0

A Simple KDMF USB Driver is deployed on a target machine

  1. Target Machine has a USB Sniffer installed
  2. Target is Win 8.1 (x64)
  3. Host is Win 2012 Ent (x64)
  4. WinDbg Remote Debugging Toolset is used
  5. Target is provisioned
  6. Breakpoints are set using the Visual Studio
  7. IDE Deployment succeed, no errors at setupapi.dev.log
  8. The USB Sniffer shows the URB interaction triggered by the deployed KMDF USB Driver Indicating the driver is actually running.
  9. Although the driver is running and the debugger seemed to be attached execution doesn't break at any of the breakpoints set.
  10. The debugger doesn't automatically break once attached.
  11. Manually Breaking execution and running "x *!" verify that the KDMF USB Driver is loaded.
  12. Manually Breaking execution and running "x %Driver Name%!*" verify that the KDMF USB Driver symbols are properly loaded.
  13. Manually Breaking execution and running "bl" list no breakpoints

Having the above in mind, why does the debugger doesn't break execution at the pre-defined break-points?
why does the WinDbg "bl" command list no break points although few are set using the Visual Studio IDE?

Re-provisioning/rebooting/... doesn't resolve the problem

Any help will be appreciated

Update

I have cleaned any residuals of the driver from the system ( including driver cache cleanup using pnputil.exe -d )

Only then, setupapi.dev.log say the following:

Verifying file against specific (valid) catalog failed! (0x800b0109)
{_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 09:09:16.117
...
Success: File is signed in Authenticode(tm) catalog.
{_VERIFY_FILE_SIGNATURE exit(0xe0000241)} 09:09:16.137
...

The driver IS SIGNED with a valid verisign certificate, is there any specific req for that certificate?
Should this cause the problem I am experiencing?

NadavRub
  • 2,520
  • 27
  • 63
  • Ensure that Microsoft debug symbols are enabled. Do you have some errors like "Debugger information is not loaded" for your driver or another libraries? Are you sure that the code line is really executed - test this with KdPrint. – Alex F Aug 27 '14 at 06:44
  • Also, it is a good idea to add KdPrint with `__TIME__ and __DATE__` to driver initialization function to see that correct driver version is running. – Alex F Aug 27 '14 at 06:45
  • See my updated on the original post – NadavRub Aug 27 '14 at 07:14
  • I don't know about such restriction. Anyway, you can remove driver signature and enable unsigned drivers on destination computer to test this. – Alex F Aug 27 '14 at 07:32
  • Also, as you have suggested, I have added 'DbgPrint' on DriverEntry, this, didn't show on the WinDbg Imeediate console and, on a SysInternals DebugView running on the target machine, However, there is a very specific behavior the driver is executing I can see through the USB sniffer... I can also see the driver IS installed using the "Device Manager" – NadavRub Aug 27 '14 at 07:44
  • 1
    About DbgPrint: http://stackoverflow.com/questions/12494300/no-output-from-debugview – Alex F Aug 27 '14 at 07:47
  • Following the link you have provided, I can see the debug messages generated by the driver, still the remote debugging session doesn't break on the breakpoints I have set using the VS IDE.. Why ? – NadavRub Aug 27 '14 at 08:19
  • Try to use only WinDbg, this is the last thing I can think about... – Alex F Aug 27 '14 at 08:23
  • Don't ask me why, BUT, when adding "DbgBreakPoint" at the code the debugger did Break... – NadavRub Aug 27 '14 at 09:10
  • Well, I will not ask... – Alex F Aug 27 '14 at 09:11

0 Answers0