B Bagher Member Joined Dec 28, 2020 Posts 6 Dec 28, 2020 #1 Hi Yesterday I decided debug my windows. I connected my laptop(debugee) to a PC(debugger) with a Lan cable and used from Kdnet.exe to debug over network card. My Windows is fresh. But when I started my laptop and ran the windbg on debugger system(PC), I saw an unusual strings in windbg: "the target has requested that the debugger execute a command" I installed a new fresh windows 10 and try again. But I see this message again. Next time I delete my EFI boot partition and install a fresh Windows10 and I see it again. Is this behavior normal or no? I have a Lenovo y510 with a Windows10 UEFI . Also I attached a screenshot from my PC monitor Attachments IMG_20201229_004859.jpg 441.5 KB · Views: 16
Hi Yesterday I decided debug my windows. I connected my laptop(debugee) to a PC(debugger) with a Lan cable and used from Kdnet.exe to debug over network card. My Windows is fresh. But when I started my laptop and ran the windbg on debugger system(PC), I saw an unusual strings in windbg: "the target has requested that the debugger execute a command" I installed a new fresh windows 10 and try again. But I see this message again. Next time I delete my EFI boot partition and install a fresh Windows10 and I see it again. Is this behavior normal or no? I have a Lenovo y510 with a Windows10 UEFI . Also I attached a screenshot from my PC monitor
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,171 Location %systemroot% Dec 28, 2020 #2 Looks normal to me, seems like the target machine has encountered an error, according to the documentation, the ACPI will attempt to break in with a debugger if it encounters a fatal error.
Looks normal to me, seems like the target machine has encountered an error, according to the documentation, the ACPI will attempt to break in with a debugger if it encounters a fatal error.
Z zbook Member Joined Oct 2, 2015 Posts 919 Dec 28, 2020 #3 How frequent are the BSOD after the clean install? Were the BSOD before or after driver installation or both? Had you ran the Lenovo hardware diagnostics? > post results into the thread See posting instructions: Blue Screen of Death (BSOD) Posting Instructions - Windows 10, 8.1, 8, 7 + Vista | Sysnative Forums
How frequent are the BSOD after the clean install? Were the BSOD before or after driver installation or both? Had you ran the Lenovo hardware diagnostics? > post results into the thread See posting instructions: Blue Screen of Death (BSOD) Posting Instructions - Windows 10, 8.1, 8, 7 + Vista | Sysnative Forums
B Bagher Member Joined Dec 28, 2020 Posts 6 Dec 29, 2020 #4 x BlueRobot said: Looks normal to me, seems like the target machine has encountered an error, according to the documentation, the ACPI will attempt to break in with a debugger if it encounters a fatal error. Click to expand... Thank you. But I thought maybe it is for a rootkit. A rootkit that uses from anti-debugging technique. Because I used to see this message when I was debugging an Anti-Cheat driver of a game.
x BlueRobot said: Looks normal to me, seems like the target machine has encountered an error, according to the documentation, the ACPI will attempt to break in with a debugger if it encounters a fatal error. Click to expand... Thank you. But I thought maybe it is for a rootkit. A rootkit that uses from anti-debugging technique. Because I used to see this message when I was debugging an Anti-Cheat driver of a game.
B Bagher Member Joined Dec 28, 2020 Posts 6 Dec 29, 2020 #5 zbook said: How frequent are the BSOD after the clean install? Were the BSOD before or after driver installation or both? Had you ran the Lenovo hardware diagnostics? > post results into the thread See posting instructions: Blue Screen of Death (BSOD) Posting Instructions - Windows 10, 8.1, 8, 7 + Vista | Sysnative Forums Click to expand... Thank you, I will do. But my problem isn't BSOD. My problem is in kernel debugging.
zbook said: How frequent are the BSOD after the clean install? Were the BSOD before or after driver installation or both? Had you ran the Lenovo hardware diagnostics? > post results into the thread See posting instructions: Blue Screen of Death (BSOD) Posting Instructions - Windows 10, 8.1, 8, 7 + Vista | Sysnative Forums Click to expand... Thank you, I will do. But my problem isn't BSOD. My problem is in kernel debugging.
