Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging

The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.

Check out The OSR Learning Library at:

Unable to debug bluescreen with lower filter disk driver

Hi, I have a WDM lower filter disk driver (handles IRP_MJ_SCSI) that works fine when the boot disk is MBR based.
The filter driver is able to handle both boot and data drives with no issues with the data drives being a combination of MBR and GPT.
my filter driver does not filter (block) any reads or writes to boot disks.

But when we have a GPT system disk (Windows 10 boot disk is GPT based), the system bluescreens with UNHANDLED_EXCEPTION pointing to my driver.
Unfortunately, I am not able to get control in a kernel debugger. The kernel debugger is kdnet based.

I enabled boot manager debug on the test system so I can get control in the kernel debugger which I do.
I then enabled breakpoints on the DriverEntry of my driver as well as executed "sxe ld driver.sys".
The system reboots because of bluescreen and debugger breakpoints do not get hit.
System bluescreens and the bluescreen message points to my driver.

There is nothing written in the memory dump either. The memory dump is configured for complete memory dump and it is on the boot partition.

UNHANDLED_EXCEPTION seems to indicate I have a int 3 somewhere but I do not have any int 3 or __debugbreak() or equivalent in my driver.

Interestingly, I cannot get this problem to happen in a Windows 10 VM if I set up the VM to boot through UEFI (Virtualbox supports this).
I tried the same on VMWare workstation and still do not see any issues.

I am trying to get serial port based debug going but this system does not have a RS-232 port. Not sure if it will help

Any ideas on where I can look?



Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 7 Dec 2020 LIVE ONLINE
Internals & Software Drivers 25 Jan 2021 LIVE ONLINE
Developing Minifilters 8 March 2021 LIVE ONLINE