'Debugging a driver with WinDbg - How set a breakpoint at DriverEntry?
I have a driver which is, for some unknown reasons causing a bugcheck 0x0000003b.
So I decided to set up a Hyper-V VM and use kernel debugging to see what exactly is going on. I already enable testing signing with bcdedit, and checked that the driver is indeed loaded and running with sc query. The problem is that I want WinDbg to step in ONLY when the offending driver is being called and not when the windows debugee is booting, how can I do that? How do I instruct windbg to pause at the DriverEntry function of my driver?
Solution 1:[1]
You can add a breakpoint at DriverEntry using command 'bm DriverName!DriverEntry'.
Solution 2:[2]
In addition to the existing answer, it should be pointed out that if you don't have symbols for your driver, you won't be able to use the module!DriverEntry notation to break on DriverEntry.
Instead you can use:
sxe ld module
(source)
To break when module gets loaded. As usual you can leave out the .sys extension and only use the base name.
(Side-note: this doesn't seem to work for UM modules, such as DLLs being loaded.)
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Michael Kim |
| Solution 2 | 0xC0000022L |