Hi community!
Is it possible, from a driver, to get details about the last raised BSOD?
Although one can fill the code with try/catch blocks, where are some types of crashes that cannot be trapped. As a last resource, I would like to skip driver loading if my driver is causing the crashes.
Regards,
Mauro.
If youâre concerned about your driver rendering the system unstable, the âtypicalâ thing to do is not load in Safe Mode.
Peter
Hi Peter, yes it does not load in safe mode.
My intention is the following: Letâs asume you install your product in some medim-large company and it fails for any reason, manually recovery of each computer can be tedious (mainly in a distributed environment) so, if driver can disable itself so computers boots, we would be able to, for e.g., remote access to them and apply a fix.
I know the info is usually stored in event log but I didnât know how to read it from kernel. If it is on another place, no idea.
Regards,
Mauro.
Yeah⌠I donât know any way to do this.
It doesnât even strike me as a reasonable thing to do. Itâs hard enough to figure out why the system crashed from WinDbg⌠never mind at startup time, in kernel mode. As you know: Itâs not always the driver that crashed thatâs responsible for the crash. Suppose you pool scribble, for example? So even if you can figure out the crashing driver, itâs not 100% guaranteed.
AndâŚ, doesnât Windows already do something like this automatically?
Peter
It doesnât even strike me as a reasonable thing to do. Itâs hard enough to figure out why the system crashed from WinDbg⌠never mind at startup time, in kernel mode. As you know: Itâs not always the driver that crashed thatâs responsible for the crash. Suppose you pool scribble, for example? So even if you can figure out the crashing driver, itâs not 100% guaranteed.
Sure but if customer sees yourdriver.sys caused the BSOD, it complains no matter if it is really your fault. And if customer sees symantec.sys or microsoft.sys driver caused BSOD, it complains to you because you are the little and new company.
AndâŚ, doesnât Windows already do something like this automatically?
I thought that but no. Even you can try asking the user to boot with last known good configuration (although does not always work), customers says âcome here and fix yourselfâ
Shitty customers of course.
And if customer sees symantec.sys or microsoft.sys driver caused BSOD, it complains to you because you are the little and new company.
Yeah, I get it.
Because this intrigued me, I spent some time this afternoon trying to figure out how to do this. And I came to the conclusion that itâs just not possible. SURE, you could write a service that analyzes the dump file on reboot, and then tells the driver it it was the likely cause of the crash. But thatâs going to be (probably) minutes after the system starts and hence your driver is already loaded.
I canât figure out any legit way to do this during the crash itself or after the fact.
SorryâŚ
Peter
Any particular way to set up a driver not to load during Safe mode?
Ours always does, by default, and we want it that way, but just checking
See the link in my first reply above. Check if safe mode and fail DriverEntry.
Peter
@âPeter_Viscarola_(OSR)â said:
Because this intrigued me, I spent some time this afternoon trying to figure out how to do this. And I came to the conclusion that itâs just not possible. SURE, you could write a service that analyzes the dump file on reboot, and then tells the driver it it was the likely cause of the crash. But thatâs going to be (probably) minutes after the system starts and hence your driver is already loaded.
Thanks for the effort. I would like to keep the driver starting before the service because it can still do some tasks (it is some sort of AV app) but Iâll take into account your hint.
@Dejan_Maksimovic said:
Any particular way to set up a driver not to load during Safe mode?
Ours always does, by default, and we want it that way, but just checking
Actually it does not load on safe mode. It is not a problem to recover from a disaster but, as said above, want to minimize problems.
Regards!
Instead of safe mode, you can boot to WinRE and delete the trouble-making driver.
There are ways to boot managed servers from alternative device.
Which would yield a âwindows cannot boot because the driver is not foundâ.
Well, it would for FS filters. For device filtesr, it would simply
make the device inaccessible. Not sure about regular hardware drivers?
On 2/24/20, Pavel_A wrote:
> OSR https://community.osr.com/
>
> Pavel_A commented on Getting last BSOD info
>
> Instead of safe mode, you can boot to WinRE and delete the touble-making
> driver.