Deploy new driver builds to debuggee machine
When we debug kernel drivers through a 1394 or COM cable using windbg, we can use .kdfiles command to transfer new driver build to the debuggee machine from the debugger machine or a share foler at any place accessable. The steps are as below.
1, Create a driver replacement map file. This is a text file that lists the drivers on the target computer and their replacement drivers on the host computer. Any number of drivers can be replaced. For example, you might create a file named mymap.ini in the d:\Map_Files directory of your host computer which reads as follows:
map
\Systemroot\system32\drivers\videoprt.sys
\\myserver\myshare\new_drivers\videoprt.sys
2, Load the driver replacement map file. This can be done in one of two ways.
You can set the _NT_KD_FILES environment variable before starting the kernel debugger:
D:\Debugging Tools for Windows> set _NT_KD_FILES=d:\Map_Files\mymap.ini
D:\Debugging Tools for Windows> kd
Or you can use the .kdfiles (Set Driver Replacement Map) command after starting the kernel debugger:
D:\Debugging Tools for Windows> kd
kd> .kdfiles d:\Map_Files\mymap.ini
KD file associations loaded from 'd:\Map_Files\mymap.ini'
The .kdfiles command can also be used to display the current driver replacement map file, or to delete the driver replacement map. If this command is not used, the map persists until you exit the debugger.
3, Reload your dirvers. If you don't have a way, such as an application, to dynamically install and uninstall your driver, you can issue a .reboot command to restart the debuggee. In the reboot process, the file map made by step 1 and 2 is kept. You can check this by issue a .kdfiles command without parameter. An sample output is like below.
0: kd> .kdfiles
KD file assocations loaded from 'c:\dbg\maps\antitft.ini'
\Systemroot\system32\drivers\adsight.sys -> c:\work\icafe\antitft\objchk_wxp_x86\adsight.sys
When the debuggee reboot, you can see a message when the debug engine sends the file to debuggee and it's loaded in Command Ouput window.
KD: Accessing 'c:\work\icafe\antitft\objchk_wxp_x86\i386\adsight.sys' (\SystemRoot\System32\DRIVERS\adsight.sys)
File size 15K.....
MmLoadSystemImage: Pulled \SystemRoot\System32\DRIVERS\adsight.sys from kd
'ADSIGHT-v0.7> DriverEntry
'ADSIGHT-v0.7> Hello signal is sent to hardware through GPIO port 695 at bit 5