![]() Whenever the NT Memory Manager attempts to load a driver image, it consults the kernel debugger, if attached, asking it for an alternative driver image. kdfiles command configure’s the kernel debugger’s driver replacement map. Therefore, I was happy to discover Windbg’s. ![]() I’ve found that booting the target system or virtual machine every time you want to replace a driver file with an updated build and then rebooting to have the new driver loaded significantly prolongs the cycle. Debugging native code has always been characterized by the tedious and cumbersome modify, compile and link, copy, run, repeat… cycle, but in the case of kernel-mode development, the overhead of that cycle is even more acute. ![]() Recently, I’ve been assigned to work on fixing several bugs in a Windows file system filter driver.
0 Comments
Leave a Reply. |