Hi, I have a WDM lower filter disk driver (handles IRP_MJ_SCSI) that works fine when the boot disk is MBR based.
The filter driver is able to handle both boot and data drives with no issues with the data drives being a combination of MBR and GPT.
my filter driver does not filter (block) any reads or writes to boot disks.
But when we have a GPT system disk (Windows 10 boot disk is GPT based), the system bluescreens with UNHANDLED_EXCEPTION pointing to my driver.
Unfortunately, I am not able to get control in a kernel debugger. The kernel debugger is kdnet based.
I enabled boot manager debug on the test system so I can get control in the kernel debugger which I do.
I then enabled breakpoints on the DriverEntry of my driver as well as executed "sxe ld driver.sys".
The system reboots because of bluescreen and debugger breakpoints do not get hit.
System bluescreens and the bluescreen message points to my driver.
There is nothing written in the memory dump either. The memory dump is configured for complete memory dump and it is on the boot partition.
UNHANDLED_EXCEPTION seems to indicate I have a int 3 somewhere but I do not have any int 3 or __debugbreak() or equivalent in my driver.
Interestingly, I cannot get this problem to happen in a Windows 10 VM if I set up the VM to boot through UEFI (Virtualbox supports this).
I tried the same on VMWare workstation and still do not see any issues.
I am trying to get serial port based debug going but this system does not have a RS-232 port. Not sure if it will help
Any ideas on where I can look?
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!||Kernel Debugging||30 Mar 2020||OSR Seminar Space|
|Developing Minifilters||20 Apr 2020||LIVE ONLINE|
|Writing WDF Drivers||11 May 2020||LIVE ONLINE|
|Internals & Software Drivers||28 Sept 2020||Dulles, VA|