Search code examples
filefilterdriversystemminifilter

debugging minifilters

I have been writing and debugging a minifilter on Windows 7 using the IFS Kit for some time now. it finally works, but as I require to add further functionality, I will spend some more days playing with it

what I'm worried about is debugging. until now I have simply built the driver, installed it on a virtual box and tested it by verifying dbg_print statements. I have been using this simple and error prone approach, as I could not find anything about how to debug minifilters more structured and programmatically.

are there any best practice methods to debug minifilters or filters? can visualDDK be used to add (remote) debugging functionality to visual studio for minifilters?

greetings, curiosity

Solution

  • Visual Studio does not support debugging in kernel mode. You can use kd or WinDbg, which are both part of the Debugger package included in Windows DDK. This will get you started with debugging:

    • Configure kernel debugger on VM and attach WinDbg. Instructions are here: http://ndis.com/ndis-debugging/virtual/vmwaresetup.htm.
    • Build your binaries in debug mode (or in release with full symbols).
    • Once WinDbg connected, fix up symbols, and source path. Make sure you added location of symbols of your new driver to the symbol path.
    • Now you can debug similar how you use VS for user mode apps.