Geek Answers Handbook

Can I unload the kernel driver without rebooting?

I play with one example kernel driver in Win7 DDK. I can change the compilation and create a * .sys file. I can install it too using INF (using device manager or devcon) or directly using service control manager. When I make the following change and create an updated * .sys file, I seem to create a conflict between this new file and my stopped driver (I tried to use the Servcie Control Manager "stop" and "delete service", etc.). If I reboot, I can install the new driver and run it in order. Similarly, if I delete the deletion in the device manager, Windows will prompt me to restart.

So, how easy is it to easily test incremental modifications for a kernel driver? thanks

+7
source share
4 answers

Viewing the installation API logs can be a good start: http://msdn.microsoft.com/en-us/library/ff550887%28v=VS.85%29.aspx

If devcon asks for a reboot, you can look at the code in the DDK, debug why it requests and digs out the problem as well.

+4
source

Yes. sc stop <driver name> should stop your driver. If your driver is associated with a specific PnP devnode, it should be unloaded after uninstalling devnode.

+3
source

If you want to unload your driver, you need to configure a function that basically executes every time the driver is unloaded - most likely you will put code that frees the allocated buffers and any other resource that may be alive during the life cycle drivers. Here is a sample code:

 VOID Unload(IN PDRIVER_OBJECT pDriverObject) { //do whatever you like here //this deletes the device IoDeleteDevice( pDriverObject->DeviceObject); return; } NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING regPath) { //initialize your driver and the major function array //set the unload function pDriverObject->DriverUnload = &Unload; }
+3
source

Try compiling, signing, and downloading this code:

 #include <ntddk.h> VOID OnUnload( IN PDRIVER_OBJECT driverObjectA ) { DbgPrint("Unload\n"); } NTSTATUS DriverEntry( PDRIVER_OBJECT driverObjectA, PUNICODE_STRING RegistryPath ){ DbgPrint("DriverEntry\n"); driverObjectA->DriverUnload = OnUnload; return STATUS_SUCCESS; }

Then load DebugView , unzip it, run it as an administrator, and then “Capture Kernel” in the “Capture” menu item. Download, unzip and run the OSR driver loader , register the driver, "Start Service". You will see the "DriverEntry" log message in DbgView. Now in the OSR driver loader, "Stop the service" and watch the message "Unload". Hope this helps you.

+1
source

More articles:


All Articles