.kdiles provides the ability to automatically update a driver on the target with a new file from the host each time the driver loads.  All you need to do is use the .kdfiles command to provide WinDbg with a “replacement map”, indicating which drivers on the target should be replaced by files from the host. The target OS and WinDbg will then do the work to copy the updated driver over the kernel debug connection on each driver load.

To use a driver replacement map to replace driver files, do the following:

  • Create a driver replacement map file. This file is a text file that lists the drivers on the target computer and their replacement drivers on the host computer. You can replace any number of drivers. For example, you might create a file that is named driver_map.ini in the C:\Map_Files directory of your host computer that contains the following information.
    map
    \Systemroot\system32\drivers\videoprt.sys
    \\myserver\myshare\new_drivers\videoprt.sys
  • Load the driver replacement map file by doing one of the following:
    Set the _NT_KD_FILES environment variable before you start the kernel debugger.  
    set _NT_KD_FILES=d:\Map_Files\driver_map.iniUse the .kdfiles (Set Driver Replacement Map) command after you start the kernel debugger. 
    .kdfiles d:\Map_Files\driver_map.ini
    .kdfiles command display the current driver replacement map file or to delete the driver replacement map. If you do not use this command, the map persists until you exit the debugger.

 

Driver Replacement Map File Format
Each driver file replacement is indicated by three lines in the driver replacement map file.

  • The first line consists of the word “map“.
  • The second line specifies the path and file name of the old driver on the target computer.
  • The third line specifies the full path of the new driver. This driver can be located on the host computer or on some other server.

You can repeat this pattern of information any number of times. Paths and file names are case insensitive, and the actual driver file names can be different. The file specified on the third line is copied over the file specified on the second line when the target computer is about to load that driver.

The following example shows a driver replacement map file.
map
\Systemroot\system32\drivers\videoprt.sys
e:\MyNewDriver\binaries\videoprt.sys
map
\Systemroot\system32\mydriver.sys
\\myserver\myshare\new_drivers\mydriver0031.sys

# Here is a comment
map
\??\c:\windows\system32\beep.sys
\\myserver\myshare\new_drivers\new_beep.sys