Hello,
I have curious question, How can I verify that driver is loaded when it is
supposed to be loaded? How can I verify that driver is running?
Basically, I need to test that driver is getting installed properly and
loaded. For e.g. Filesystem driver needs to be loaded prior to fs is
mounted, network driver needs to be loaded prior to network activity takes
place.
Second, Verify that driver is currently running. I am guessing that if
driver is loaded than it must be running. I am relying on that system is
working and driver supposed to be loaded at boot time fact. Is that
correct? Are there any tools I can use to support my statement.
Thank you,
-Anand
Well, in general from the developer’s point of view, you could start a kd session and either:
a.)
.reload -f -n
lm m
b.)
place a breakpoint - bp !DriverEntry
c.)
look for your trace statements
Good luck,
mm
Anand wrote …
I have curious question, How can I verify that driver is loaded when it is supposed to be loaded? How can I verify that driver is running? Basically, I need to test that driver is getting installed properly and loaded. For e.g. Filesystem driver needs to be loaded prior to fs is mounted, network driver needs to be loaded prior to network activity takes place. Second, Verify that driver is currently running. I am guessing that if driver is loaded than it must be running. I am relying on that system is working and driver supposed to be loaded at boot time fact. Is that correct? Are there any tools I can use to support my statement.
To which I reply …
Programatically there are basically two mechanisms that I use for this: query for a UI number and an IOCTL for “RuOK” which returns a simply running status of the driver (for usermode) and have a QueryInterface handler (for kernelmode)
When your driver is created you can specify a UI number (and an address) which [should be] unique for each instance of the driver using WdfDeviceSetPnPCapabilities You also need to expose an interface GUID for the driver and a handler for inbound QI’s for that GUID using WdfDeviceAddQueryInterface …
After your driver has started up then from usermode you would first check for the driver interface GUID using SetupDiGetClassDev’s, which will return back all of the driver instances loaded which support [your] interface; if you don’t get back any then your driver just didn’t get loaded. If you *do* get a hit then you then call SetupDiGetDeviceRegistryProperty looking for the UI (or address) number – that number should tell you what instance of your driver you’re talking to – so, if you encoded some info in that number then you’re fine. You have now verified that your driver was loaded; to determine if it’s OK use that interface pointer to make the RuOK IOCTL which will tell you if the driver is OK …
From kernelmode, you make a QueryInterface call either in the stack using WdfFdoQueryForInterface or across the stack with WdfIoTargetQueryForInterface with that GUID; if you get back a return then your driver has been loaded and again make the RuOK IOCTL call to see if the driver is OK …
Cheers!
Thank you both of you for providing such a detailed explanation.
I was more concerned about the verification of the system in the field and
not during development. However, both suggestions are helpful.
Are there any tools that I can use to get list of loaded driver with some
detailed information?
-Anand
On Wed, May 12, 2010 at 7:30 PM, wrote:
> Anand wrote …
> I have curious question, How can I verify that driver is loaded when it is
> supposed to be loaded? How can I verify that driver is running? Basically, I
> need to test that driver is getting installed properly and loaded. For e.g.
> Filesystem driver needs to be loaded prior to fs is mounted, network driver
> needs to be loaded prior to network activity takes place. Second, Verify
> that driver is currently running. I am guessing that if driver is loaded
> than it must be running. I am relying on that system is working and driver
> supposed to be loaded at boot time fact. Is that correct? Are there any
> tools I can use to support my statement.
>
> To which I reply …
> Programatically there are basically two mechanisms that I use for this:
> query for a UI number and an IOCTL for “RuOK” which returns a simply running
> status of the driver (for usermode) and have a QueryInterface handler (for
> kernelmode)
>
> When your driver is created you can specify a UI number (and an address)
> which [should be] unique for each instance of the driver using
> WdfDeviceSetPnPCapabilities You also need to expose an interface GUID for
> the driver and a handler for inbound QI’s for that GUID using
> WdfDeviceAddQueryInterface …
>
> After your driver has started up then from usermode you would first check
> for the driver interface GUID using SetupDiGetClassDev’s, which will return
> back all of the driver instances loaded which support [your] interface; if
> you don’t get back any then your driver just didn’t get loaded. If you do
> get a hit then you then call SetupDiGetDeviceRegistryProperty looking for
> the UI (or address) number – that number should tell you what instance of
> your driver you’re talking to – so, if you encoded some info in that number
> then you’re fine. You have now verified that your driver was loaded; to
> determine if it’s OK use that interface pointer to make the RuOK IOCTL which
> will tell you if the driver is OK …
>
> From kernelmode, you make a QueryInterface call either in the stack using
> WdfFdoQueryForInterface or across the stack with
> WdfIoTargetQueryForInterface with that GUID; if you get back a return then
> your driver has been loaded and again make the RuOK IOCTL call to see if the
> driver is OK …
>
> Cheers!
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
Driverquery.exe
d
sent from a phpne with no keynoard
From: Anand Patel
Sent: May 13, 2010 6:22 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] How to verify if driver is installed and loaded
Thank you both of you for providing such a detailed explanation.
I was more concerned about the verification of the system in the field and not during development. However, both suggestions are helpful.
Are there any tools that I can use to get list of loaded driver with some detailed information?
-Anand
On Wed, May 12, 2010 at 7:30 PM, > wrote:
Anand wrote …
I have curious question, How can I verify that driver is loaded when it is supposed to be loaded? How can I verify that driver is running? Basically, I need to test that driver is getting installed properly and loaded. For e.g. Filesystem driver needs to be loaded prior to fs is mounted, network driver needs to be loaded prior to network activity takes place. Second, Verify that driver is currently running. I am guessing that if driver is loaded than it must be running. I am relying on that system is working and driver supposed to be loaded at boot time fact. Is that correct? Are there any tools I can use to support my statement.
To which I reply …
Programatically there are basically two mechanisms that I use for this: query for a UI number and an IOCTL for “RuOK” which returns a simply running status of the driver (for usermode) and have a QueryInterface handler (for kernelmode)
When your driver is created you can specify a UI number (and an address) which [should be] unique for each instance of the driver using WdfDeviceSetPnPCapabilities You also need to expose an interface GUID for the driver and a handler for inbound QI’s for that GUID using WdfDeviceAddQueryInterface …
After your driver has started up then from usermode you would first check for the driver interface GUID using SetupDiGetClassDev’s, which will return back all of the driver instances loaded which support [your] interface; if you don’t get back any then your driver just didn’t get loaded. If you do get a hit then you then call SetupDiGetDeviceRegistryProperty looking for the UI (or address) number – that number should tell you what instance of your driver you’re talking to – so, if you encoded some info in that number then you’re fine. You have now verified that your driver was loaded; to determine if it’s OK use that interface pointer to make the RuOK IOCTL which will tell you if the driver is OK …
From kernelmode, you make a QueryInterface call either in the stack using WdfFdoQueryForInterface or across the stack with WdfIoTargetQueryForInterface with that GUID; if you get back a return then your driver has been loaded and again make the RuOK IOCTL call to see if the driver is OK …
Cheers!
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer