KERNEL32 or KERNELBASE modules not loaded in WinDbg

I am debugging a driver running on a Windows 11 VM from my Windows 11 host over COM channel. When I first break inside the VM, I see only nt module getting loaded.

nt!DbgBreakPointWithStatus:
fffff805`57420090 cc              int     3
0: kd> lm
start             end                 module name
fffff805`57000000 fffff805`58047000   nt         (pdb symbols)          C:ProgramDataDbgsymntkrnlmp.pdbC6F2581196CED620CCA4074DFBB1F5131ntkrnlmp.pdb

Unloaded modules:
fffff805`5e330000 fffff805`5e342000   dump_storport.sys
fffff805`5e390000 fffff805`5e3c3000   dump_storahci.sys
fffff805`5d400000 fffff805`5d41f000   dump_dumpfve.sys
fffff805`5de90000 fffff805`5deb1000   dam.sys 
fffff805`5dec0000 fffff805`5ded0000   KMPDC.sys
fffff805`5aa80000 fffff805`5aa8c000   WdBoot.sys
fffff805`5bcf0000 fffff805`5bd02000   hwpolicy.sys

After issuing a .reload command, a bunch of other modules show up, but neither KERNEL32, nor KERNELBASE.

0: kd> .reload
Connected to Windows 10 22621 x64 target at (Fri Aug 30 14:18:25.326 2024 (UTC - 7:00)), ptr64 TRUE
Loading Kernel Symbols
...............................................................
................................................................
........................................
Loading User Symbols

