NDIS filter driver doesn't load in windows 2008 R2_问答_开发者

NDIS filter driver doesn't load in windows 2008 R2

开发者 https://www.devze.com 2023-02-18 04:39 出处：网络

I\'m trying to develop an NDIS filter driver. However, I don\'t seem to be able to load it. I have the debug and testsigning boot options enabled; my driver is test-signed, and the certificate is load

I'm trying to develop an NDIS filter driver. However, I don't seem to be able to load it. I have the debug and testsigning boot options enabled; my driver is test-signed, and the certificate is loaded in the root and trustedpublisher stores.

Before I enabled testsigning, my driver would show up in ntbootlog.txt as

Did not load driver \SystemRoot\system32\DRIVERS\mydriver.sys

After I enabled testsigning, the driver doesn't show up at all. It is, however, presented in the interface proprties. The interface is broken until I disable my filter, even though my driver is currently a very minimal pass-through NDIS filter driver. When I disable my filter, everyt开发者_如何学JAVAhing works fine again.

The driver is not listed in windbg's module list, but it is listed in the "unloaded modules" list, which suggests the driver was loaded at some point. My driver produces some output during DriverEntry and DriverUnload, as well as in all mandatory NDIS hooks. None of this output shows up in windbg's !dbgprint, which suggests the driver's DriverEntry has never been called.

I'm at a loss how to debug this issue; Could anyone give me some hints as to what might be going on here?

I'm using Windows 2008 R2 DataCenter, checked build. I'm currently limited to a single machine setup.

Try to first load a simple driver that only print a trace string in DriverEntry, test sign it and load it. If you see the trace we'll try to understand what's wrong with your particular driver. If not, maybe kernel tracing is disabled for your system and your NDIS driver isn't loaded because of a problem, which you cant see of course, because system traces are disabled.

If the driver shows up in unloaded module list then it got loaded.

If you use DbgPrint make sure you read the MSDN documentation, specifically the section about filtering.

To catch the driver loading you can use sxe ld:mydriver this will allow you to set breakpoints in your driver entry. Another easy way to debug this is to put a hard-coded breakpoint in DriverEntry DbgBreakPoint()