Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Unable to debug bluescreen with lower filter disk driver

Hi, I have a WDM lower filter disk driver (handles IRP_MJ_SCSI) that works fine when the boot disk is MBR based.
The filter driver is able to handle both boot and data drives with no issues with the data drives being a combination of MBR and GPT.
my filter driver does not filter (block) any reads or writes to boot disks.

But when we have a GPT system disk (Windows 10 boot disk is GPT based), the system bluescreens with UNHANDLED_EXCEPTION pointing to my driver.
Unfortunately, I am not able to get control in a kernel debugger. The kernel debugger is kdnet based.

I enabled boot manager debug on the test system so I can get control in the kernel debugger which I do.
I then enabled breakpoints on the DriverEntry of my driver as well as executed "sxe ld driver.sys".
The system reboots because of bluescreen and debugger breakpoints do not get hit.
System bluescreens and the bluescreen message points to my driver.

There is nothing written in the memory dump either. The memory dump is configured for complete memory dump and it is on the boot partition.

UNHANDLED_EXCEPTION seems to indicate I have a int 3 somewhere but I do not have any int 3 or __debugbreak() or equivalent in my driver.

Interestingly, I cannot get this problem to happen in a Windows 10 VM if I set up the VM to boot through UEFI (Virtualbox supports this).
I tried the same on VMWare workstation and still do not see any issues.

I am trying to get serial port based debug going but this system does not have a RS-232 port. Not sure if it will help

Any ideas on where I can look?

Thanks,
RK

Comments

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 20 Apr 2020 LIVE ONLINE
Writing WDF Drivers 11 May 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA