bcdedit.exe -set testsigning on
WinFsp Debugging Setup
In this article I will describe the debugging setup used for WinFsp. Note that my debugging setup is somewhat peculiar, because all development and debugging is done on a Mac computer using two Windows virtual machines: one for development and one for debugging! However my description below should work for a one or two virtual machine setup.
WinFsp is being developed on Windows 10 and debugged and tested on Windows 8 (although it should run correctly on Windows Vista and higher). You will need some virtualization software (I use VirtualBox 5), you will also need a fresh installation of Windows and to configure it properly for kernel debugging and running test signed drivers:
-
Create a Windows VM with a descriptive name (e.g. Win8DBG). Mine has a single CPU and just 2GB of memory.
-
Configure your VM for Host Only Networking. This will be used for WinDbg debugging and for deploying WinFsp.
-
Install Windows 8 on Win8DBG. Windows 8 is the minimum version of Windows that supports kernel network debugging.
-
I would recommend not to install your virtualization software guest additions to minimize issues with your debugging VM.
-
Configure Win8DBG for running test signed drivers:
-
Configure Win8DBG for debugging over the network:
bcdedit /debug on bcdedit /dbgsettings net hostip:W.X.Y.Z port:NNNN key:KKKK
-
Note that if you configure your VM with multiple network adapters you must also specify the correct
busparams
argument. You can find the correctbusparams
from the Windows Device Manager. For example, here are the settings on one of my VM’s:>bcdedit /dbgsettings busparams 0.8.0 key 1.1.1.1 debugtype NET hostip 192.168.56.11 port 50000 dhcp Yes The operation completed successfully.
-
-
Enable DbgPrint on Win8DBG. Create the following key/value in the registry:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Debug Print Filter] "DEFAULT"=dword:0000000f
-
Create a directory on Win8DBG where you will be deploying WinFsp. I use a subdirectory of the Downloads directory:
C:\Users\USERNAME\Downloads\winfsp
-
Make the directory available outside the VM using Windows networking. You can use this new Windows share as an easy means to deploy WinFsp.
copy build\VStudio\build\Debug\winfsp-x64.sys \\Win8DBG\Users\USERNAME\Downloads\winfsp
-
Enable Driver Verifier for WinFsp on Win8DBG. The easiest way to do so is to run
verifier
from the command line. -
For faster edit-compile-test cycles I strongly recommend to use your virtualization software snapshot feature. For example, in my Win8DBG VM after I set it up exactly how I wanted it, I took a snapshot while the VM was running. Now whenever I want to test WinFsp, I restart that same snapshot and within 3-4 seconds I have a new VM ready for use. Even more importantly whenever there is a hard crash on the VM (happens a lot when developing Windows drivers) I can simply close the crashed VM and restart a new one.
-
On your development machine configure WinDbg to use the Microsoft public symbol servers. From the main menu select File > Symbol File Path and enter:
SRV*C:\Users\USERNAME\AppData\Local\Temp\SymbolCache*http://msdl.microsoft.com/download/symbols
-
You can now run WinDbg and from the main menu select File > Kernel Debug, then enter the appropriate port number and key. Alternatively you can use the following windbg command line:
windbg -k net:port=NNNN,key=KKKK
-
Checkout the
tools/deploy.bat
andtools/debug.bat
batch files in the source distribution to see how I deploy and debug WinFsp.
Debugging a user mode process from kernel mode WinDbg
In order to debug a user mode process from a kernel mode WinDbg session, break into the debugger and issue the following commands:
kd> !gflag +ksl kd> sxe ld MODULE-NAME.exe
Restart the debugger and it will break within process creation. You can now set a breakpoint at your process wmain (or main, etc.):
kd> bp MODULE_NAME!wmain
Restart the debugger and it will stop at your program’s entry point.