1

I'm remote-debugging a Windows kernel-mode driver using WinDbg. The driver has issues in the initialization routine, leading to a bugcheck/crash when installing the device driver. When I detach the debugger, the target PC reboots and runs again into the same bugcheck.

In order to test a new version of the driver, I therefore have to boot into safe mode, uninstall the device using device manager and reboot into normal mode.

Is there any way to simplify this workflow so that the device driver is automatically removed upon rebooting after a bugcheck?

Additional infos:

  • I'm using dpinst to install the driver on the target PC
Daniel Pauli
  • 963
  • 1
  • 7
  • 8
  • 3
    dud you try .kdfiles to pull a new driver as replacement during boot from windbg add details if yes – blabb Jul 08 '20 at 14:03
  • Thanks, that is exactly what I was looking for! If you post this as an answer with the link to the documentation (https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/mapping-driver-files) I'll accept it. – Daniel Pauli Jul 10 '20 at 13:46

1 Answers1

0

use .Kdfiles to pull a replacement driver during boot

Documentation From MS

Write Up in Nt Insider From Osr Online

if you are using windows 10 then you can leverage the -m option to provide a partial name

and forego the dospath C:\ NtPath \.\xx , %SystemRoot%

  1. confusions in the map file formats ,

  2. or as described here

blabb
  • 8,674
  • 1
  • 18
  • 27