I am trying kernel debugging using windbg and vmware. While i try to specify break point for my own driver i got an output like
Access violation - code c0000005 (!!! second chance !!!)
nt!MmFreePagesFromMdl+0xc:
82879761 f6430601 test byte ptr [ebx+6],1
What is this?
That is an access violation, that is, your code tries to access an invalid memory address, that is exception code 0xC0000005.
The second chance part is a debugger term. Every time an exception is thrown, it signals the debugger, if present, in case it want to do something: that is the first chance. If the compiler does nothing, the exception is passed to the application, or in your case, the kernel. If the application does not handle it, the exception is passed again to the debugger: this is the second chance.
Usually, debuggers ignore the first chance but break on the second chance, but there is usually a debugger option for both.
I am trying kernel debugging using windbg and vmware. While i try to specify break point for my own driver i got an output like
Access violation - code c0000005 (!!! second chance !!!)
nt!MmFreePagesFromMdl+0xc:
82879761 f6430601 test byte ptr [ebx+6],1
What is this?
That is an access violation, that is, your code tries to access an invalid memory address, that is exception code 0xC0000005.
The second chance part is a debugger term. Every time an exception is thrown, it signals the debugger, if present, in case it want to do something: that is the first chance. If the compiler does nothing, the exception is passed to the application, or in your case, the kernel. If the application does not handle it, the exception is passed again to the debugger: this is the second chance.
Usually, debuggers ignore the first chance but break on the second chance, but there is usually a debugger option for both.
0 commentaires:
Enregistrer un commentaire