Develop Reference

How to access ARM coresight ROMTable from software?

I am working on an ARMv7 system which has cortex-A7 cores.
With Jlink (via JTAG interface) I can see the ROMTable dumped when started JLinkExe as follows,
AP[1]: APB-AP found
ROMTbl[0][0]: CompAddr: 80050000 CID: B105900D, PID: 004BB906 CTI
ROMTbl[0][1]: CompAddr: 81000000 CID: B105100D, PID: 00A9CC32 ROM Table
ROMTbl[1][0]: CompAddr: 81010000 CID: 00000000, PID: 00000000 ???
ROMTbl[1][1]: CompAddr: 81020000 CID: 00000000, PID: 00000000 ???
ROMTbl[1][2]: CompAddr: 81400000 CID: B105100D, PID: 000BB4A7 ROM Table
ROMTbl[2][0]: CompAddr: 81410000 CID: B105900D, PID: 005BBC07 Cortex-A7
Found Cortex-A7 r0p5
By reading the ARMv7 spec, I found the base address of ROM Table can be read out from DBGDRAR. So I tried that in software. Then I also tried dumping the whole ROM Table from software by reading the physical address of ROM Table, but I got a data abort exception, seemed that the address is NOT accessible.
If it is not accessible, how can I read the ROMTable, or how does JLinkExe get the ROMTable?
Thanks,

Breaking when LastError changes

Is there a way to break windbg or visual studio debugger execution when the value of LastError value changes?
Edit:
Found a way by setting a breakpoint in ntdll!RtlSetLastWin32Error.
Does anyone know another way or it's the best way for that?

set a write breakpoint on the address of teb->LastErrorValue
ba w4 ##c++(&(#$thread->LastErrorValue))
happy breaking whenever error value changes
you can add conditions to the bp to break only when you want too
0:000> ba w4 ##c++(&(#$thread->LastErrorValue)) "!gle;gc"
breakpoint 0 redefined
0:000> g
LastErrorValue: (Win32) 0 (0) - The operation completed successfully.
LastStatusValue: (NTSTATUS) 0xc000008a - Indicates the specified resource type cannot be found in the image file.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
LastErrorValue: (Win32) 0 (0) - The operation completed successfully.
LastStatusValue: (NTSTATUS) 0 - STATUS_WAIT_0
LastErrorValue: (Win32) 0 (0) - The operation completed successfully.
LastStatusValue: (NTSTATUS) 0xc0000034 - Object Name not found.
LastErrorValue: (Win32) 0 (0) - The operation completed successfully.
LastStatusValue: (NTSTATUS) 0 - STATUS_WAIT_0
LastErrorValue: (Win32) 0 (0) - The operation completed successfully.
LastStatusValue: (NTSTATUS) 0xc0000034 - Object Name not found.
LastErrorValue: (Win32) 0 (0) - The operation completed successfully.
LastStatusValue: (NTSTATUS) 0xc0000034 - Object Name not found.
LastErrorValue: (Win32) 0 (0) - The operation completed successfully.
LastStatusValue: (NTSTATUS) 0xc0000034 - Object Name not found.
LastErrorValue: (Win32) 0 (0) - The operation completed successfully.
LastStatusValue: (NTSTATUS) 0xc0000034 - Object Name not found.

