Hi all,

Can I set breakpoint on Std. driver routine like as a IRP_MJ_Read in SI?

thanx in advance...

Hi

You should be able to in normal cases. Type DRIVER <name> in Softice, get the address of the IRP_MJ_xx function you want to break on, set a breakpoint, then fire away. I'm able to track IRP_MJ_DEVICE_CONTROL routines this way. You can use something like DriverSpyNT by Jeremy Collake to test for the IRP_MJ functions being used.

It would depend on how things are implemented as to how you would have to set the BP I would think. It's during the user StartService call that a drivers DriverEntry is called, and it is here that the IRP_MJ_xx Dispatch routines are set up. It is only after this point, or StartService is returned from, that you can find their addresses in Softice. If your IRP_MJ_xx routine is used soon after, you may need to set an intermediate BP in the user app before setting your IRP_ breakpoint.

Kayaker

yup! you are right, Kayaker.

OSR's Devietree was also useful.

I was able to to track IRP_MJ_DEVICE_CONTROL routines,

although IoCallDevice annoying me :P

thanx again.

You might also want to check out IrpTracker: http://www.osronline.com/article.cfm?article=199 ("http://www.osronline.com/article.cfm?article=199")