1

As a part of a project I am learning how to write Kernel Drivers for windows.

I have setup the following environment:

My Virtual target machine is Windows 7 Sp1 x86 - Running on VMware Workstation.

My host machine is Windows 7 Running windbg to remote debug the target's kernel (I used debugging via virtual serial cable and a named pipe since net debugging is available only from windows 8)

I installed the latest WDK and visual studio 2017 community.

I've written and compiled the driver as in the Microsoft docs.

I copied the sys file generated under the Debug folder to the target machine and installed the driver with Osrloader.

When I hit start service the computer freezes and the system crashes.

Questions

  1. The computer is offline (Hence no connection to the windows Symbol Server), could the missing symbols cause such errors? If so how should I use the syschk tool to solve this? *Please note I did not install any symbols yet.
  • No, having no symbols won't crash the target computer (you simply have no debugging symbols). Does the kernel debugger on the host catch the bugcheck on the target? Did you tried to set some debug print on the driver entry ? You could also set a break on driver load using `sxe ld drv.sys` (replace `drv` with your driver name) and step from here. – Neitsa Jul 14 '18 at 08:29
  • @Neitsa thanks for your reply as I said Im new at programming kernel drivers, When I read the notes I thought "Universal" referred to all OS versions, apparently it refers to all Devices and I had the target OS set to windows 10. Simply changing it to Windows 7 stopped the BSOD. A new problem occurred while I tried starting the driver with osrloader but error occurred: "The service cannot be started, either because it is disabled or because it has no enabled devices associated with it." does it have to be legacy driver to install via osrloader or sc. Exe? –  Jul 16 '18 at 19:18
  • @ImmortaleVBR yes indeed it was my problem could you maybe explain if I need other symbol files rather than my driver's .pdb file to debug? (Are the symbol files I need are for the ntoskernel.exe and other libraries?) The computer I'm debugging is on an offline network so I cannot access Microsoft symbol servers.. What should I do in such case? Please refer to my last comment as well. –  Jul 16 '18 at 19:23

0 Answers0