DriverUnload not called on Windows restart/shutdown
https://stackoverflow.com/questions/11451443
-
20-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm debugging a driver with WinDbg. In the DriverUnload function, there's a call to KdBreakPoint().
When I disable the device from device manager, WinDbg breaks into the DriverUnload function.
But when I shutdown or restart Windows (through Start > Shutdown), the debugger doesn't break.
So the question is: why does windows not call the DriverUnload function at restart or shutdown?
(BTW: I have already added breakpoints to the PNP dispatch function to catch IRP_MN_QUERY_REMOVE_DEVICE / IRP_MN_REMOVE_DEVICE / IRP_MN_QUERY_STOP_DEVICE / IRP_MN_STOP_DEVICE, the result is the same)
Solution
Ah, the solution is "easy". It's not being called at all. I had to look it up, though.
The Windows 2000 Device Driver Book: A Guide for Programmers states:
A driver's Unload routine is not called at system shutdown time.
Also see this thread.
If you have a WDM driver use DispatchShutdown (IRP_MJ_SHUTDOWN).
Also check out the WDK (7600) documentation on "shutdown dispatch routines [WDK kernel]" and "shutdown power management [WDK kernel]".