Loading unloaded module list
.........
0: kd> lm
start             end                 module name
ffffa618`57c00000 ffffa618`57f58000   win32kbase   (deferred)             
ffffa618`58020000 ffffa618`580cc000   win32k     (deferred)             
ffffa618`59170000 ffffa618`59548000   win32kfull   (deferred)             
ffffa618`59550000 ffffa618`59597000   cdd        (deferred)             
fffff805`54670000 fffff805`549f3000   mcupdate_GenuineIntel   (deferred)             
fffff805`57000000 fffff805`58047000   nt         (pdb symbols)          C:ProgramDataDbgsymntkrnlmp.pdbC6F2581196CED620CCA4074DFBB1F5131ntkrnlmp.pdb
fffff805`5a200000 fffff805`5a206000   hal        (deferred)             
fffff805`5a210000 fffff805`5a220000   kdcom      (deferred)             
fffff805`5a230000 fffff805`5a259000   tm         (deferred)             
fffff805`5a260000 fffff805`5a2cf000   CLFS       (deferred)             
fffff805`5a2d0000 fffff805`5a2eb000   PSHED      (deferred)             
fffff805`5a2f0000 fffff805`5a2fd000   BOOTVID    (deferred)             
fffff805`5a300000 fffff805`5a415000   clipsp     (deferred)             
fffff805`5a420000 fffff805`5a49a000   FLTMGR     (deferred)             
fffff805`5a4a0000 fffff805`5a4cc000   ksecdd     (deferred)             
fffff805`5a4d0000 fffff805`5a532000   msrpc      (deferred)             
fffff805`5a540000 fffff805`5a54f000   cmimcext   (deferred)             
fffff805`5a550000 fffff805`5a566000   werkernel   (deferred)             
fffff805`5a570000 fffff805`5a57c000   ntosext    (deferred)             
fffff805`5a580000 fffff805`5a67a000   CI         (deferred)             
fffff805`5a680000 fffff805`5a73e000   cng        (deferred)             
fffff805`5a740000 fffff805`5a807000   Wdf01000   (deferred)             
fffff805`5a810000 fffff805`5a827000   WDFLDR     (deferred)             
fffff805`5a830000 fffff805`5a843000   WppRecorder   (deferred)             
fffff805`5a850000 fffff805`5a85e000   PRM        (deferred)             
fffff805`5a860000 fffff805`5a887000   acpiex     (deferred)             
fffff805`5a890000 fffff805`5a89f000   msseccore   (deferred)             
fffff805`5a8a0000 fffff805`5a958000   ACPI       (deferred)             
fffff805`5a960000 fffff805`5a96c000   WMILIB     (deferred)             
fffff805`5a970000 fffff805`5a97b000   msisadrv   (deferred)             
fffff805`5a980000 fffff805`5aa0c000   pci        (deferred)             
fffff805`5aa10000 fffff805`5aa67000   tpm        (deferred)             
fffff805`5aa90000 fffff805`5ab16000   intelpep   (deferred)             
fffff805`5ab20000 fffff805`5ab38000   WindowsTrustedRT   (deferred)             
fffff805`5ab40000 fffff805`5ab53000   IntelPMT   (deferred)             
fffff805`5ab60000 fffff805`5ab6b000   WindowsTrustedRTProxy   (deferred)             
fffff805`5ab70000 fffff805`5ab86000   pcw        (deferred)             
fffff805`5ab90000 fffff805`5abac000   vdrvroot   (deferred)             
fffff805`5abb0000 fffff805`5abe2000   pdc        (deferred)             
fffff805`5abf0000 fffff805`5ac08000   CEA        (deferred)             
fffff805`5ac10000 fffff805`5ac43000   partmgr    (deferred)             
fffff805`5ac50000 fffff805`5ad31000   spaceport   (deferred)             
fffff805`5ad40000 fffff805`5ad5c000   volmgr     (deferred)             
fffff805`5ad60000 fffff805`5adc4000   volmgrx    (deferred)             
fffff805`5add0000 fffff805`5adef000   mountmgr   (deferred)             
fffff805`5adf0000 fffff805`5ae22000   storahci   (deferred)             
fffff805`5ae30000 fffff805`5af4c000   storport   (deferred)             
fffff805`5af50000 fffff805`5af74000   EhStorClass   (deferred)             
fffff805`5af80000 fffff805`5af9c000   fileinfo   (deferred)             
fffff805`5afa0000 fffff805`5afe5000   Wof        (deferred)             
fffff805`5aff0000 fffff805`5b086000   WdFilter   (deferred)             
fffff805`5b090000 fffff805`5b3c3000   Ntfs       (deferred)             
fffff805`5b3d0000 fffff805`5b42c000   VBoxGuest   (deferred)             