VB6 Crash Dump Symbol is not being resolved

I am unable to figure this problem out. Symbol is not being resolved
Deployment
There are number of exes of my system deployed on a network path. All users run those exes from that shared network path. This was working fine two weeks ago but now some of those exes have started crashing. There is no fix pattern of being crashed, it happens to any user, anytime during any activity.
Troubleshooting
I have got the dump of one of them, i tried WinDbg and got following
Microsoft (R) Windows Debugger Version 6.2.9200.16384 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\crash\RNS1000.exe.mdmp]
User Mini Dump File: Only registers, stack and portions of memory are available
Symbol search path is: SRV*c:\crash*http://msdl.microsoft.com/download/symbols;c:\crash
Executable search path is:
Windows XP Version 2600 (Service Pack 3) MP (2 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Machine Name:
Debug session time: Wed Oct 10 15:36:36.000 2012 (UTC + 5:00)
System Uptime: not available
Process Uptime: 0 days 7:12:54.000
................................................................
.........................................................
Loading unloaded module list
.......
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(924.85c): In-page I/O error ffffffffc000020c - code c0000006 (first/second chance not available)
eax=02060000 ebx=7c90fe01 ecx=00001000 edx=7c90e4f4 esi=000003a0 edi=00000000
eip=7c90e4f4 esp=0013afdc ebp=0013b040 iopl=0 nv up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00200297
ntdll!KiFastSystemCallRet:
7c90e4f4 c3 ret
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
GetUrlPageData2 (WinHttp) failed: 12007.
FAULTING_IP:
RNS1000+55f610
0095f610 ?? ???
EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0095f610 (RNS1000+0x0055f610)
ExceptionCode: c0000006 (In-page I/O error)
ExceptionFlags: 00000000
NumberParameters: 3
Parameter[0]: 00000008
Parameter[1]: 0095f610
Parameter[2]: c000020c
Inpage operation failed at 0095f610, due to I/O error c000020c
DEFAULT_BUCKET_ID: SOFTWARE_NX_FAULT
PROCESS_NAME: RNS1000.exe
ERROR_CODE: (NTSTATUS) 0xc0000006 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The required data was not placed into memory because of an I/O error status of "0x%08lx".
EXCEPTION_CODE: (NTSTATUS) 0xc0000006 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The required data was not placed into memory because of an I/O error status of "0x%08lx".
EXCEPTION_PARAMETER1: 00000008
EXCEPTION_PARAMETER2: 0095f610
EXCEPTION_PARAMETER3: c000020c
IO_ERROR: (NTSTATUS) 0xc000020c - The transport connection is now disconnected.
ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
LAST_CONTROL_TRANSFER: from 00000000 to 00000000
APP: rns1000.exe
FAULTING_THREAD: ffffffff
PRIMARY_PROBLEM_CLASS: SOFTWARE_NX_FAULT
BUGCHECK_STR: APPLICATION_FAULT_SOFTWARE_NX_FAULT
STACK_TEXT:
00000000 00000000 hardware_disk!Unknown+0x0
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: hardware_disk!Unknown
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: hardware_disk
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: ** Pseudo Context ** ; kb
FAILURE_BUCKET_ID: SOFTWARE_NX_FAULT_c0000006_hardware_disk!Unknown
BUCKET_ID: APPLICATION_FAULT_SOFTWARE_NX_FAULT_hardware_disk!Unknown
IMAGE_NAME: hardware_disk
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/RNS1000_exe/2_0_0_5/4f17b9d2/RNS1000_exe/2_0_0_5/4f17b9d2/c0000006/0055f610.htm?Retriage=1
Followup: MachineOwner
---------
I am expecting RNS1000+55f610 to be resolved to one of my programs function but it has not been resolved. The sysmbol path contains exe, pdb and mdmp.
Please tell me why has it not been resolved? what wrong am i doing?

The key part here is the In-page I/O error. The underlying disk/network drive disappeared.
The crash occurs some time later when it tries to page back in part of the executable, but it no longer has a valid file handle/connection.
The only fix is to run it locally or make sure the disk doesn't disappear while they're running.
More generally, you can get VB to create the info files for native debugging using the "Create symbolic debug info" option in the project's Compile settings. This can only be done before the fact though and won't help with debugging an existing build.

