My driver have crashed in the target pc with the error:
Access violation - code c0000005 (!!! second chance !!!)
aebae9d9 8911 mov dword ptr [ecx],edx
Since I'm debugging in kernel mode my target is now freezed. If I restarting WinDbg at the host I still end up with the target freezed.
How do I force a kill (from WinDbg) of my hung driver in the target machine. I know about .crash but it would be nice not to have to restart the computer, 开发者_运维知识库zzz...
You can force a reboot from windbg with .reboot - that is the only way from a kernel debugger to "kill" a hung driver.
Drivers are loaded into the kernel address space and run in the context of the system. They are not a separate "process" and cannot be closed independently of the kernel when they crash.
It is not possible to "kill" a driver. Depending upon what type of driver you're using you could possibly unload it (i.e. minifilter file driver) IF the driver hasn't caused an issue using the command fltmc unload FILTER_NAME from the running machine. No way of doing that via windbg that I'm aware of. It sounds like your driver has already "crashed" which means that the kernel is now in a bad state with possible data corruption. This is not recoverable, this is why a kernel driver should also be very careful with everything it does. Basically if you're in the kernel and you make a mistake your only real option is to BSOD the box.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论