fffff805`5b430000 fffff805`5b43f000   Fs_Rec     (deferred)             
fffff805`5b440000 fffff805`5b5d0000   ndis       (deferred)             
fffff805`5b5e0000 fffff805`5b680000   NETIO      (deferred)             
fffff805`5b690000 fffff805`5b6c5000   ksecpkg    (deferred)             
fffff805`5b6d0000 fffff805`5b9fd000   tcpip      (deferred)             
fffff805`5ba00000 fffff805`5ba83000   fwpkclnt   (deferred)             
fffff805`5ba90000 fffff805`5bac1000   wfplwfs    (deferred)             
fffff805`5bad0000 fffff805`5bba5000   fvevol     (deferred)             
fffff805`5bbb0000 fffff805`5bbbb000   volume     (deferred)             
fffff805`5bbc0000 fffff805`5bc30000   volsnap    (deferred)             
fffff805`5bc40000 fffff805`5bc91000   rdyboost   (deferred)             
fffff805`5bca0000 fffff805`5bcc7000   mup        (deferred)             
fffff805`5bcd0000 fffff805`5bce3000   iorate     (deferred)             
fffff805`5bd10000 fffff805`5bd30000   disk       (deferred)             
fffff805`5bd40000 fffff805`5bdb7000   CLASSPNP   (deferred)             
fffff805`5d420000 fffff805`5d452000   cdrom      (deferred)             
fffff805`5d460000 fffff805`5d476000   filecrypt   (deferred)             
fffff805`5d480000 fffff805`5d490000   tbs        (deferred)             
fffff805`5d4e0000 fffff805`5d4f5000   UCPD       (deferred)             
fffff805`5d500000 fffff805`5d50b000   Null       (deferred)             
fffff805`5d510000 fffff805`5d51a000   Beep       (deferred)             
fffff805`5d520000 fffff805`5d9a6000   dxgkrnl    (deferred)             
fffff805`5d9b0000 fffff805`5d9d2000   watchdog   (deferred)             
fffff805`5d9e0000 fffff805`5d9f7000   BasicDisplay   (deferred)             
fffff805`5da00000 fffff805`5da12000   BasicRender   (deferred)             
fffff805`5da20000 fffff805`5da3c000   Npfs       (deferred)             
fffff805`5da40000 fffff805`5da52000   Msfs       (deferred)             
fffff805`5da60000 fffff805`5da88000   CimFS      (deferred)             
fffff805`5da90000 fffff805`5dab4000   tdx        (deferred)             
fffff805`5dac0000 fffff805`5dad1000   TDI        (deferred)             
fffff805`5db10000 fffff805`5db61000   netbt      (deferred)             
fffff805`5db70000 fffff805`5db84000   afunix     (deferred)             
fffff805`5db90000 fffff805`5dc38000   afd        (deferred)             
fffff805`5dc40000 fffff805`5dc5b000   vwififlt   (deferred)             
fffff805`5dc60000 fffff805`5dc8b000   pacer      (deferred)             
fffff805`5dc90000 fffff805`5dca5000   ndiscap    (deferred)             
fffff805`5dcb0000 fffff805`5dd2d000   rdbss      (deferred)             
fffff805`5dd30000 fffff805`5ddc5000   csc        (deferred)             
fffff805`5ddd0000 fffff805`5dde3000   nsiproxy   (deferred)             
fffff805`5ddf0000 fffff805`5de00000   npsvctrig   (deferred)             
fffff805`5de10000 fffff805`5de21000   mssmbios   (deferred)             
fffff805`5de60000 fffff805`5de8f000   dfsc       (deferred)             
fffff805`5ded0000 fffff805`5df3e000   fastfat    (deferred)             
fffff805`5df40000 fffff805`5df5a000   bam        (deferred)             
fffff805`5df60000 fffff805`5dfbc000   ahcache    (deferred)             
fffff805`5dfc0000 fffff805`5dfd4000   CompositeBus   (deferred)             
fffff805`5dfe0000 fffff805`5dfef000   kdnic      (deferred)             
fffff805`5dff0000 fffff805`5e007000   umbus      (deferred)             
fffff805`5e010000 fffff805`5e037000   i8042prt   (deferred)             
fffff805`5e040000 fffff805`5e055000   kbdclass   (deferred)             
fffff805`5e0a0000 fffff805`5e0b5000   netbios    (deferred)             
fffff805`5e0c0000 fffff805`5e13e000   VBoxSF     (deferred)             
fffff805`5e140000 fffff805`5e209000   Vid        (deferred)             
fffff805`5e210000 fffff805`5e236000   winhvr     (deferred)             
fffff805`5e240000 fffff805`5e28d000   VBoxMouse   (deferred)             