Windows application debugging

My operations group, and the devs are clueless to why this happens. Basically the server-side service of a client/server application hangs. We have been pushing new bugfixed versions and providing all kinds of logs to the devs, but they can't figure it out. To make it even harder to figure out, this is an application that works very closely with another application on the client side.
I have no idea if I'm onto something here, as I have limited windbg experience, but this seems worth checking out. Google comes up pretty promising, but with mostly gamers having BSODs not providing much more info...
I found this bit at the start of the dump:
WARNING: odbccp32 overlaps comctl32 .
WARNING: odbc32 overlaps odbccp32
WARNING: odbc32 overlaps comctl32 .............
WARNING: mswsock overlaps FWPUCLNT .......
WARNING: winsta overlaps winnsi .
WARNING: ntlanman overlaps drprov .... ...
WARNING: srvcli overlaps netapi32
WARNING: wkscli overlaps srvcli ..........
WARNING: ncrypt overlaps schannel .
WARNING: nlaapi overlaps ncrypt .
WARNING: NapiNSP overlaps nlaapi ....
WARNING: rsaenh overlaps cryptsp
and a bit lower:
OVERLAPPED_MODULE: Address regions for 'odbc32' and 'odbccp32' overlap
Here is the complete !analyze -v dump:
Microsoft (R) Windows Debugger Version 6.2.8400.0 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\debug\MES\PLSMES.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available
Symbol search path is: srv*c:\symbols*c:\windows\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Version 7601 (Service Pack 1) MP (16 procs) Free x64
Product: Server, suite: TerminalServer SingleUserTS
Machine Name:
Debug session time: Thu Jun 14 10:37:01.000 2012 (UTC + 2:00)
System Uptime: not available
Process Uptime: 0 days 6:36:13.000
......................................WARNING: odbccp32 overlaps comctl32
.WARNING: odbc32 overlaps odbccp32
WARNING: odbc32 overlaps comctl32
.............WARNING: mswsock overlaps FWPUCLNT
.......WARNING: winsta overlaps winnsi
.WARNING: ntlanman overlaps drprov
....
...WARNING: srvcli overlaps netapi32
.WARNING: wkscli overlaps srvcli
..........WARNING: ncrypt overlaps schannel
.WARNING: nlaapi overlaps ncrypt
.WARNING: NapiNSP overlaps nlaapi
....WARNING: rsaenh overlaps cryptsp
Cannot read PEB32 from WOW64 TEB32 7efdd000 - Win32 error 0n30
wow64cpu!CpupSyscallStub+0x9:
00000000`741f2e09 c3 ret
0:000> !analyze -v
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify timestamp for PLSMES.exe
*** ERROR: Module load completed but symbols could not be loaded for PLSMES.exe
FAULTING_IP:
+0
00000000`00000000 ?? ???
EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0000000000000000
ExceptionCode: 80000003 (Break instruction exception)
ExceptionFlags: 00000000
NumberParameters: 0
FAULTING_THREAD: 0000000000001364
DEFAULT_BUCKET_ID: BAD_DUMP_MISSING_MEMORY
PROCESS_NAME: PLSMES.exe
OVERLAPPED_MODULE: Address regions for 'odbc32' and 'odbccp32' overlap
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
NTGLOBALFLAG: 0
APPLICATION_VERIFIER_FLAGS: 0
APP: plsmes.exe
ADDITIONAL_DEBUG_TEXT: Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
LAST_CONTROL_TRANSFER: from 0000000000000000 to 00000000741f2e09
PRIMARY_PROBLEM_CLASS: BAD_DUMP_MISSING_MEMORY
BUGCHECK_STR: APPLICATION_FAULT_BAD_DUMP_MISSING_MEMORY
STACK_TEXT:
00000000`00000000 00000000`00000000 bad_dump!missing_stack+0x0
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: bad_dump!missing_stack
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: bad_dump
IMAGE_NAME: bad_dump
DEBUG_FLR_IMAGE_TIMESTAMP: 0
STACK_COMMAND: ** Pseudo Context ** ; kb
FAILURE_BUCKET_ID: BAD_DUMP_MISSING_MEMORY_80000003_bad_dump!missing_stack
BUCKET_ID: X64_APPLICATION_FAULT_BAD_DUMP_MISSING_MEMORY_bad_dump!missing_stack
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/PLSMES_exe/4_4_3_2582/4f8ac8f6/unknown/0_0_0_0/bbbbbbb4/80000003/00000000.htm?Retriage=1
Followup: MachineOwner
---------
Could this be related to the application hangs? Overlapping memory doesn't seem good.
Note: The same server runs other instances of the same application without error.
Any pointers to further debugging would also be nice.
(Moved from ServerFault, I guess this is better asked here.)

I've seen this happen when a 64 bit version of task manager is used to create a dump of a 32 bit process. If this is your case, then use the 32 bit version of task manager which can be found in the SysWOW64 folder. This link describes the problem:
http://blogs.msdn.com/b/tess/archive/2010/09/29/capturing-memory-dumps-for-32-bit-processes-on-an-x64-machine.aspx

when and how to use windbg kernel debugging

I found Windbg is very useful during development and debugging.
but mostly i use windbg in use mode debugging.
What kernel debugging can do in windbg?
or When should I use windbg's kernel debugging?
Is there a toturial about kernel debugging in windbg?
Thanks in advance.

you usually use kernel debugging when you need to debug low level device drivers interacting directly with the hardware.
It's more complicated to debug in kernel mode, among other things for a live kernel debug session you have to run the debugger on a different system than the one being debugged . for the majority of developers user mode is enough to do most of the work.
Advanced Windows Debugging is a very good book about debugging with wndbg (includes discussions about kernel debugging).
the dump analysis site has many tutorials including kernel debugging scenarios

