WinPmem icon indicating copy to clipboard operation
WinPmem copied to clipboard
verified publisher icon Velocidex

The compiled version cannot be used normally

Open womeikkk opened this issue 3 months ago • 9 comments

My environment: VS2022 WDK version: Win10.0.26100.4202

Configuration type: Driver Widnwossdk version: 10.0.261000.0 Platform working set: WindowsKernelModeDriver10.0 Language standard: ISO++14 standard

The compiled program doesn't communicate properly with other programs. Is there any environment requirement? Could you please tell me your environment version?

womeikkk avatar Sep 22 '25 08:09 womeikkk

If you want to use the compiled version you need to switch the system into test signing mode as described here

https://github.com/Velocidex/WinPmem/releases/tag/v4.1.dev1

scudette avatar Sep 22 '25 09:09 scudette

I have set the test signature mode. The sys compiled by myself cannot be used, but the x64_test.sys in the source code can be used. So I want to ask what is the VS environment for your packaged compilation?

womeikkk avatar Sep 22 '25 10:09 womeikkk

Not sure since I don't use visual studio.

Normally we just run msbuild in the top level. You can get that with the wdk download.

I think you also need to sign it with a test cert in order to get it loaded too

scudette avatar Sep 22 '25 11:09 scudette

I use the sys generated by vs and it will automatically load a test signature certificate for me, which can be used normally. Can you tell me the vs version and wdk version number you are using?

womeikkk avatar Sep 22 '25 11:09 womeikkk

Could you please give me your wdk version number and msbuild command?

womeikkk avatar Sep 22 '25 12:09 womeikkk

I havent done this in a long time but last time I did, I just downloaded https://learn.microsoft.com/en-us/legal/windows/hardware/enterprise-wdk-license-2022 and went from there.

Are you not able to build the project? you mentioned you did get a .sys file - this is all you need.

Is there an issue with loading the sys file?

scudette avatar Sep 22 '25 14:09 scudette

Yes, there is a problem. The one I compiled myself cannot interact, but the winpmem_x64_test.sys generated by your project can be used. I am very distressed and don't know what is going on.

womeikkk avatar Sep 23 '25 01:09 womeikkk

You need to first check the event logs to see if the driver is properly loaded, then use windbgview to see the kernel log messages as the driver is initialized.

Once it is all looking good, you can check that the device handle is properly opened in the user space code and it should be able to communicate with the driver.

scudette avatar Sep 23 '25 05:09 scudette

ok thank you so much I came down to take a look

womeikkk avatar Sep 23 '25 05:09 womeikkk

I also encountered the same problem.

Leosh1rley avatar Nov 07 '25 09:11 Leosh1rley

I also encountered the same problem.

sfy172 avatar Nov 21 '25 15:11 sfy172

I also encountered the same problem. It's been solved. It's very simple; just use the older version of the driver.

womeikkk avatar Nov 22 '25 01:11 womeikkk

I also encountered the same problem.

It's been solved. It's very simple; just use the older version of the driver.

womeikkk avatar Nov 22 '25 01:11 womeikkk

我也遇到了同样的问题。

问题已解决。很简单,只需使用旧版本的驱动程序即可。

你好,我想请问一下,您说的使用旧版本的驱动程序是指的什么驱动程序呢?是VS吗?还是指的什么?我也遇到了同样的问题

shanxiangyu32-svg avatar Nov 25 '25 19:11 shanxiangyu32-svg