!kdfiles v1.0

!kdfiles is part of bldbgexts library - download version 1.053 (see licence)

What are driver mappings
Driver replacement mappings are very useful during development process of kernel mode drivers when drivers files need to be replaced often. It saves a lot of time since you don't need to copy binaries manually across the network. This method can be used for any kernel mode driver/module.

Driver replacement entry consists of driver path and file name on target system (the one that will be replaced) and driver path and file name on host system (e.g. location where your build system creates drivers' binaries). Each time your driver is about to be loaded it will be first uploaded from host. So basically to replace driver with its new version you just need to restart it on your target system.

!kdfiles extends standard version of WinDBG/KD .kdfiles command that is used to define driver mappings.
!kdfiles extension has some additional features comparing to built-in command:


!kdfiles map_file
!kdfiles -a [old_driver]
!kdfiles -m old_driver new_driver
!kdfiles -i [options]
!kdfiles -s save_file
!kdfiles -e map_id
!kdfiles -d map_id
!kdfiles -c map_id
!kdfiles -?


Defines driver replacement map file (it uses the same format as INI files for .kdfiles command).
Adds driver replacement entry to the current list. Option causes open dialog box to be displayed to specify new driver file.
Adds driver replacement entry to the current list (same as -m option from .kdfiles).
Defines driver path and file name that will be replaced on target system.
Defines new driver path and file name on host system. new_driver binary will replace old_driver binary when it will be loaded by a target system.
Switches to ignore machine architecture mode.
off - Turns off ignore machine architecture mode.
Saves all mappings to a specified file.
Defines path and file name of the file where mappings will be saved.
Enables specified mapping.
Disables specified mapping.
Removes specified mapping.
Defines identifier number of a given mapping.
Displays help.

Running !kdfiles without any arguments displays the current list of mappings:

0 d [X64] c:\winddk\7600.16385.1\src\general\toaster\kmdf\bus\dynamic\objchk_win7_amd64\amd64\dynambus.sys
1 d [IA32] c:\winddk\7600.16385.1\src\general\toaster\kmdf\bus\dynamic\objchk_win7_x86\i386\dynambus.sys
2 i [IA32] c:\winddk\7600.16385.1\src\general\toaster\kmdf\bus\dynamic\objchk_wxp_x86\i386\dynambus.sys
3 d [X64] c:\winddk\7600.16385.1\src\general\toaster\kmdf\bus\dynamic\objfre_win7_amd64\amd64\dynambus.sys
4 d [X64] c:\winddk\7600.16385.1\src\general\toaster\wdm\bus\objfre_win7_amd64\amd64\busenum.sys
5 e [X64] c:\winddk\7600.16385.1\src\general\toaster\wdm\bus\objchk_win7_amd64\amd64\busenum.sys

6 d [X64] c:\winddk\7600.16385.1\src\general\ioctl\kmdf\sys\objchk_win7_amd64\amd64\nonpnp.sys
7 d [X64] c:\winddk\7600.16385.1\src\general\ioctl\kmdf\sys\objfre_win7_amd64\amd64\nonpnp.sys

8 d [X64] c:\winddk\7600.16385.1\src\usb\osrusbfx2\kmdf\sys\step1\objchk_win7_amd64\amd64\osrusbfx2.sys
9 d [X64] c:\winddk\7600.16385.1\src\usb\osrusbfx2\kmdf\sys\step2\objchk_win7_amd64\amd64\osrusbfx2.sys

10 d [invalid] c:\winddk\7600.16385.1\src\general\pcidrv\wdm\hw\objchk_win7_x86\i386\pcidrv.sys
11 i [invalid] c:\winddk\3790.1830\src\general\pcidrv\wdm\hw\objchk_win7_x86\i386\pcidrv_32bit.sys
12 d [invalid] c:\winddk\7600.16385.1\src\general\pcidrv\kmdf\hw\objchk_win7_amd64\amd64\pcidrv.sys
13 d [X64] c:\winddk\7600.16385.1\src\general\pcidrv\kmdf\hw\objfre_win7_amd64\amd64\pcidrv.sys
14 d [IA32] c:\winddk\7600.16385.1\src\general\pcidrv\wdm\hw\objchk_wxp_x86\i386\xp_pci_drv_free.sys
15 i [IA32] c:\winddk\7600.16385.1\src\general\pcidrv\wdm\hw\objchk_win7_x86\i386\win7_pci_32_free.sys
16 e [X64] c:\winddk\7600.16385.1\src\general\pcidrv\kmdf\hw\objchk_win7_amd64\amd64\win7_x64_chk_pcidrv.sys

Mappings are grouped by old drivers. Each old driver can have one or more new drivers on its group, however only one new driver in a given group may be enabled.
All active UI elements are displayed with blue underlined font. By clicking on old driver name standard open dialog box will pop up where you can select new driver to be added (it's equivalent to executing !kdfiles -a old_driver). New entry will automatically become enabled unless new driver's binary is incorrect/invalid (e.g. file is courrupted or CPU architecture of a file is not matching CPU architecture of a target system).

System requirements
!kdfiles has been tested with version of WinDBG and KD. Note that DML elements of !kdfiles output will not work under KD. Target system has to run Windows XP or newer version of Windows (driver mappings are not supported on older systems).
Currently only x86 and x64 host systems are supported. Please contact me if you need IA-64 build.

Installation and configuration
Simply copy bldbgexts.dll from zip file to a destination of your choice. To load the extension run following command in WinDBG/KD: .load path\bldbgexts.dll. You may also want to save your workspace so next time extension will be loaded automatically.
You can use _NT_DEBUGGER_EXTENSION_PATH environment variable to define path that the debugger will search first for extensions DLL files.

Once the extension is loaded you can unload it with the .unload path\bldbgexts.dll command. Alternatively close your debugger and delete bldbgexts.dll file.