Jump to content
Tuts 4 You

bldbgexts 1.053

Sign in to follow this  

Teddy Rogers

About This File

Driver replacement mappings are very useful during development process of kernel mode drivers when drivers files need to be replaced often. It saves a lot of time since you don't need to copy binaries manually across the network. This method can be used for any kernel mode driver/module.

Driver replacement entry consists of driver path and file name on target system (the one that will be replaced) and driver path and file name on host system (e.g. location where your build system creates drivers' binaries). Each time your driver is about to be loaded it will be first uploaded from host. So basically to replace driver with its new version you just need to restart it on your target system.

!kdfiles extends standard version of WinDBG/KD .kdfiles command that is used to define driver mappings.
!kdfiles extension has some additional features comparing to built-in command:

  • Mappings are automatically saved and all the settings persist thru WinDBG/KD restarts. There is also no need for manual creation or loading INI files.
  • Any mapping can be enabled, disabled or removed at any time without changing INI file.
  • Each time !kdfiles is executed it updates information about CPU architecture for every file on the mapping list and it disables those mappings which are not matching current CPU architecture on the target system.
  • Several UI improvements make some tasks faster and easier to perform.

Syntax

!kdfiles map_file
!kdfiles -a [old_driver]
!kdfiles -m old_driver new_driver
!kdfiles -i [options]
!kdfiles -s save_file
!kdfiles -e map_id
!kdfiles -d map_id
!kdfiles -c map_id
!kdfiles -?

Parameters

map_file

Defines driver replacement map file (it uses the same format as INI files for .kdfiles command).

-a

Adds driver replacement entry to the current list. Option causes open dialog box to be displayed to specify new driver file.

-m

Adds driver replacement entry to the current list (same as -m option from .kdfiles).

old_driver

Defines driver path and file name that will be replaced on target system.

new_driver

Defines new driver path and file name on host system. new_driver binary will replace old_driver binary when it will be loaded by a target system.

-i

Switches to ignore machine architecture mode.

options

off - Turns off ignore machine architecture mode.

-s

Saves all mappings to a specified file.

save_file

Defines path and file name of the file where mappings will be saved.

-e

Enables specified mapping.

-d

Disables specified mapping.

-c

Removes specified mapping.

map_id

Defines identifier number of a given mapping.

-?

Displays help.

Comments

Running !kdfiles without any arguments displays the current list of mappings:

[\systemroot\system32\drivers\dynambus.sys]
0 d [X64] c:\winddk\7600.16385.1\src\general\toaster\kmdf\bus\dynamic\objchk_win7_amd64\amd64\dynambus.sys
1 d [IA32] c:\winddk\7600.16385.1\src\general\toaster\kmdf\bus\dynamic\objchk_win7_x86\i386\dynambus.sys
2 i [IA32] c:\winddk\7600.16385.1\src\general\toaster\kmdf\bus\dynamic\objchk_wxp_x86\i386\dynambus.sys
3 d [X64] c:\winddk\7600.16385.1\src\general\toaster\kmdf\bus\dynamic\objfre_win7_amd64\amd64\dynambus.sys
4 d [X64] c:\winddk\7600.16385.1\src\general\toaster\wdm\bus\objfre_win7_amd64\amd64\busenum.sys
5 e [X64] c:\winddk\7600.16385.1\src\general\toaster\wdm\bus\objchk_win7_amd64\amd64\busenum.sys

[\systemroot\system32\drivers\nonpnp.sys]
6 d [X64] c:\winddk\7600.16385.1\src\general\ioctl\kmdf\sys\objchk_win7_amd64\amd64\nonpnp.sys
7 d [X64] c:\winddk\7600.16385.1\src\general\ioctl\kmdf\sys\objfre_win7_amd64\amd64\nonpnp.sys

[\systemroot\system32\drivers\osrusbfx2.sys]
8 d [X64] c:\winddk\7600.16385.1\src\usb\osrusbfx2\kmdf\sys\step1\objchk_win7_amd64\amd64\osrusbfx2.sys
9 d [X64] c:\winddk\7600.16385.1\src\usb\osrusbfx2\kmdf\sys\step2\objchk_win7_amd64\amd64\osrusbfx2.sys

[\systemroot\system32\drivers\pcidrv.sys]
10 d [invalid] c:\winddk\7600.16385.1\src\general\pcidrv\wdm\hw\objchk_win7_x86\i386\pcidrv.sys
11 i [invalid] c:\winddk\3790.1830\src\general\pcidrv\wdm\hw\objchk_win7_x86\i386\pcidrv_32bit.sys
12 d [invalid] c:\winddk\7600.16385.1\src\general\pcidrv\kmdf\hw\objchk_win7_amd64\amd64\pcidrv.sys
13 d [X64] c:\winddk\7600.16385.1\src\general\pcidrv\kmdf\hw\objfre_win7_amd64\amd64\pcidrv.sys
14 d [IA32] c:\winddk\7600.16385.1\src\general\pcidrv\wdm\hw\objchk_wxp_x86\i386\xp_pci_drv_free.sys
15 i [IA32] c:\winddk\7600.16385.1\src\general\pcidrv\wdm\hw\objchk_win7_x86\i386\win7_pci_32_free.sys
16 e [X64] c:\winddk\7600.16385.1\src\general\pcidrv\kmdf\hw\objchk_win7_amd64\amd64\win7_x64_chk_pcidrv.sys

Mappings are grouped by old drivers. Each old driver can have one or more new drivers on its group, however only one new driver in a given group may be enabled.
All active UI elements are displayed with blue underlined font. By clicking on old driver name standard open dialog box will pop up where you can select new driver to be added (it's equivalent to executing !kdfiles -a old_driver). New entry will automatically become enabled unless new driver's binary is incorrect/invalid (e.g. file is courrupted or CPU architecture of a file is not matching CPU architecture of a target system).

System requirements

!kdfiles has been tested with version 6.12.2.633 of WinDBG and KD. Note that DML elements of !kdfiles output will not work under KD. Target system has to run Windows XP or newer version of Windows (driver mappings are not supported on older systems).
Currently only x86 and x64 host systems are supported. Please contact me if you need IA-64 build.

Installation and configuration

Simply copy bldbgexts.dll from zip file to a destination of your choice. To load the extension run following command in WinDBG/KD: .load path\bldbgexts.dll. You may also want to save your workspace so next time extension will be loaded automatically.
You can use _NT_DEBUGGER_EXTENSION_PATH environment variable to define path that the debugger will search first for extensions DLL files.

Uninstallation

Once the extension is loaded you can unload it with the .unload path\bldbgexts.dll command. Alternatively close your debugger and delete bldbgexts.dll file.


What's New in Version 1.053   See changelog

Released

No changelog available for this version.




User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...