need: > > -the DDK (driver development kit) to compile a debug > > version of the driver > > (you cannot compile a driver with only VC6). It is > > freely available at MS > > website. > > -a kernel debugger, like softIce, or the MS > > debugger. You can debug on a > > single machine (like Loris and me do), or with two > > machines, connected via > > serial link (which we never used). > > > > Remember, however, that is much more complicated to > > debug a driver, than a > > dll: you cannot perform a step-by-step into the > > code. > > > > GV > > > > > Thanks, > > > --- noil sg <[EMAIL PROTECTED]> wrote: > > > > Thanks, Loris! > > > > I did what you suggested. Everything works fine. > > > > Another question, though, is how do we trace > > these > > > > PacketXXX APIs in the packet.dll? I guess this > > is > > > > the > > > > kernel level dll. Do we have to use windbg and 2 > > > > machines for this purpose? And roughly how? > > Could > > > > you > > > > advise? > > > > Thank you and best regards, > > > > ~~henry > > > > > > > > --- Loris Degioanni > > <[EMAIL PROTECTED]> > > > > wrote: > > > > > Try to: > > > > > - put the debug version of wpcap.dll in the > > same > > > > > folder of windump > > > > > - set wpcap as the active configuration before > > > > > starting to debug > > > > > > > > > > Loris > > > > > > > > > > ----- Original Message ----- > > > > > From: "noil sg" <[EMAIL PROTECTED]> > > > > > To: <[EMAIL PROTECTED]> > > > > > Sent: Wednesday, April 24, 2002 12:47 AM > > > > > Subject: [WinPcap-users] trace windump via > > vc++6.0 > > > > > (sp3) > > > > > > > > > > > > > > > > Hello, > > > > > > I just compiled windump in vc++ 60(sp3). > > > > > everything > > > > > > seems ok except i could not trace into > > wpcap.lib > > > > > calls > > > > > > even though i compiled these two in debug > > mode. > > > > > And I > > > > > > made sure windump project was referencing > > the > > > > > right > > > > > > wpcap.lib > > > > > > > > > > > > Also, when windump is running, i tried to > > use > > > > > break in > > > > > > the vc debug to view the call stack. i could > > not > > > > > see > > > > > > the main function. > > > > > > > > > > > > what's going on here? what I did wrong? > > > > > > > > > > > > Thanks in advance, > > > > > > ~~Henry > > > > > > > > > > > > > > > > > > > > > > > > __________________________________________________ > > > > > > Do You Yahoo!? > > > > > > Yahoo! Games - play chess, backgammon, pool > > and > > > > > more > > > > > > http://games.yahoo.com/ > > > > > > > > > > > > > > > > > > > __________________________________________________ > > > > Do You Yahoo!? > > > > Yahoo! Games - play chess, backgammon, pool and > > more > > > > http://games.yahoo.com/ > > > > > > > > > __________________________________________________ > > > Do You Yahoo!? > > > Yahoo! Games - play chess, backgammon, pool and > > more > > > http://games.yahoo.com/ > > > > > > > > > > __________________________________________________ > Do You Yahoo!? > Yahoo! Games - play chess, backgammon, pool and more > http://games.yahoo.com/ >
