The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I am directly calling some functions in other drivers (calling the DriverEntry of that driver)
The problem is that the page that contains that function seems to be paged out, because MmIsAddressValid returns false and also windbg says this when i try to go to that address :
Memory access error in 'u 0xF72BA57F'
But the address is correct (the symbol get resolved and i can see that this in fact is the driverentry for that driver)
So my question is how can i bring the paged out code back to memory so i can call it? i don't mess with IRQL in my code and its running at default IRQL. i thought when i am running at default IRQL the memory manager will take care of the paged out stuff and bring it back to memory when i try to jump to it, but it seems to not do it since i get BSOD
by default IRQL i mean PASSIVE_LEVEL, based on my understanding the default in drivers is this if we don't mess with it.
I think using MmProbeAndLock might help, But I'm not sure how can i convert the address of EntryPoint of the driver to an MDL? because it seems to need an IRP to construct an MDL, but i am not sending an IRP i am just jumping there?
I also heard that this might be because of the target driver using
#pragma alloc_text(INIT, DriverEntry)
Is this true? if so, how to bring it back to memory?
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!|
|Writing WDF Drivers||7 Dec 2020||LIVE ONLINE|
|Internals & Software Drivers||25 Jan 2021||LIVE ONLINE|
|Developing Minifilters||8 March 2021||LIVE ONLINE|