I'm remote-debugging a Windows kernel-mode driver using WinDbg. The driver has issues in the initialization routine, leading to a bugcheck/crash when installing the device driver. When I detach the debugger, the target PC reboots and runs again into the same bugcheck.
In order to test a new version of the driver, I therefore have to boot into safe mode, uninstall the device using device manager and reboot into normal mode.
Is there any way to simplify this workflow so that the device driver is automatically removed upon rebooting after a bugcheck?
Additional infos:
I'm using dpinst to install the driver on the target PC
use .Kdfiles to pull a replacement driver during boot
Documentation From MS
Write Up in Nt Insider From Osr Online
if you are using windows 10 then you can leverage the -m option to provide a partial name
and forego the dospath C:\ NtPath \.\xx , %SystemRoot%
confusions in the map file formats ,
or as described here
Related
I am planning to get into windows driver development and start to learn windows wdk
But I know that windows blocks loading unsigned drivers and I have to purchase a digital certificate but it's too expensive for me and I won't be developing drivers that I'll distribute to customers now
I'll be only testing on my home computer
I knew that I could turn off the signature enforcement and restart but the problem is that I am not the only one who uses the computer and can't make the test mode on all the time , and need my driver to be running
So when I load the driver in test mode then restart and go back to default settings will the driver load again ? Or I'll have to be running in test mode all the time ?
I mean with loading it permanently that I don't need to boot in test mode every time I want my driver to be running but load it once and return back with the driver running
My current windows is 8.1 64 bit
I recommend you to use a VM to this, thats how I does it. Enter the VM to TEST MODE and also you can attach WinDbg KD to the VM so you will be able to debug your driver. Without being able to debug your driver it will be very hard for you to write drivers and run them.
TESTMODE - https://technet.microsoft.com/en-us/ff553484%28v=vs.96%29?f=255&MSPPError=-2147217396
VM Kernel Debugging - https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/attaching-to-a-virtual-machine--kernel-mode-
Try to disable integrity check - bcdedit /set nointegritychecks on
I have configured my filter driver start type as SERVICE_SYSTEM_START in .inf file, Installed the filter driver manually using the instructions on the Light weight filter driver sample, rebooted the virtual machine to know if my driver is loaded. in the ntbtlog.txt which has all the driver information it says "Did not load driver ".
Starting with Windows Vista x64 platform, All the drivers that are not signed will not be loaded by the Windows, So that was the reason for Not loading Driver. To fix this I have used "Disable Signature Enforcement" option in the Boot menu by pressing F8 during the boot. This would disable the restriction while development of the driver.
Our latest WHQL'ed custom driver has an incorrect entry for one of our upcoming product. The upcoming product is composite device and our WHQL'ed driver has an entry which matches the device ID for the composite device instead of the individual interfaces.
When the new device is connected to machines which have the WHQL'ed driver, the device gets binded to our driver and not to Windows Generic Parent Driver (usbccgp.sys). This prevents the interfaces in the device from being listed.
We could manually fix this by uninstalling the driver for the device and making it to bind to usbccgp.sys driver. In Vista and higher versions, we could delete the driver binaries at the time of uninstall. But there is no direct way to completely delete the driver binaries in XP. This makes it very difficult to cleanly uninstall the driver
Can this be fixed using an uninstaller? What is the best way to fix the affected machine in an automated way?
Download the Windows Driver Development Kit (Win DDK) and locate the devcon.exe executable for your architecture. Then, from an elevated command prompt:
devcon.exe find =usb
To list all of your current devices.
devcon.exe -r remove =usb *YOUR_HARDWARE_ID*
Will complete disassociate the device and driver from the target machine. If you have trouble getting the hardware id you can blow away all your USB drivers and let Windows auto-detect them after reboot.
devcon.exe -r remove =usb *
Extreme, yes. Effective, yes. We work with virtual comm ports all day and our test machines often experience your same issue. This technique has yet to fail.