the main difference between user mode and kernel mode WINDBG, is you can see EVERY process in kernel mode WINDBG, and all threads. You wont necessary get to see every stack frame since they get paged out frequently by the memory manager.
some common commands I use frequently.
!process 0 0
lists every running process:
**** NT ACTIVE PROCESS DUMP ****
PROCESS 80a02a60 Cid: 0002 Peb: 00000000 ParentCid: 0000
DirBase: 00006e05 ObjectTable: 80a03788 TableSize: 150.
Image: System
PROCESS 80986f40 Cid: 0012 Peb: 7ffde000 ParentCid: 0002
DirBase: 000bd605 ObjectTable: 8098fce8 TableSize: 38.
Image: smss.exe
PROCESS 80958020 Cid: 001a Peb: 7ffde000 ParentCid: 0012
DirBase: 0008b205 ObjectTable: 809782a8 TableSize: 150.
Image: csrss.exe
PROCESS 80955040 Cid: 0020 Peb: 7ffde000 ParentCid: 0012
DirBase: 00112005 ObjectTable: 80955ce8 TableSize: 54.
Image: winlogon.exe
PROCESS 8094fce0 Cid: 0026 Peb: 7ffde000 ParentCid: 0020
DirBase: 00055005 ObjectTable: 80950cc8 TableSize: 222.
Image: services.exe
PROCESS 8094c020 Cid: 0029 Peb: 7ffde000 ParentCid: 0020
DirBase: 000c4605 ObjectTable: 80990fe8 TableSize: 110.
Image: lsass.exe
PROCESS 809258e0 Cid: 0044 Peb: 7ffde000 ParentCid: 0026
DirBase: 001e5405 ObjectTable: 80925c68 TableSize: 70.
Image: SPOOLSS.EXE
.process {x}
Select the process you want to make active, usually followed by the !threads command to list a processes current threads.
!stacks 0x2 {foo.sys}
searches ALL threads for call stacks that contain the specified driver.
!poolused
useful when debugging low kernel memory situations and all you have is a kernel crash dump
.crash
Useful for when you are debugging live via serial cable and you want to make the target machine write a crash dump
!vm 1
Useful display of the memory managers statistics, example:
*** Virtual Memory Usage ***
Physical Memory: 16270 ( 65080 Kb)
Page File: \??\E:\pagefile.sys
Current: 98304Kb Free Space: 61044Kb
Minimum: 98304Kb Maximum: 196608Kb
Available Pages: 5543 ( 22172 Kb)
ResAvail Pages: 6759 ( 27036 Kb)
Locked IO Pages: 112 ( 448 Kb)
Free System PTEs: 45089 ( 180356 Kb)
Free NP PTEs: 5145 ( 20580 Kb)
Free Special NP: 336 ( 1344 Kb)
Modified Pages: 714 ( 2856 Kb)
NonPagedPool Usage: 877 ( 3508 Kb)
NonPagedPool Max: 6252 ( 25008 Kb)
PagedPool 0 Usage: 729 ( 2916 Kb)
PagedPool 1 Usage: 432 ( 1728 Kb)
PagedPool 2 Usage: 436 ( 1744 Kb)
PagedPool Usage: 1597 ( 6388 Kb)
PagedPool Maximum: 13312 ( 53248 Kb)
Shared Commit: 1097 ( 4388 Kb)
Special Pool: 229 ( 916 Kb)
Shared Process: 1956 ( 7824 Kb)
PagedPool Commit: 1597 ( 6388 Kb)
Driver Commit: 828 ( 3312 Kb)
Committed pages: 21949 ( 87796 Kb)
Commit limit: 36256 ( 145024 Kb)
And don't forget the ALL MIGHTY !locks
absolutely essential for troubleshooting a deadlocked machine,
kd> !locks
**** DUMP OF ALL RESOURCE OBJECTS ****
KD: Scanning for held locks......
Resource # 0x80e97620 Shared 4 owning threads
Threads: ff688da0-01<*> ff687da0-01<*> ff686da0-01<*> ff685da0-01<*>
KD: Scanning for held locks.......................................................
Resource # 0x80e23f38 Shared 1 owning threads
Threads: 80ed0023-01<*> *** Actual Thread 80ed0020
KD: Scanning for held locks.
Resource # 0x80d8b0b0 Shared 1 owning threads
Threads: 80ed0023-01<*> *** Actual Thread 80ed0020
2263 total locks, 3 locks currently held
using this command you can track down threads that are stuck waiting for another thread to release an ERESOURCE

Probably, you'll only want to debug in kernel mode when your code is running in kernel mode, ie when you're writing a drivers or something else that runs in the kernel. Or possibly if you're trying to learn more about Windows itself at a very low level by exploring around in the kernel and poking and prodding at things.
When looking for tutorials and other reference material, you might look for "kd" references as well as they are likely to be very similar. (kd is a command line kernel debugging tool.)