开发者

Is it possible to unload a kernel driver without a reboot?

I'm playing about with one of the kernel driver examples in the Win7 DDK. I can modify compile and build my *.sys file. I can install it too with its INF (using device manager or devcon) or using the Service control manager directly. When I make the next change though and generate an updated *.sys file I seem to get a conflict between this new file and my now stopped driver (I've tried using Servcie Control Manager 'stop' and 'delete service' etc). If I reboot, I can install the new driver and run it fine. Similarly, if I choose unins开发者_StackOverflowtall in Device Manager, Windows prompts me to reboot.

So, how can one easily test incremental modifications to a kernal driver easily? Thanks


Looking at the Setup API logs might be a good place to start: http://msdn.microsoft.com/en-us/library/ff550887%28v=VS.85%29.aspx

If devcon prompts for a reboot, you could look at the code in the DDK, debug why it's asking and dig into the issue that way as well.


Yes. sc stop <driver name> should stop your driver. If your driver is associated with a particular PnP devnode, it should be unloaded after the devnode is removed.


If you want to be able to unload your driver you have to set up a function which basically executes each time the driver is unloaded - most likely you will put code which frees allocated buffers and any other resource which might be "alive" during the lifecycle of the of the driver. Here is an example code:

VOID  Unload(IN  PDRIVER_OBJECT  pDriverObject) { 
                 //do whatever you like here
                //this deletes the device
        IoDeleteDevice( pDriverObject->DeviceObject);


    return;
}

NTSTATUS  DriverEntry(IN  PDRIVER_OBJECT  pDriverObject,  IN  PUNICODE_STRING  regPath) { 


    //initialize your driver and the major function array 

//set the unload function 
    pDriverObject->DriverUnload  =  &Unload; 
}


Try compiling, signing, and loading this code:

#include <ntddk.h>     
VOID OnUnload( IN PDRIVER_OBJECT driverObjectA ) {
    DbgPrint("Unload\n");
}
NTSTATUS DriverEntry( PDRIVER_OBJECT driverObjectA, PUNICODE_STRING RegistryPath ){
    DbgPrint("DriverEntry\n"); 
    driverObjectA->DriverUnload = OnUnload;
return STATUS_SUCCESS;
}  

Then download DebugView, unzip it, run it as administrator, and then "Capture Kernel" under the "Capture" menu item. Download, unzip, and run the OSR Driver Loader, register the driver, the "Start Service". You will observe a "DriverEntry" log message in DbgView. Now in the the OSR Driver loader, "Stop Service" and observe an Unload message. Hopefully that gets you going.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