Struggling with kernel debugging

Hello OSR developers!

My name is Alessandro and I’m a new member of this community. I noticed OSR while struggling with windows internals, and now I’m asking for your help, hoping someone will be able to help me.

To keep it shorts, I’m starting to write a new minifilter (I know there is an apposite section for this, but the problem is not the minifilter per se but kernel debugging, so I hope I’m posting in the right place), but I’m completely new to kernel developing, and, moreover, I had no idea on how to debug kernel components.

I’ve been struggling with kernel debugging for two days and I still have no clue on what I’m doing wrong: there’s no way to start debugging the kernel component I’m writing.

My setup is a Windows 8.1 x64 host with VS2013 and WDK8.1, and I’m running Windows 7 x86 on a Virtual Machine (virtualbox). I read, read, read, and then read again, the Microsoft documentation, but none of what I tried seem to be okay. So, I started by installing the wdk test target that I found under “C:\Program Files (x86)\Windows Kits\8.1\Remote\x86” on the virtual machine, set up a new serial port on the virtual machine (COM port, host pipe, named “\.\pipe\vboxpipe”). Then, I enabled debugging over serial cable on the virtual machine

bcdedit /debug on
bcdedit /dbgsettings serial debugport:1 baudrate:115200 (I chose port COM1 while setting the machine up)

Then, I went inside Visual Studio, started a new minifilter project (New project, Visual c++, Windows Driver, Storage, Filter Driver: Filesystem Mini-filter), builded the project for the correct platform (Windows 7 debug, x86) and configured the computer for the driver testing: I went in the Driver tab->Test->Configure computer. Here, I added a new computer, chose as a computer the computer name of my virtual machine (my host is TheArrow, my guest WIN-VM, so I chose Win-VM) and chose “Provision computer and choose debug setting”. Then I chose “Windows Debugger - Kernel Mode”, connection Serial, baudrate 115200, Pipe true, reconnect true, pipe name the one above (\.\pipe\vboxpipe) and target port “com1”. Everything went fine, and I later found the virtual machine logged as WDKRemoteUser (or something similar).

After that, I enabled Deployment: package properties, driver install, deployment, and chose “Enable deployment”, “Remove previous drivers…”, and “Install and verify”. As Target Computer Name I choose WIN-VM.

I then tried to build and deploy everything, but I got errors. Apparently, even if it was the first time that I launched the debug, the platform was unable to remove some old driver (?) and there was no way to start debugging.

Did I do something wrong? Can someone help me?

Thanks in advance!

There are not enough information here. It will be great if you can give more details, and show us the exact error messages / texts you saw.

Tai-Hing

With all due respect, writing a Minifilter is a really tough place to start if you’re brand new do Windows kernel development. It’s sort of like starting learning to write C++ by writing a COM Server. Looks simple, but there are many details that will trap the new and unwary.

Yes. You tried to use Visual Studio integrated testing, deployment, and debugging for a driver. It’s not your fault, really. Just don’t do this. It only works about half the time.

Entirely, completely, ignore the “deploy” and “test” options for driver development in Visual Studio. Also, entirely, completely, ignore trying to use the kernel debugger built into Visual Studio for kernel debugging.

Edit and build your driver in Visual Studio. Copy it to the target system and install it there. Debug it using WinDbg.

You have enough on your plate already. Don’t fool with stuff that doesn’t work. We’re told in the new Win10 WDK and VS 2015 deploy and test will work much better. Until that’s been proven, just do it manually.

And the kernel debugging interface that’s integrated into Visual Studio just isn’t a good way to go no matter what. So, just use WinDbg (which is provided with the WDK installation).

I’ve just saved you days , if not weeks, of frustration and annoyance.

Peter
OSR
@OSRDrivers

I didn’t go into details with the errors since I thought that the error was before. By the way, after setting up everything as I said, and after that visual studio did his stuff on my virtual machine (http://i.imgur.com/cTWsOpl.png), and after that on “test -> configure computer” my virtual machine was set as “configured for driver testing”, I launched the debugging. This is the error message that apparead: http://imgur.com/cTWsOpl,fwtOaf6#1. This is the output from the windbg console integrated in VS: http://pastebin.com/GhqSFjpC.

@Peter: thank for your advice! I really appreciate any kind of suggestion. I suspected that developing a minifilter wasn’t easy, especially without any previous knowledge on kernel development, but I’m currently graduating and this is my thesis work, so I’ve no way to “skip” it :slight_smile: So, what you’re suggesting is just to build the driver with VS and do the rest with windbg, right? Sorry for the newbie questions, maybe I’m doing something that is out of my league for the moment, but I hope that with the right help I can really learn something :slight_smile:

Exactly.

Not a problem. If we’re doing anything interesting, we’re all newbies at SOMEthing at a given time.

Peter
OSR
@OSRDrivers

Thank you again, then :slight_smile: I’ll do what you suggest