Replacing driver files in free OS with debug OS sys file RRS feed

  • Question

  • Hi All,

    As it said in one of the MSDN page, https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/preparing-for-ndis-debugging

    I am trying to replace sys file on the free OS "C: \ Windows \ System32 \ drivers" folder by using the debug version of the same driver from the same operating system version. But after replacing the driver file system is going to automatic repair. Even i disabled WFP using registry setting. Any help?

    This is the message i got in the SrtTrail.txt file:

    "Boot Critical File Ndis.sys is corrupt"


    • Edited by Selva.S Thursday, March 26, 2020 11:01 PM
    Thursday, March 26, 2020 10:46 PM

All replies

  • If your system has all the updates, it is likely that the debug version of NDIS.sys is not compatible with your updated system.   Unfortunately, Microsoft has not been good at maintaining debug versions that are actually useful.

    Don Burn Windows Driver Consulting Website: http://www.windrvr.com

    Thursday, March 26, 2020 11:59 PM
  • Hi Don,

    Thanks for your reply. It is a fresh system setup.

    I downloaded the debug version as well as free version of the same OS from MSDN subscription. Then installed the free version OS and then replaced free build of the NDIS.sys. One think i observed from the sys file present in the ISO image is both free and debug version of NDIS.sys has same size, is it correct?

    Friday, March 27, 2020 2:18 AM
  • One more thing i would like to mention. I extracted the NDIS.sys from the install.wim of the checked OS iso image and copied to the free version drivers folder. 
    Friday, March 27, 2020 2:26 AM
  • What is the best way to collect WPP tracing of NDIS.

    Both WMI tracing and WPP tracing requires TMF file for the corresponding NDIS driver.

    Where can i get the PDB or TMF file for Windows 10 OS?

    !wmitrace.searchpath c:\path\to\TMF\files !wmitrace.start ndis -kd !wmitrace.enable ndis {DD7A21E6-A651-46D4-B7C2-66543067B869} -level 4 -flag 0x31f3

    Friday, March 27, 2020 2:22 PM
  • Most of the ETW symbols are in the public PDB files, which can be fetched using the symbol server in the debugger


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Monday, March 30, 2020 7:40 PM