6

In user mode debugging, I usually break with the following command:

sxe ld Something.dll

I tried the same in kernel mode, but it is not working. Is there a different command?

kiewic
  • 15,852
  • 13
  • 78
  • 101
  • would setting an unresolved breakpoint on the entry point work: `bu Something!_DllMainCRTStartup` or `bu Something!DllMain`? – EdChum Jul 10 '14 at 07:44

2 Answers2

5

You will want to run:

!gflag +ksl
sxe ld Something.dll
g

You may also want to refer to [1], which discussing breaking into a process near boot-time using the above approach.

[1] How do I debug a process that starts at boot time?

Eagle
  • 2,046
  • 19
  • 25
  • Works like a charm. This should be the accepted answer – Jordan Mar 15 '18 at 17:50
  • This does not seem to work for me. I'm trying to break into a DLL that is loaded as part of a scheduled task that happens at logon, but the kernel debugger never breaks in. – Mitch Lindgren May 21 '20 at 03:27
1

While doing kernel mode debugging : using sxe you will be able to break ONLY for kernel mode binaries like *.sys file.

Not for user mode binaries like *.dll

If you share what you are trying achieve may be we can find some other way to achieve that !

Player
  • 378
  • 2
  • 7