The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I assume it is because the xml registers the sys file as a provider, but even after doing a wevtutil um on the xml file, a disable/enable of the device in device manager results in a STATUS_SHARING_VIOLATION in windbg in response to the .kdfiles overwrite.
Prior to adding ETW tracing to the driver, the sys file copied over from the build machine OK.
Oh, and dont to a disable on the device and then do a wevtutil um, it results in a BSOD.
Anyway, an interesting bug, means you need to do a reboot to get the new sys file on the machine.
|Upcoming OSR Seminars
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
|13-17 May 2024
|1-5 Apr 2024
|Internals & Software Drivers
|11-15 Mar 2024
|Writing WDF Drivers
|20-24 May 2024