The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I have seen many dumps where the output of lm is like so:
0: kd> lmDvmMyDrv
Browse full module list
start end module name
f67e00000 fffff802f67fc000 MyDrv T (private pdb symbols) C:\ProgramData\Dbg\sym\MyDrv.pdb\1E8296A5E1ABCD66E9DC9C86CACDFE1\MyDrv.pdb
Loaded symbol image file: MyDrv.sys
Image path: \??\C:\TestBin\MyDrv.sys
Image name: MyDrv.sys
Browse all global symbols functions data
Timestamp: ***** Invalid (F7D8FE12)
Translations: 0000.04b0 0000.04e4 0409.04b0 0409.04e4
Information from resource tables:
Why is the timestamp info incorrect? It makes it hard to figure out which version of the driver crashed.
Is it possible to parse the embedded resource inside the binary of the crash dump to dig out the version_info?
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Developing Minifilters||24 May 2021||Live, Online|
|Writing WDF Drivers||14 June 2021||Live, Online|
|Internals & Software Drivers||27 September 2021||Live, Online|
|Kernel Debugging||15 November 2021||Live, Online|