fffff805`5e290000 fffff805`5e2a5000   mouclass   (deferred)             
fffff805`5e2e0000 fffff805`5e307000   crashdmp   (deferred)             
fffff805`5e310000 fffff805`5e39c000   cldflt     (deferred)             
fffff805`5e3a0000 fffff805`5e3bf000   wanarp     (deferred)             
fffff805`5e3c0000 fffff805`5e3d5000   mmcss      (deferred)             
fffff805`60e00000 fffff805`60e23000   drmk       (deferred)             
fffff805`60e30000 fffff805`60e7e000   intelppm   (deferred)             
fffff805`60e80000 fffff805`60e90000   rdpbus     (deferred)             
fffff805`60ea0000 fffff805`60f1f000   VBoxWddm   (deferred)             
fffff805`60f20000 fffff805`60f44080   E1G6032E   (deferred)             
fffff805`60f50000 fffff805`60f7f000   HDAudBus   (deferred)             
fffff805`60f80000 fffff805`60ff4000   portcls    (deferred)             
fffff805`61000000 fffff805`61047000   ucx01000   (deferred)             
fffff805`61050000 fffff805`61062000   CmBatt     (deferred)             
fffff805`61070000 fffff805`61088000   BATTC      (deferred)             
fffff805`61090000 fffff805`61115000   ks         (deferred)             
fffff805`61120000 fffff805`611c3000   USBXHCI    (deferred)             
fffff805`611d0000 fffff805`611de000   NdisVirtualBus   (deferred)             
fffff805`611e0000 fffff805`611ec000   swenum     (deferred)             
fffff805`61200000 fffff805`612b0000   UsbHub3    (deferred)             
fffff805`612c0000 fffff805`612cf000   USBD       (deferred)             
fffff805`612d0000 fffff805`612e3000   hidusb     (deferred)             
fffff805`612f0000 fffff805`61335000   HIDCLASS   (deferred)             
fffff805`61340000 fffff805`61356000   HIDPARSE   (deferred)             
fffff805`61360000 fffff805`61371000   mouhid     (deferred)             
fffff805`61380000 fffff805`613a0000   cdfs       (deferred)             
fffff805`613b0000 fffff805`613bc000   WIN32KSGD   (deferred)             
fffff805`613e0000 fffff805`613f1000   dump_diskdump   (deferred)             
fffff805`61440000 fffff805`61472000   dump_storahci   (deferred)             
fffff805`614a0000 fffff805`614be000   dump_dumpfve   (deferred)             
fffff805`614c0000 fffff805`614dd000   monitor    (deferred)             
fffff805`614e0000 fffff805`615f7000   dxgmms2    (deferred)             
fffff805`61600000 fffff805`61614000   bfs        (deferred)             
fffff805`61620000 fffff805`6165b000   wcifs      (deferred)             
fffff805`61660000 fffff805`6168e000   luafv      (deferred)             
fffff805`61690000 fffff805`616ab000   storqosflt   (deferred)             
fffff805`616b0000 fffff805`616cd000   rspndr     (deferred)             
fffff805`616d0000 fffff805`61751000   HdAudio    (deferred)             
fffff805`61760000 fffff805`61772000   ksthunk    (deferred)             
fffff805`61780000 fffff805`617a8000   bindflt    (deferred)             
fffff805`617b0000 fffff805`617c9000   lltdio     (deferred)             
fffff805`617d0000 fffff805`617e9000   mslldp     (deferred)             
fffff805`654a0000 fffff805`654bd000   WdNisDrv   (deferred)             
fffff805`78c00000 fffff805`78c26000   bowser     (deferred)             
fffff805`78c30000 fffff805`78c4b000   mpsdrv     (deferred)             
fffff805`78c50000 fffff805`78cf4000   mrxsmb     (deferred)             
fffff805`78d00000 fffff805`78d4f000   mrxsmb20   (deferred)             
fffff805`78d50000 fffff805`78dac000   srvnet     (deferred)             
fffff805`78db0000 fffff805`78e88000   srv2       (deferred)             
fffff805`78e90000 fffff805`78ebe000   Ndu        (deferred)             
fffff805`78ec0000 fffff805`78ed5000   tcpipreg   (deferred)             
fffff805`78ee0000 fffff805`78fb1000   peauth     (deferred)             
fffff805`78fc0000 fffff805`78fdd000   wtd        (deferred)             
fffff805`78fe0000 fffff805`78ff3000   condrv     (deferred)             
fffff805`791c0000 fffff805`79233000   msquic     (deferred)             
fffff805`79240000 fffff805`793e5000   HTTP       (deferred)             

