Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Windbg Remote Debugging Problem Permissions?

Bill_OlsonBill_Olson Member Posts: 77

I have been trying to get windbg working correctly for remote debugging my driver. Both machines are running Win 10. The target x86 and the machine with windbg x64 (running windbg x86). I got communication established over the network, but when I run an app that accesses the driver, I get this in windbg. It appears there is some sort of permission problem, though the driver has permission problems too. That's probably another thread.

The machines are in a Workgroup together. I created an account on the target machine with the same name as the account on the debugging machine, but that made no difference. I've searched for this problem but I haven't found much. It probably means I'm doing something stupid.

What I see in windbg when I try to run an app that accesses the driver is pasted below. The driver fails accessing the driver. I see error messages in the DLL that calls the driver, but I'm not seeing the calls anywhere. I followed the instructions to make sure DbgPrint was enabled. Including here https://osr.com/getting-dbgprint-output-appear-windows-vista-later/

Code: 0x4aa500f7 (level=2)
Message: Token broker activated.
Details: UTC time: 05/11/2022 07:34:55 (UTC)
Logged at TokenBackground.cpp, line: 38, method: AAD::Core::TokenBackground::Run.
Code: 0x4aa5001a (level=2)
Message: Token broker operation started.
Details: Operation name: GetTokenSilently
Logged at WebAccountProcessor.cpp, line: 524, method: AAD::Core::WebAccountProcessor::CreateBrokerOperation.
Code: 0x4aa50119 (level=2)
Message: Token broker operation request parameters.
Details: Parameter(s): correlationId: 1561260a-ef7e-40af-968d-e43633e007a2
webAccountCount: 0
client: 1b3c667f-cde3-4090-b60b-3d2abd0117f0
authority: organizations
resource: https://arc.msn.com/v4
redirectUri: ms-appx-web://Microsoft.AAD.BrokerPlugin/S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723
scope: (null)
LoginHint: (null)
discoverHome: false
domain_hint: (null)
fallback_domain: (null)
certificateUsage: (null)
certificateUIName: (null)
certificateUIDescription: (null)
ExtendedLifeTimeEnabled: false
UserPictureEnabled: false
prompt: 
msafed: (null)
validateAuthority: true
minimum_token_lifetime: 0
transferTokenRequest: false

Request Param(s):

Request Properties:
resource: https://arc.msn.com/v4

Logged at GetTokenBrokerOperationBase.cpp, line: 404, method: GetTokenBrokerOperationBase::LogRequestParameters.
Code: 0x4aa5011a (level=2)
Message: Loading client from cache using webaccount.
Details: Token request accountId: (null), Resolved accountId: (null), PerUser accountId: (null)
Logged at ClientCache.cpp, line: 138, method: ClientCache::Load.
Code: 0x4aa50077 (level=2)
Message: No data for the primary user.
Details: Reason: -1073741729 (0xc000005f)
Unknown error code: 0xc000005f A specified logon session does not exist. It may already have been terminated.
Logged at DefaultUser.cpp, line: 139, method: DefaultUser::TryOpenLSAImpl.
Code: 0x4aa50082 (level=2)
Message: The local default user is loading.
Details: Logged at ClientCache.cpp, line: 441, method: ClientCache::LoadLocalAccount.
Code: 0x4aa50016 (level=2)
Message: A new client created for the default local user.
Details: Logged at ClientCache.cpp, line: 1100, method: ClientCache::CreateNewClient.

