Windbg Remote Debugging Problem Permissions?

Bill_Olson

I have been trying to get windbg working correctly for remote debugging my driver. Both machines are running Win 10. The target x86 and the machine with windbg x64 (running windbg x86). I got communication established over the network, but when I run an app that accesses the driver, I get this in windbg. It appears there is some sort of permission problem, though the driver has permission problems too. That's probably another thread.

The machines are in a Workgroup together. I created an account on the target machine with the same name as the account on the debugging machine, but that made no difference. I've searched for this problem but I haven't found much. It probably means I'm doing something stupid.

What I see in windbg when I try to run an app that accesses the driver is pasted below. The driver fails accessing the driver. I see error messages in the DLL that calls the driver, but I'm not seeing the calls anywhere. I followed the instructions to make sure DbgPrint was enabled. Including here https://osr.com/getting-dbgprint-output-appear-windows-vista-later/

Code: 0x4aa500f7 (level=2)
Message: Token broker activated.
Details: UTC time: 05/11/2022 07:34:55 (UTC)
Logged at TokenBackground.cpp, line: 38, method: AAD::Core::TokenBackground::Run.
Code: 0x4aa5001a (level=2)
Message: Token broker operation started.
Details: Operation name: GetTokenSilently
Logged at WebAccountProcessor.cpp, line: 524, method: AAD::Core::WebAccountProcessor::CreateBrokerOperation.
Code: 0x4aa50119 (level=2)
Message: Token broker operation request parameters.
Details: Parameter(s): correlationId: 1561260a-ef7e-40af-968d-e43633e007a2
webAccountCount: 0
client: 1b3c667f-cde3-4090-b60b-3d2abd0117f0
authority: organizations
resource: https://arc.msn.com/v4
redirectUri: ms-appx-web://Microsoft.AAD.BrokerPlugin/S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723
scope: (null)
LoginHint: (null)
discoverHome: false
domain_hint: (null)
fallback_domain: (null)
certificateUsage: (null)
certificateUIName: (null)
certificateUIDescription: (null)
ExtendedLifeTimeEnabled: false
UserPictureEnabled: false
prompt: 
msafed: (null)
validateAuthority: true
minimum_token_lifetime: 0
transferTokenRequest: false

Request Param(s):

Request Properties:
resource: https://arc.msn.com/v4

Logged at GetTokenBrokerOperationBase.cpp, line: 404, method: GetTokenBrokerOperationBase::LogRequestParameters.
Code: 0x4aa5011a (level=2)
Message: Loading client from cache using webaccount.
Details: Token request accountId: (null), Resolved accountId: (null), PerUser accountId: (null)
Logged at ClientCache.cpp, line: 138, method: ClientCache::Load.
Code: 0x4aa50077 (level=2)
Message: No data for the primary user.
Details: Reason: -1073741729 (0xc000005f)
Unknown error code: 0xc000005f A specified logon session does not exist. It may already have been terminated.
Logged at DefaultUser.cpp, line: 139, method: DefaultUser::TryOpenLSAImpl.
Code: 0x4aa50082 (level=2)
Message: The local default user is loading.
Details: Logged at ClientCache.cpp, line: 441, method: ClientCache::LoadLocalAccount.
Code: 0x4aa50016 (level=2)
Message: A new client created for the default local user.
Details: Logged at ClientCache.cpp, line: 1100, method: ClientCache::CreateNewClient.