I am developing a driver based on ddk sample "passthru" and I have trouble loading this driver in win7(x86 or x64). I have tested my driver in winxp (x86 and x64), and it works pretty well, but when I tried to load this driver into win7 (F8->Disable Driver Signature Enforcement), it seemed failed. Then, I tried the native passthru code, it also failed. I thought it failed because
I can not see any outputs using KdPrint fron windbg.
I can not see any useful information from system event.
I set a breakpoint on passthru!DriverEntry, it seems that DriverEntry has not been called.
My WDK is 7600.16385.1, and passthru is supposed to be compatible with win7. I compile passthru using command "build -cZ".
Could you help me understanding this problem, or any clue about why passthru not loaded in win7?
I have built this driver in win7 x86 checked build environment, and tested in win7 x86.
Solved: Actually, the driver has been loaded, but the output of KdPrint not shown in win7 by default, you should use KdPrintEx to specify message level, or modify registry to make debug message shown. Now I have no idea why bp failed either.
Normally you can't use a driver that was built for WinXP target on a Win7 machine. Rebuild for Win7 target.
Well your question is rather unspecific, but I see one particular problem here: Enabling test-signing and disabling kernel mode signing policy still requires you to sign the binary ... (after WHQL-tests MS would cross-sign the .cat file for the driver). Refer to this.
See:
For 64-bit versions of Windows Vista and later versions of Windows,
the kernel-mode code signing policy requires that all kernel-mode code
have a digital signature.
and:
The operating system loader and the kernel load drivers that are
signed by any certificate. The certificate validation is not required
to chain up to a trusted root certification authority. However, each
driver image file must have a digital signature.
These commands should allow to load a driver signed with anything
bcdedit.exe -set loadoptions DDISABLE_INTEGRITY_CHECKS
bcdedit.exe -set TESTSIGNING ON
You don't mention what target OS you chose when building. Icepack mentioned it. You need to actually build for Windows 7 to make it work with the new NDIS 6.0. Simply loading a driver built for XP (and older NDIS version) may not work at all.
My suggestion, use DDKBUILD.CMD and build one driver with (free build, W7):
ddkbuild.cmd -W7 fre . -cZ
and one with (free build, WXP)
ddkbuild.cmd -W7XP fre . -cZ
the above command line already takes into account the WDK you have. Note that if DDKBUILD.CMD fails to detect your installed WDK you'll have to set the environment variable W7BASE to point to the folder in which the WDK is installed (the one with install.htm, usually something like C:\WINDDK\7600.16385.1).
I've got a driver for a custom PCI card, which builds and runs fine on XP. I'm trying to use this custom hardware on W7, and am trying to build and run my driver.
I've got the latest DDK from Microsoft, and build my driver for XP using Windows XP "x86 Free Build Environment". Everything installs & works fine. (Build using a DDK "build" command)
If I use the Windows 7 "x86 Free Build Environment" build environment, everything builds fine. I run it through the PREfast and staticdv code checkers, no errors from either. ( I get a couple of warnings about "The dispatch function 'FooFnc' does not have any __drv_dispatchType annotations" - are these likely to be the issue? )
When I install, the install starts OK (standard error about drivers not being signed), but gets to a certain point and then hangs, then fails with a timeout error. The device then shows up in device manager as installed. At this point the PC won't shutdown or boot, but hangs indefinitely. I'm forced to boot into Safe Mode and uninstall the driver from there.
So my question(s) are:
If there has been a change in the driver model between XP and W7, what's the best way to find it? I can't see anything on MSDN.
How would I go about debugging the driver? The box doesn't start, so it's not like I can run up WinDBG.
Any specific W7 driver gotchas that are hidden away?
I've tried to keep this as generic as possible, but if more detail would be helpful I'll provide more
AFAIK, the biggest changes have been made in video and network drivers. Other drivers retain backward compatibility and can be run on W7 even with no recompiling.
Run your driver under driver verifier and turn on generating crash dumps with a keyboard (very helpful in case of system hangs, you can manually generate crashdump, analyze it and find what was wrong).
Hope this helps!