I’m using kernel debugger to disassemble the 3rd party’s driver,
and I do have the private symbol to debug the driver,
I use uf command to disassemble the driver routine and I can only see below things.
That’s it, I can’t see which exactly WDF DDI was called by the driver routine.
KD only showed me the offset, is there any way to know which DDI was called?
I’m using kernel debugger to disassemble the 3rd party’s driver,
and I do have the private symbol to debug the driver,
I use uf command to disassemble the driver routine and I can only see below
things.
That’s it, I can’t see which exactly WDF DDI was called by the driver
routine.
KD only showed me the offset, is there any way to know which DDI was called?
I’m already able to see the exactly WdfFunction name,
thanks for your answer,
I’ve followed your twitter articles and osr message for a long time,
actually I’m your big fan, because I’m interested in learning kd and use it to debug everything.