The SWATVXD.EXE file is the accompanying VxD to 386SWAT. As long as it is in the same directory as the debugger file (386SWAT.LOD), it is loaded automatically by 386SWAT. If for some reason you don't wish that to happen, using the command WIN NOSWAT prevents the VxD from loading.
The VxD provides Windows services for 386SWAT, and is useful for debugging VxDs.
The VxD's operation is controlled by various switches all of which appear in the [386SWAT] section of your SYSTEM.INI file:
SWATDualDisplay
Squirt cool info to the mono display -- you must use this option to get the most useful output to the mono screen.
SSF=d:\path\name.SSF
Specify the WIN.SSF file -- this file is generated when 386SWAT VxD is built and contains useful symbol information about Windows VxDs.
SWATVxDROM
In Sys_Critical_Init, mark the Page Table Entries of all VxD code segments as read-only (normally, they are read-writable!). This feature was implemented in an attempt to figure out why Windows was crashing (I thought that there might be a bad pointer out there). While I didn't find anything in particular, it is handy to rule out this problem. If a VxD code segment is written into, an Invalid Page Fault is generated (see below). Likely, you'll find that a single IPF due to this feature is generated at the start of Windows. The default action (taken by pressing Esc at the command line) is to test for a RO page and set the RW bit. This clears the IPF for this one page only. From that point on, all IPFs should be examined carefully. If this switch is set, the SWATVxDIPF switch is also set automatically.
SWATVxDIPF
In Sys_Critical_Init, hook the Invalid Page Fault handler. This feature, in conjunction with the IPF command in 386SWAT can be useful for debugging these beasts. The mono screen contains a formatted message of the incoming data to the IPF hook procedure. This feature is preliminary and provides a way to get control at the point of the IPF -- after that, you're on your own. If you can suggest more things 386SWAT can do to help debug IPFs, I'm very open to suggestions.
HookIRQ
Hook IRQ0-7 locally if 386SWAT hooks them. This switch is necessary for some VxDs (RAM Doubler in particular) as they don't install correctly if they find some IRQs not hooked by selector 28h. Go figure.
To debug VxDs at their entry points, use the following switches:
HookVxD=DDB_Name[,#s]
Trap at a particular VxD by name. Note that DDB_Name is case sensitive, and # specifies message numbers (optional). See the VxD Filename and Message # tables below.
HookPM=DDB_Name,reg,#
Trap at a particular VxD's PM API entry, where reg specifies a 16-bit register used by the VxD for the function code, and # specifies the functions to trap. For example, HookPM=SHELL,DX,3 traps at the WINOLDAP hook
Some VxD filenames, DDB names, Device_ID, and their switches:
WINA20.386 'LA20HMA ' xxxxh
NOLOW64KPAGING
NOLOW64KPAGINGPORT
Debug ' ' 0002h
*VPICD 'VPICD ' 0003h
*VDMAD 'VDMAD ' 0004h
*VTD 'VTD ' 0005h
*V86MMGR 'V86MMGR ' 0006h
*PAGESWAP 'PageSwap' 0007h
*VKD 'VKD ' 000Dh
INITPS2MOUSEATEXIT=ON/OFF
*DOSMGR 'DOSMGR ' 0015h
*WSHELL 'SHELL ' 0017h
*PAGEFILE 'PageFile' 0021h
386MAX.VXD 'LoadHi ' 001Ch
SWATVXD.EXE 'SWATVXD ' 2400h
VDDVGA.386 'VDD ' 000Ah
VNETWARE.386 'DOSNET ' 001Ah
PM_BIOS.386 'PMVDD ' 2250h
0000h Sys_Critical_Init 001Bh Sys_Dynamic_Device_Init 0001h Device_Init 001Ch Sys_Dynamic_Device_Exit 0002h Init_Complete 001Dh Create_Thread 0003h Sys_VM_Init 001Eh Thread_Init 0004h Sys_VM_Terminate 001Fh Terminate_Thread 0005h System_Exit 0020h Thread_Not_Executeable 0006h Sys_Critical_Exit 0021h Destroy_Thread 0007h Create_VM 0022h PNP_New_Devnode 0008h VM_Critical_Init 0023h W32_DeviceIOControl 0009h VM_Init 0024h Sys_VM_Terminate2 000Ah VM_Terminate 0025h System_Exit2 000Bh VM_Not_Executeable 0026h Sys_Critical_Exit2 000Ch Destroy_VM 0027h Vm_Terminate2 000Dh VM_Suspend 0028h Vm_Not_Executeable2 000Eh VM_Resume 0029h Destroy_VM2 000Fh Set_Device_Focus 002Ah VM_Suspend2 0010h Begin_Message_Mode 002Bh End_Message_Mode2 0011h End_Message_Mode 002Ch End_PM_App2 0012h Reboot_Processor 002Dh Device_Reboot_Notify2 0013h Query_Destroy 002Eh Crit_Reboot_Notify2 0014h Debug_Query 002Fh Close_VM_Notify2 0015h Begin_PM_App 0030h Get_Contention_Handler 0016h End_PM_App 0031h Kernel32_Initialized 0017h Device_Reboot_Notify 0032h Kernel32_Shutdown 0018h Crit_Reboot_Notify 0019h Close_VM_Notify 001Ah Power_Event
To stop inside 386SWAT at various message numbers, use the following switches:
SWATSysCriticalInit SWATPowerEvent SWATDeviceInit SWATSysDynamicDeviceInit SWATInitComplete SWATSysDynamicDeviceExit SWATSysVMInit SWATCreateThread SWATSysVMTerminate SWATThreadInit SWATSystemExit SWATTerminateThread SWATSysCriticalExit SWATThreadNotExecuteable SWATCreateVM SWATDestroyThread SWATVMCriticalInit SWATPNPNewDevnode SWATVMInit SWATW32DeviceIOControl SWATVMTerminate SWATSysVMTerminate2 SWATVMNotExecuteable SWATSystemExit2 SWATDestroyVM SWATSysCriticalExit2 SWATVMSuspend SWATVMTerminate2 SWATVMResume SWATVMNotExecuteable2 SWATSetDeviceFocus SWATDestroyVM2 SWATBeginMessageMode SWATVMSuspend2 SWATEndMessageMode SWATEndMessageMode2 SWATRebootProcessor SWATEndPMApp2 SWATQueryDestroy SWATDeviceRebootNotify2 SWATDebugQuery SWATCritRebootNotify2 SWATBeginPMApp SWATCloseVMNotify2 SWATEndPMApp SWATGetContentionHandler SWATDeviceRebootNotify SWATKernel32Initialized SWATCritRebootNotify SWATKernel32Shutdown SWATCloseVMNotify
The following switches are for internal use only:
SSFPrefix=name
Specify device name and DDB prefix.
SWATDebugThruExit
Call 386SWAT's INIT_PROT during Sys_Critical_Exit. This allows debugging on the way out of 386SWAT. Now that 386SWAT is a Windows kernel debugger, this switch is unnecessary.
RealModeBreak=[ON|OFF]
Hit an INT 01h early in RealModeInit.
Rehook123=[ON|OFF]
Blast INTs 01h, 02h, and 03h into the IDT. To avoid trouble with WDEB386. Now that 386SWAT is a Windows kernel debugger, there should be less need to run WDEB386.