Request: authority: https://login.microsoftonline.com/common, client: 1b3c667f-cde3-4090-b60b-3d2abd0117f0, redirect URI: ms-appx-web://Microsoft.AAD.BrokerPlugin/S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723
Code: 0x4aa1003c (level=3)
Message: Verbose level message.
Details: DetermineRecoveryNeeded: isCDJ: false; isWPJ: false; Local SSO accounts: 0; isDesktopSKU: true; ErrorCode: 0xCAA10001 (unknown); IsPrimaryUser: false
Logged at AccountRecovery.cpp, line: 110, method: AccountRecovery::DetermineRecoveryNeeded.
Code: 0xcaa10001 (level=2)
Message: Need user interaction to continue.
Details: Operation name: GetTokenSilently, Error: -895418367 (0xcaa10001), Description: Need user interaction to continue.
Logged at WebAccountProcessor.cpp, line: 376, method: AAD::Core::WebAccountProcessor::ProcessOperationAsync::<lambda_3b8d1a083fc9118c6550fcc057d5207f>::operator ().
Code: 0x4aa500f7 (level=2)
Message: Token broker activated.
Details: UTC time: 05/11/2022 07:40:26 (UTC)
Logged at TokenBackground.cpp, line: 38, method: AAD::Core::TokenBackground::Run.
Code: 0x4aa5001a (level=2)
Message: Token broker operation started.
Details: Operation name: GetTokenSilently
Logged at WebAccountProcessor.cpp, line: 524, method: AAD::Core::WebAccountProcessor::CreateBrokerOperation.
Code: 0x4aa50119 (level=2)
Message: Token broker operation request parameters.
Details: Parameter(s): correlationId: c1b6d327-ac09-4b30-9005-37519cf2f871
webAccountCount: 0
client: 1b3c667f-cde3-4090-b60b-3d2abd0117f0
authority: organizations
resource: https://arc.msn.com/v4
redirectUri: ms-appx-web://Microsoft.AAD.BrokerPlugin/S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723
scope: (null)
LoginHint: (null)
discoverHome: false
domain_hint: (null)
fallback_domain: (null)
certificateUsage: (null)
certificateUIName: (null)
certificateUIDescription: (null)
ExtendedLifeTimeEnabled: false
UserPictureEnabled: false
prompt: 
msafed: (null)
validateAuthority: true
minimum_token_lifetime: 0
transferTokenRequest: false

Request Param(s):

Request Properties:
resource: https://arc.msn.com/v4

Logged at GetTokenBrokerOperationBase.cpp, line: 404, method: GetTokenBrokerOperationBase::LogRequestParameters.
Code: 0x4aa5011a (level=2)
Message: Loading client from cache using webaccount.
Details: Token request accountId: (null), Resolved accountId: (null), PerUser accountId: (null)
Logged at ClientCache.cpp, line: 138, method: ClientCache::Load.
Code: 0x4aa50077 (level=2)
Message: No data for the primary user.
Details: Reason: -1073741729 (0xc000005f)
Unknown error code: 0xc000005f A specified logon session does not exist. It may already have been terminated.
Logged at DefaultUser.cpp, line: 139, method: DefaultUser::TryOpenLSAImpl.
Code: 0x4aa50082 (level=2)
Message: The local default user is loading.
Details: Logged at ClientCache.cpp, line: 441, method: ClientCache::LoadLocalAccount.
Code: 0x4aa50016 (level=2)
Message: A new client created for the default local user.
Details: Logged at ClientCache.cpp, line: 1100, method: ClientCache::CreateNewClient.

Request: authority: https://login.microsoftonline.com/common, client: 1b3c667f-cde3-4090-b60b-3d2abd0117f0, redirect URI: ms-appx-web://Microsoft.AAD.BrokerPlugin/S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723
Code: 0x4aa1003c (level=3)
Message: Verbose level message.
Details: DetermineRecoveryNeeded: isCDJ: false; isWPJ: false; Local SSO accounts: 0; isDesktopSKU: true; ErrorCode: 0xCAA10001 (unknown); IsPrimaryUser: false
Logged at AccountRecovery.cpp, line: 110, method: AccountRecovery::DetermineRecoveryNeeded.
Code: 0xcaa10001 (level=2)
Message: Need user interaction to continue.
Details: Operation name: GetTokenSilently, Error: -895418367 (0xcaa10001), Description: Need user interaction to continue.
Logged at WebAccountProcessor.cpp, line: 376, method: AAD::Core::WebAccountProcessor::ProcessOperationAsync::<lambda_3b8d1a083fc9118c6550fcc057d5207f>::operator ().

Bill_Olson

It looks like this got approved. I changed the way the report was coded and it said it was flagged for review. Anyway, I figured out this problem.

Initially when I installed the driver, it said it installed correctly, but when I went back to the Device Manager, Windows had deactivated it. Looking further I hadn't written the driver correctly for a non-PnP driver. Once I got the non-PnP functions set up correctly, the driver loaded and worked, though I am having another problem that I will address in another post.