Is it possible to unload a kernel driver without a reboot?
I'm playing about with one of the kernel driver examples in the Win7 DDK. I can modify compile and build my *.sys file. I can install it too with its INF (using device manager or devcon) or using the Service control manager directly. When I make the next change though and generate an updated *.sys file I seem to get a conflict between this new file and my now stopped driver (I've tried using Servcie Control Manager 'stop' and 'delete service' etc). If I reboot, I can install the new driver and run it fine. Similarly, if I choose unins开发者_StackOverflowtall in Device Manager, Windows prompts me to reboot.
So, how can one easily test incremental modifications to a kernal driver easily? Thanks
Looking at the Setup API logs might be a good place to start: http://msdn.microsoft.com/en-us/library/ff550887%28v=VS.85%29.aspx
If devcon prompts for a reboot, you could look at the code in the DDK, debug why it's asking and dig into the issue that way as well.
Yes. sc stop <driver name>
should stop your driver. If your driver is associated with a particular PnP devnode, it should be unloaded after the devnode is removed.
If you want to be able to unload your driver you have to set up a function which basically executes each time the driver is unloaded - most likely you will put code which frees allocated buffers and any other resource which might be "alive" during the lifecycle of the of the driver. Here is an example code:
VOID Unload(IN PDRIVER_OBJECT pDriverObject) {
//do whatever you like here
//this deletes the device
IoDeleteDevice( pDriverObject->DeviceObject);
return;
}
NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING regPath) {
//initialize your driver and the major function array
//set the unload function
pDriverObject->DriverUnload = &Unload;
}
Try compiling, signing, and loading this code:
#include <ntddk.h>
VOID OnUnload( IN PDRIVER_OBJECT driverObjectA ) {
DbgPrint("Unload\n");
}
NTSTATUS DriverEntry( PDRIVER_OBJECT driverObjectA, PUNICODE_STRING RegistryPath ){
DbgPrint("DriverEntry\n");
driverObjectA->DriverUnload = OnUnload;
return STATUS_SUCCESS;
}
Then download DebugView, unzip it, run it as administrator, and then "Capture Kernel" under the "Capture" menu item. Download, unzip, and run the OSR Driver Loader, register the driver, the "Start Service". You will observe a "DriverEntry" log message in DbgView. Now in the the OSR Driver loader, "Stop Service" and observe an Unload message. Hopefully that gets you going.
精彩评论