Hello OSR developers!
My name is Alessandro and I’m a new member of this community. I noticed OSR while struggling with windows internals, and now I’m asking for your help, hoping someone will be able to help me.
To keep it shorts, I’m starting to write a new minifilter (I know there is an apposite section for this, but the problem is not the minifilter per se but kernel debugging, so I hope I’m posting in the right place), but I’m completely new to kernel developing, and, moreover, I had no idea on how to debug kernel components.
I’ve been struggling with kernel debugging for two days and I still have no clue on what I’m doing wrong: there’s no way to start debugging the kernel component I’m writing.
My setup is a Windows 8.1 x64 host with VS2013 and WDK8.1, and I’m running Windows 7 x86 on a Virtual Machine (virtualbox). I read, read, read, and then read again, the Microsoft documentation, but none of what I tried seem to be okay. So, I started by installing the wdk test target that I found under “C:\Program Files (x86)\Windows Kits\8.1\Remote\x86” on the virtual machine, set up a new serial port on the virtual machine (COM port, host pipe, named “\.\pipe\vboxpipe”). Then, I enabled debugging over serial cable on the virtual machine
bcdedit /debug on
bcdedit /dbgsettings serial debugport:1 baudrate:115200 (I chose port COM1 while setting the machine up)
Then, I went inside Visual Studio, started a new minifilter project (New project, Visual c++, Windows Driver, Storage, Filter Driver: Filesystem Mini-filter), builded the project for the correct platform (Windows 7 debug, x86) and configured the computer for the driver testing: I went in the Driver tab->Test->Configure computer. Here, I added a new computer, chose as a computer the computer name of my virtual machine (my host is TheArrow, my guest WIN-VM, so I chose Win-VM) and chose “Provision computer and choose debug setting”. Then I chose “Windows Debugger - Kernel Mode”, connection Serial, baudrate 115200, Pipe true, reconnect true, pipe name the one above (\.\pipe\vboxpipe) and target port “com1”. Everything went fine, and I later found the virtual machine logged as WDKRemoteUser (or something similar).
After that, I enabled Deployment: package properties, driver install, deployment, and chose “Enable deployment”, “Remove previous drivers…”, and “Install and verify”. As Target Computer Name I choose WIN-VM.
I then tried to build and deploy everything, but I got errors. Apparently, even if it was the first time that I launched the debug, the platform was unable to remove some old driver (?) and there was no way to start debugging.
Did I do something wrong? Can someone help me?
Thanks in advance!