Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Kernel debugging with unsigned driver on windows 10

rohitsinharohitsinha Member Posts: 4
edited December 2018 in NTDEV

Hello,

I am trying to perform kernel debugging on windows 10 (x64) with unsigned WFP network callout driver, but everytime I restart my system after installing the unsigned driver it goes to startup repair (even before the debugee could get connected )

Kernel debugging is of a Virtual Machine using virtual COM port

Steps performed:
1. On the VM (Target Machine) executed following:
bcdedit /debug on
bcdedit /dbgsettings serial debugport:1 baudrate:115200

  1. In windbg(x64) on host machine configured kernel Debug over COM, specifying pipe name as port.
  2. Restarted the Target Machine (VM) in debug mode (Through settings -> recovery -> advanced startup)

On restarting, the system goes to startup repair, while windbg remains in 'waiting for debugee to connect..'

With same steps, everything is working as expected when the driver is signed, but I need to test with unsigned driver to save time. The entire process of signing a driver is little time consuming and I may be making multiple iterations and modifications in the driver to test, so testing with unsigned driver will really save a lot of time.

Please advise steps which I am missing or are needed to be performed to achieve Kernel debugging with unsigned driver on windows 10.

Comments

  • Scott_Noone_(OSR)Scott_Noone_(OSR) Administrator Posts: 3,678

    If the driver is boot start you also need boot debugging enabled:

    bcdedit /bootdebug on
    

    -scott
    OSR

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,832
    edited December 2018 via Email
    > The entire process of signing a driver is a little time consuming and I
    > may be making multiple iterations and modifications in the driver to
    > test, so testing with unsigned driver will really save a lot of time.

    This is not true. As long as you turn "secure boot" off in your BIOS, you can sign your driver using a KMCS code-signing certificate and a cross-certificate, exactly as we did for systems prior to Windows 10. It adds seconds to the build process.

    Tim Roberts, [email protected]
    Software Wizard Emeritus

  • rohitsinharohitsinha Member Posts: 4
    edited January 2019

    Thanks Scott and Tim for the information shared.

    Executing 'bcdedit /bootdebug on' command worked and the issue was resolved.

    Thank you so much.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 13-17 May 2024 Live, Online
Developing Minifilters 1-5 Apr 2024 Live, Online
Internals & Software Drivers 11-15 Mar 2024 Live, Online
Writing WDF Drivers 20-24 May 2024 Live, Online