Debugging a kernel mode driver
来源: https://stackoverflow.com/questions/63517468/debugging-a-kernel-mode-driver
kmdf
Minispy driver - user mode call
问题 After hours of spending on installing drivers, I began looking at minispy driver: Windows-driver-samples/filesys/miniFilter/minispy/ I am trying to catch all the calls of user to open files. I was trying to do it with all the parameters it prints (like Opr, Major Operation...) but I can't filter it in exact way. How can I filter only the user calls (open file)?? How can I determinate within the code if the user called the transaction? Thank you very much for your help. 回答1: look for FLT
Differences between struct in C and C++
问题 I am trying to convert a C++ struct to C but keep getting "undeclared identifier"? Does C++ have a different syntax for referring to structs? struct KEY_STATE { bool kSHIFT; //if the shift key is pressed bool kCAPSLOCK; //if the caps lock key is pressed down bool kCTRL; //if the control key is pressed down bool kALT; //if the alt key is pressed down }; I am using a variable of type KEY_STATE inside another structure: typedef struct _DEVICE_EXTENSION { WDFDEVICE WdfDevice; KEY_STATE kState; }
Why is there no WDM kernel-mode driver template in Windows Driver Kit?
问题 I came across kernel-mode drivers with very little experience. Here's what I am trying to do: Have a user-mode application that loads the driver. Have the user-mode application write to it, in order to send it an instruction. Have the driver send the RDMSR instruction to the Intel chip. Return the results back to the user-mode application. I've read this article that describes the different ways in which you can accomplish this behavior (Buffered I/O, Direct I/O, or Neither). My problem is
Installing template for VS 2015 enterprise
问题 I have VS 2015, and I also have Windows Driver Kit 10.0 But in VS 2015 Enterprise, I could not find any template to write KMDF related development. I tried to install so search for template for KMDF or WDF but I could not find it. How can I install KMDF template in VS 2015 enterprise edition? thanks 回答1: The solution was easy. I had to install WDK after installing VS 2015, I did that and it worked fine. problem solved. 来源: https://stackoverflow.com/questions/37707656/installing-template-for
Windows update 1903 causing file system driver to crash
问题 I have a serious problem with a windows file system KMDF driver. the problem occurred after Windows 10 ver 1903 update (may latest update). the driver was running smoothly before the update at any giving windows 10 versions. When the driver start running the system CARSH (Blue Screen) with "WDF_VIOLATION" Error. I opened the system dump file with the "Visual Studio windbg" tool, and i found this Error log: WDF_VIOLATION (10d) The Kernel-Mode Driver Framework was notified that Windows detected
Raw PDO to send IOCTL to upper filter driver (kbfiltr/moufiltr) to enable/disable device
问题 I am quite new to driver development and trying to write a simple filter driver that will enable or disable a keyboard or mouse device. If I can make it work, I want to use it to disable the touchpad on my laptop when a mouse is plugged in. I realize there is probably software out there that does this already, but I am really interested in device drivers and want to learn how to do this myself. I am using the kbfiltr and moufiltr examples that ship with the WDK, installed as upper filter
Raw PDO to send IOCTL to upper filter driver (kbfiltr/moufiltr) to enable/disable device
I am quite new to driver development and trying to write a simple filter driver that will enable or disable a keyboard or mouse device. If I can make it work, I want to use it to disable the touchpad on my laptop when a mouse is plugged in. I realize there is probably software out there that does this already, but I am really interested in device drivers and want to learn how to do this myself. I am using the kbfiltr and moufiltr examples that ship with the WDK, installed as upper filter drivers. The kbfiltr example creates a pdo which can be enumerated and connected to by a usermode program.
On x86, when the OS disables interrupts, do they vanish, or do they queue and 'wait' for interrupts to come back on?
My platform is x86 and x86-64, on Windows. The point of the interrupt priority system is to have the highest priority interrupt beat out the others. To enforce this, I'm guessing that Windows will disable all interrupts of lower level completely, until the ISR for the higher-level interrupt is complete. But if the CPU isn't listening to interrupts, what happens? Do they just silently disappear? Or are they queued in hardware, waiting for interrupts to become enabled again? If they are stored, where? Are there limitations to how many can queue up? What happens if too many interrupts go
Differences between struct in C and C++
I am trying to convert a C++ struct to C but keep getting "undeclared identifier"? Does C++ have a different syntax for referring to structs? struct KEY_STATE { bool kSHIFT; //if the shift key is pressed bool kCAPSLOCK; //if the caps lock key is pressed down bool kCTRL; //if the control key is pressed down bool kALT; //if the alt key is pressed down }; I am using a variable of type KEY_STATE inside another structure: typedef struct _DEVICE_EXTENSION { WDFDEVICE WdfDevice; KEY_STATE kState; } DEVICE_EXTENSION, *PDEVICE_EXTENSION; results in error C2061: syntax error : identifier 'KEY_STATE' ..