Request: authority: https://login.microsoftonline.com/common, client: 1b3c667f-cde3-4090-b60b-3d2abd0117f0, redirect URI: ms-appx-web://Microsoft.AAD.BrokerPlugin/S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723
Code: 0x4aa1003c (level=3)
Message: Verbose level message.
Details: DetermineRecoveryNeeded: isCDJ: false; isWPJ: false; Local SSO accounts: 0; isDesktopSKU: true; ErrorCode: 0xCAA10001 (unknown); IsPrimaryUser: false
Logged at AccountRecovery.cpp, line: 110, method: AccountRecovery::DetermineRecoveryNeeded.
Code: 0xcaa10001 (level=2)
Message: Need user interaction to continue.
Details: Operation name: GetTokenSilently, Error: -895418367 (0xcaa10001), Description: Need user interaction to continue.
Logged at WebAccountProcessor.cpp, line: 376, method: AAD::Core::WebAccountProcessor::ProcessOperationAsync::<lambda_3b8d1a083fc9118c6550fcc057d5207f>::operator ().
Code: 0x4aa500f7 (level=2)
Message: Token broker activated.
Details: UTC time: 05/11/2022 07:40:26 (UTC)
Logged at TokenBackground.cpp, line: 38, method: AAD::Core::TokenBackground::Run.
Code: 0x4aa5001a (level=2)
Message: Token broker operation started.
Details: Operation name: GetTokenSilently
Logged at WebAccountProcessor.cpp, line: 524, method: AAD::Core::WebAccountProcessor::CreateBrokerOperation.
Code: 0x4aa50119 (level=2)
Message: Token broker operation request parameters.
Details: Parameter(s): correlationId: c1b6d327-ac09-4b30-9005-37519cf2f871
webAccountCount: 0
client: 1b3c667f-cde3-4090-b60b-3d2abd0117f0
authority: organizations
resource: https://arc.msn.com/v4
redirectUri: ms-appx-web://Microsoft.AAD.BrokerPlugin/S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723
scope: (null)
LoginHint: (null)
discoverHome: false
domain_hint: (null)
fallback_domain: (null)
certificateUsage: (null)
certificateUIName: (null)
certificateUIDescription: (null)
ExtendedLifeTimeEnabled: false
UserPictureEnabled: false
prompt: 
msafed: (null)
validateAuthority: true
minimum_token_lifetime: 0
transferTokenRequest: false

Request Param(s):

Request Properties:
resource: https://arc.msn.com/v4

Logged at GetTokenBrokerOperationBase.cpp, line: 404, method: GetTokenBrokerOperationBase::LogRequestParameters.
Code: 0x4aa5011a (level=2)
Message: Loading client from cache using webaccount.
Details: Token request accountId: (null), Resolved accountId: (null), PerUser accountId: (null)
Logged at ClientCache.cpp, line: 138, method: ClientCache::Load.
Code: 0x4aa50077 (level=2)
Message: No data for the primary user.
Details: Reason: -1073741729 (0xc000005f)
Unknown error code: 0xc000005f A specified logon session does not exist. It may already have been terminated.
Logged at DefaultUser.cpp, line: 139, method: DefaultUser::TryOpenLSAImpl.
Code: 0x4aa50082 (level=2)
Message: The local default user is loading.
Details: Logged at ClientCache.cpp, line: 441, method: ClientCache::LoadLocalAccount.
Code: 0x4aa50016 (level=2)
Message: A new client created for the default local user.
Details: Logged at ClientCache.cpp, line: 1100, method: ClientCache::CreateNewClient.

Request: authority: https://login.microsoftonline.com/common, client: 1b3c667f-cde3-4090-b60b-3d2abd0117f0, redirect URI: ms-appx-web://Microsoft.AAD.BrokerPlugin/S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723
Code: 0x4aa1003c (level=3)
Message: Verbose level message.
Details: DetermineRecoveryNeeded: isCDJ: false; isWPJ: false; Local SSO accounts: 0; isDesktopSKU: true; ErrorCode: 0xCAA10001 (unknown); IsPrimaryUser: false
Logged at AccountRecovery.cpp, line: 110, method: AccountRecovery::DetermineRecoveryNeeded.
Code: 0xcaa10001 (level=2)
Message: Need user interaction to continue.
Details: Operation name: GetTokenSilently, Error: -895418367 (0xcaa10001), Description: Need user interaction to continue.
Logged at WebAccountProcessor.cpp, line: 376, method: AAD::Core::WebAccountProcessor::ProcessOperationAsync::<lambda_3b8d1a083fc9118c6550fcc057d5207f>::operator ().

Comments

  • Bill_OlsonBill_Olson Member Posts: 77

    It looks like this got approved. I changed the way the report was coded and it said it was flagged for review. Anyway, I figured out this problem.

    Initially when I installed the driver, it said it installed correctly, but when I went back to the Device Manager, Windows had deactivated it. Looking further I hadn't written the driver correctly for a non-PnP driver. Once I got the non-PnP functions set up correctly, the driver loaded and worked, though I am having another problem that I will address in another post.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 16-20 October 2023 Live, Online
Developing Minifilters 13-17 November 2023 Live, Online
Internals & Software Drivers 4-8 Dec 2023 Live, Online
Writing WDF Drivers 10-14 July 2023 Live, Online