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,171 Location %systemroot% Dec 29, 2020 #6 Bagher said: But I thought maybe it is for a rootkit. A rootkit that uses from anti-debugging technique. Because I used to see this message when I was debugging an Anti-Cheat driver of a game. Click to expand... Most software will employ anti-debugging techniques for obvious reasons. Have you checked what the error message is for? The !almi extension is typically used for debugging the ACPI.
Bagher said: But I thought maybe it is for a rootkit. A rootkit that uses from anti-debugging technique. Because I used to see this message when I was debugging an Anti-Cheat driver of a game. Click to expand... Most software will employ anti-debugging techniques for obvious reasons. Have you checked what the error message is for? The !almi extension is typically used for debugging the ACPI.
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,171 Location %systemroot% Dec 29, 2020 #7 @zbook Please ensure that you read the OP's initial post properly, it's clear that they're setting up a live debugging session with a remote computer.
@zbook Please ensure that you read the OP's initial post properly, it's clear that they're setting up a live debugging session with a remote computer.
B Bagher Member Joined Dec 28, 2020 Posts 6 Dec 29, 2020 #8 x BlueRobot said: Most software will employ anti-debugging techniques for obvious reasons. Have you checked what the error message is for? The !almi extension is typically used for debugging the ACPI. Click to expand... The problem is that I don't know how to find out which driver generates this error. This error is shown when debugging process starts. I installed a fresh Windows because I thought this error is for a malicious driver or a rootkit or a bootkit. But nothing changed. Also I installed "Lenovo hardware diagnostic", but it says all hardwares are OK. Perhaps you are right. Maybe this is for ACPI.
x BlueRobot said: Most software will employ anti-debugging techniques for obvious reasons. Have you checked what the error message is for? The !almi extension is typically used for debugging the ACPI. Click to expand... The problem is that I don't know how to find out which driver generates this error. This error is shown when debugging process starts. I installed a fresh Windows because I thought this error is for a malicious driver or a rootkit or a bootkit. But nothing changed. Also I installed "Lenovo hardware diagnostic", but it says all hardwares are OK. Perhaps you are right. Maybe this is for ACPI.
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,171 Location %systemroot% Dec 29, 2020 #9 In WinDbg, you can click the DML link (the blue text) and it will run the command for you. Could you please post the output?
In WinDbg, you can click the DML link (the blue text) and it will run the command for you. Could you please post the output?
B Bagher Member Joined Dec 28, 2020 Posts 6 Dec 29, 2020 #10 I did it but nothing happened. Seems the blue link is nothing. x BlueRobot said: In WinDbg, you can click the DML link (the blue text) and it will run the command for you. Could you please post the output? Click to expand... Attachments Capture.JPG 195.5 KB · Views: 9
I did it but nothing happened. Seems the blue link is nothing. x BlueRobot said: In WinDbg, you can click the DML link (the blue text) and it will run the command for you. Could you please post the output? Click to expand...
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,171 Location %systemroot% Dec 29, 2020 #11 Try this: Code: !amli err 0xee
B Bagher Member Joined Dec 28, 2020 Posts 6 Dec 30, 2020 #12 I ran thid command. I think the "err" command is an undocumented command or doesn't exists for amli. I attached the result. I also read about amli command in the Intel documents and didn't see the err command x BlueRobot said: Try this: Code: !amli err 0xee Click to expand... Attachments outputpng.PNG 24.9 KB · Views: 8
I ran thid command. I think the "err" command is an undocumented command or doesn't exists for amli. I attached the result. I also read about amli command in the Intel documents and didn't see the err command x BlueRobot said: Try this: Code: !amli err 0xee Click to expand...
x BlueRobot Administrator Staff member Joined May 7, 2013 Posts 10,171 Location %systemroot% Dec 31, 2020 #13 It's undocumented but it does exist otherwise WinDbg wouldn't recommend it, have you tried enter the command in the blue text manually? I'm wondering if the DML is broken for that particular command hence why it doesn't work when you click it.
It's undocumented but it does exist otherwise WinDbg wouldn't recommend it, have you tried enter the command in the blue text manually? I'm wondering if the DML is broken for that particular command hence why it doesn't work when you click it.