HELLO ALL
excuse me ,
i have a question about debugging a kernel driver (KMDF)
I am a beginner programmer in the field of drivers.
I've done the virtual machine configuration and also setting up visual studio in accordance with the following address.
Kernel-Mode Debugging in a VM using Visual Studio 2012[
^]
Everything is correct.Driver is compiled and deployed.So that it can be installed in C:\Windows\System32\drivers. when i start debugging, i receive messages from virtual machine kernel.
but when i do option1 from above site for debugging my driver،i do not receive message form kernel. (KmdfHelloWorld: DriverEntry). It should be noted that According to the msdn article, i also use the registry.( DWORD key under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Debug Print Filter called DEFAULT with a value of 8.)
I guess that however my driver is installed ,but driver can not run.
thanks.
my code is:
#include <ntddk.h>
#include <wdf.h>
DRIVER_INITIALIZE DriverEntry;
EVT_WDF_DRIVER_DEVICE_ADD KmdfHelloWorldEvtDeviceAdd;
NTSTATUS DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath)
{
NTSTATUS status;
WDF_DRIVER_CONFIG config;
KdPrintEx((DPFLTR_IHVDRIVER_ID, DPFLTR_INFO_LEVEL, "KmdfHelloWorld: DriverEntry\n"));
WDF_DRIVER_CONFIG_INIT(&config, KmdfHelloWorldEvtDeviceAdd);
status = WdfDriverCreate(DriverObject, RegistryPath, WDF_NO_OBJECT_ATTRIBUTES, &config, WDF_NO_HANDLE);
return status;
}
NTSTATUS KmdfHelloWorldEvtDeviceAdd(_In_ WDFDRIVER Driver, _Inout_ PWDFDEVICE_INIT DeviceInit)
{
NTSTATUS status;
WDFDEVICE hDevice;
UNREFERENCED_PARAMETER(Driver);
KdPrintEx((DPFLTR_IHVDRIVER_ID, DPFLTR_INFO_LEVEL, "KmdfHelloWorld: KmdfHelloWorldEvtDeviceAdd\n"));
status = WdfDeviceCreate(&DeviceInit, WDF_NO_OBJECT_ATTRIBUTES, &hDevice);
return status;
}
dear all, also
I entered my commands in the visual studio windbg
.symfix
.sympath
!analyze
!analyze -v
Is there a error?
please help me! thank you.
The output is shown below:
Microsoft (R) Windows Debugger Version 6.3.9600.17237 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
MOHAMMADREZA-PC\Administrator (npipe WinIDE_01D0D6C8B4349A21) connected at Sat Aug 15 00:07:50 2015
Microsoft (R) Windows Debugger Version 6.3.9600.17237 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Opened \\.\pipe\com_2
Waiting to reconnect...
Connected to Windows 7 7601 x64 target at (Sat Aug 15 00:07:50.771 2015 (UTC + 4:30)), ptr64 TRUE
Kernel Debugger connection established.
Symbol search path is: srv*
Executable search path is:
Windows 7 Kernel Version 7601 (Service Pack 1) MP (2 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 7601.17514.amd64fre.win7sp1_rtm.101119-1850
Machine Name:
Kernel base = 0xfffff800`02a1f000 PsLoadedModuleList = 0xfffff800`02c64e90
Debug session time: Sat Aug 15 00:04:26.547 2015 (UTC + 4:30)
System Uptime: 0 days 0:05:32.762
Break instruction exception - code 80000003 (first chance)
nt!RtlpBreakWithStatusInstruction:
fffff800`02a97490 cc int 3
1: kd> .symfix
1: kd> .sympath
Symbol search path is: srv*
Expanded Symbol search path is: cache*;SRV*http://msdl.microsoft.com/download/symbols
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*
1: kd> !analyze
Connected to Windows 7 7601 x64 target at (Sat Aug 15 00:11:36.598 2015 (UTC + 4:30)), ptr64 TRUE
Loading Kernel Symbols
..........................
Press ctrl-c (cdb, kd, ntsd) or ctrl-break (windbg) to abort symbol loads that take too long.
Run !sym noisy before .reload to track down problems loading symbols.
.....................................
................................................................
............................
Loading User Symbols
Loading unloaded module list
....
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck 0, {0, 0, 0, 0}
Probably caused by : ntkrnlmp.exe ( nt!RtlpBreakWithStatusInstruction+0 )
Followup: MachineOwner
---------
1: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Unknown bugcheck code (0)
Unknown bugcheck description
Arguments:
Arg1: 0000000000000000
Arg2: 0000000000000000
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
------------------
PROCESS_NAME: System
FAULTING_IP:
nt!RtlpBreakWithStatusInstruction+0
fffff800`02a97490 cc int 3
ERROR_CODE: (NTSTATUS) 0x80000003 - {EXCEPTION} Breakpoint A breakpoint has been reached.
EXCEPTION_CODE: (HRESULT) 0x80000003 (2147483651) - One or more arguments are invalid
EXCEPTION_PARAMETER1: 0000000000000000
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0x0
CURRENT_IRQL: d
ANALYSIS_VERSION: 6.3.9600.17237 (debuggers(dbg).140716-0327) amd64fre
DPC_STACK_BASE: FFFFF8800312FFB0
STACK_TEXT:
fffff880`03128ac8 fffff800`02a7c043 : fffff800`02d99000 fffff880`03100180 00000000`00000000 00000000`00026160 : nt!RtlpBreakWithStatusInstruction
fffff880`03128ad0 fffff800`02aab741 : 00000000`00000000 fffff880`03128b80 fffff880`03100180 00000000`00000001 : nt! ?? ::FNODOBFM::`string'+0x5d84
fffff880`03128b00 fffff880`041897f2 : fffff800`02aa8f09 00000000`ffffffed 0000008f`7604fecb fffff880`0310af40 : nt!KiSecondaryClockInterrupt+0x131
fffff880`03128c98 fffff800`02aa8f09 : 00000000`ffffffed 0000008f`7604fecb fffff880`0310af40 00000000`00000001 : amdppm!C1Halt+0x2
fffff880`03128ca0 fffff800`02a9733c : fffff880`03100180 fffff880`00000000 00000000`00000000 fffff880`014cca00 : nt!PoIdle+0x52a
fffff880`03128d80 00000000`00000000 : fffff880`03129000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x2c
STACK_COMMAND: kb
FOLLOWUP_IP:
nt!RtlpBreakWithStatusInstruction+0
fffff800`02a97490 cc int 3
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: nt!RtlpBreakWithStatusInstruction+0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: nt
IMAGE_NAME: ntkrnlmp.exe
DEBUG_FLR_IMAGE_TIMESTAMP: 4ce7951a
IMAGE_VERSION: 6.1.7601.17514
BUCKET_ID: MANUAL_BREAKIN
FAILURE_BUCKET_ID: MANUAL_BREAKIN
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING: km:manual_breakin
FAILURE_ID_HASH: {30cbeaaa-35e3-de0f-a585-406cd241c851}
Followup: MachineOwner
---------