Unloaded modules:
fffff805`5e330000 fffff805`5e342000   dump_storport.sys
fffff805`5e390000 fffff805`5e3c3000   dump_storahci.sys
fffff805`5d400000 fffff805`5d41f000   dump_dumpfve.sys
fffff805`5de90000 fffff805`5deb1000   dam.sys 
fffff805`5dec0000 fffff805`5ded0000   KMPDC.sys
fffff805`5aa80000 fffff805`5aa8c000   WdBoot.sys
fffff805`5bcf0000 fffff805`5bd02000   hwpolicy.sys

I call KERNEL32!CreateFileA() from my driver stub, where I want to break at. Any idea why are KERNEl* modules missing in the lm output?

I repeated the debugging session several times. At some point in a previous run, the KERNEL* modules did show up. But I am not sure what exactly caused that.

  • windows
  • debugging
  • windbg

4

Trang chủ Giới thiệu Sinh nhật bé trai Sinh nhật bé gái Tổ chức sự kiện Biểu diễn giải trí Dịch vụ khác Trang trí tiệc cưới Tổ chức khai trương Tư vấn dịch vụ Thư viện ảnh Tin tức - sự kiện Liên hệ Chú hề sinh nhật Trang trí YEAR END PARTY công ty Trang trí tất niên cuối năm Trang trí tất niên xu hướng mới nhất Trang trí sinh nhật bé trai Hải Đăng Trang trí sinh nhật bé Khánh Vân Trang trí sinh nhật Bích Ngân Trang trí sinh nhật bé Thanh Trang Thuê ông già Noel phát quà Biểu diễn xiếc khỉ Xiếc quay đĩa Dịch vụ tổ chức sự kiện 5 sao Thông tin về chúng tôi Dịch vụ sinh nhật bé trai Dịch vụ sinh nhật bé gái Sự kiện trọn gói Các tiết mục giải trí Dịch vụ bổ trợ Tiệc cưới sang trọng Dịch vụ khai trương Tư vấn tổ chức sự kiện Hình ảnh sự kiện Cập nhật tin tức Liên hệ ngay Thuê chú hề chuyên nghiệp Tiệc tất niên cho công ty Trang trí tiệc cuối năm Tiệc tất niên độc đáo Sinh nhật bé Hải Đăng Sinh nhật đáng yêu bé Khánh Vân Sinh nhật sang trọng Bích Ngân Tiệc sinh nhật bé Thanh Trang Dịch vụ ông già Noel Xiếc thú vui nhộn Biểu diễn xiếc quay đĩa Dịch vụ tổ chức tiệc uy tín Khám phá dịch vụ của chúng tôi Tiệc sinh nhật cho bé trai Trang trí tiệc cho bé gái Gói sự kiện chuyên nghiệp Chương trình giải trí hấp dẫn Dịch vụ hỗ trợ sự kiện Trang trí tiệc cưới đẹp Khởi đầu thành công với khai trương Chuyên gia tư vấn sự kiện Xem ảnh các sự kiện đẹp Tin mới về sự kiện Kết nối với đội ngũ chuyên gia Chú hề vui nhộn cho tiệc sinh nhật Ý tưởng tiệc cuối năm Tất niên độc đáo Trang trí tiệc hiện đại Tổ chức sinh nhật cho Hải Đăng Sinh nhật độc quyền Khánh Vân Phong cách tiệc Bích Ngân Trang trí tiệc bé Thanh Trang Thuê dịch vụ ông già Noel chuyên nghiệp Xem xiếc khỉ đặc sắc Xiếc quay đĩa thú vị

Filed under: Kiến thức lập trình - @ 13:40

Thẻ:

Trang chủ Giới thiệu Sinh nhật bé trai Sinh nhật bé gái Tổ chức sự kiện Biểu diễn giải trí Dịch vụ khác Trang trí tiệc cưới Tổ chức khai trương Tư vấn dịch vụ Thư viện ảnh Tin tức - sự kiện Liên hệ Chú hề sinh nhật Trang trí YEAR END PARTY công ty Trang trí tất niên cuối năm Trang trí tất niên xu hướng mới nhất Trang trí sinh nhật bé trai Hải Đăng Trang trí sinh nhật bé Khánh Vân Trang trí sinh nhật Bích Ngân Trang trí sinh nhật bé Thanh Trang Thuê ông già Noel phát quà Biểu diễn xiếc khỉ Xiếc quay đĩa
Thiết kế website Thiết kế website Thiết kế website Cách kháng tài khoản quảng cáo Mua bán Fanpage Facebook Dịch vụ SEO Tổ chức sinh nhật