Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
I have been trying to get windbg working correctly for remote debugging my driver. Both machines are running Win 10. The target x86 and the machine with windbg x64 (running windbg x86). I got communication established over the network, but when I run an app that accesses the driver, I get this in windbg. It appears there is some sort of permission problem, though the driver has permission problems too. That's probably another thread.
The machines are in a Workgroup together. I created an account on the target machine with the same name as the account on the debugging machine, but that made no difference. I've searched for this problem but I haven't found much. It probably means I'm doing something stupid.
What I see in windbg when I try to run an app that accesses the driver is pasted below. The driver fails accessing the driver. I see error messages in the DLL that calls the driver, but I'm not seeing the calls anywhere. I followed the instructions to make sure DbgPrint was enabled. Including here https://osr.com/getting-dbgprint-output-appear-windows-vista-later/
Code: 0x4aa500f7 (level=2) Message: Token broker activated. Details: UTC time: 05/11/2022 07:34:55 (UTC) Logged at TokenBackground.cpp, line: 38, method: AAD::Core::TokenBackground::Run. Code: 0x4aa5001a (level=2) Message: Token broker operation started. Details: Operation name: GetTokenSilently Logged at WebAccountProcessor.cpp, line: 524, method: AAD::Core::WebAccountProcessor::CreateBrokerOperation. Code: 0x4aa50119 (level=2) Message: Token broker operation request parameters. Details: Parameter(s): correlationId: 1561260a-ef7e-40af-968d-e43633e007a2 webAccountCount: 0 client: 1b3c667f-cde3-4090-b60b-3d2abd0117f0 authority: organizations resource: https://arc.msn.com/v4 redirectUri: ms-appx-web://Microsoft.AAD.BrokerPlugin/S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723 scope: (null) LoginHint: (null) discoverHome: false domain_hint: (null) fallback_domain: (null) certificateUsage: (null) certificateUIName: (null) certificateUIDescription: (null) ExtendedLifeTimeEnabled: false UserPictureEnabled: false prompt: msafed: (null) validateAuthority: true minimum_token_lifetime: 0 transferTokenRequest: false Request Param(s): Request Properties: resource: https://arc.msn.com/v4 Logged at GetTokenBrokerOperationBase.cpp, line: 404, method: GetTokenBrokerOperationBase::LogRequestParameters. Code: 0x4aa5011a (level=2) Message: Loading client from cache using webaccount. Details: Token request accountId: (null), Resolved accountId: (null), PerUser accountId: (null) Logged at ClientCache.cpp, line: 138, method: ClientCache::Load. Code: 0x4aa50077 (level=2) Message: No data for the primary user. Details: Reason: -1073741729 (0xc000005f) Unknown error code: 0xc000005f A specified logon session does not exist. It may already have been terminated. Logged at DefaultUser.cpp, line: 139, method: DefaultUser::TryOpenLSAImpl. Code: 0x4aa50082 (level=2) Message: The local default user is loading. Details: Logged at ClientCache.cpp, line: 441, method: ClientCache::LoadLocalAccount. Code: 0x4aa50016 (level=2) Message: A new client created for the default local user. Details: Logged at ClientCache.cpp, line: 1100, method: ClientCache::CreateNewClient. Request: authority: https://login.microsoftonline.com/common, client: 1b3c667f-cde3-4090-b60b-3d2abd0117f0, redirect URI: ms-appx-web://Microsoft.AAD.BrokerPlugin/S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723 Code: 0x4aa1003c (level=3) Message: Verbose level message. Details: DetermineRecoveryNeeded: isCDJ: false; isWPJ: false; Local SSO accounts: 0; isDesktopSKU: true; ErrorCode: 0xCAA10001 (unknown); IsPrimaryUser: false Logged at AccountRecovery.cpp, line: 110, method: AccountRecovery::DetermineRecoveryNeeded. Code: 0xcaa10001 (level=2) Message: Need user interaction to continue. Details: Operation name: GetTokenSilently, Error: -895418367 (0xcaa10001), Description: Need user interaction to continue. Logged at WebAccountProcessor.cpp, line: 376, method: AAD::Core::WebAccountProcessor::ProcessOperationAsync::<lambda_3b8d1a083fc9118c6550fcc057d5207f>::operator (). Code: 0x4aa500f7 (level=2) Message: Token broker activated. Details: UTC time: 05/11/2022 07:40:26 (UTC) Logged at TokenBackground.cpp, line: 38, method: AAD::Core::TokenBackground::Run. Code: 0x4aa5001a (level=2) Message: Token broker operation started. Details: Operation name: GetTokenSilently Logged at WebAccountProcessor.cpp, line: 524, method: AAD::Core::WebAccountProcessor::CreateBrokerOperation. Code: 0x4aa50119 (level=2) Message: Token broker operation request parameters. Details: Parameter(s): correlationId: c1b6d327-ac09-4b30-9005-37519cf2f871 webAccountCount: 0 client: 1b3c667f-cde3-4090-b60b-3d2abd0117f0 authority: organizations resource: https://arc.msn.com/v4 redirectUri: ms-appx-web://Microsoft.AAD.BrokerPlugin/S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723 scope: (null) LoginHint: (null) discoverHome: false domain_hint: (null) fallback_domain: (null) certificateUsage: (null) certificateUIName: (null) certificateUIDescription: (null) ExtendedLifeTimeEnabled: false UserPictureEnabled: false prompt: msafed: (null) validateAuthority: true minimum_token_lifetime: 0 transferTokenRequest: false Request Param(s): Request Properties: resource: https://arc.msn.com/v4 Logged at GetTokenBrokerOperationBase.cpp, line: 404, method: GetTokenBrokerOperationBase::LogRequestParameters. Code: 0x4aa5011a (level=2) Message: Loading client from cache using webaccount. Details: Token request accountId: (null), Resolved accountId: (null), PerUser accountId: (null) Logged at ClientCache.cpp, line: 138, method: ClientCache::Load. Code: 0x4aa50077 (level=2) Message: No data for the primary user. Details: Reason: -1073741729 (0xc000005f) Unknown error code: 0xc000005f A specified logon session does not exist. It may already have been terminated. Logged at DefaultUser.cpp, line: 139, method: DefaultUser::TryOpenLSAImpl. Code: 0x4aa50082 (level=2) Message: The local default user is loading. Details: Logged at ClientCache.cpp, line: 441, method: ClientCache::LoadLocalAccount. Code: 0x4aa50016 (level=2) Message: A new client created for the default local user. Details: Logged at ClientCache.cpp, line: 1100, method: ClientCache::CreateNewClient. Request: authority: https://login.microsoftonline.com/common, client: 1b3c667f-cde3-4090-b60b-3d2abd0117f0, redirect URI: ms-appx-web://Microsoft.AAD.BrokerPlugin/S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723 Code: 0x4aa1003c (level=3) Message: Verbose level message. Details: DetermineRecoveryNeeded: isCDJ: false; isWPJ: false; Local SSO accounts: 0; isDesktopSKU: true; ErrorCode: 0xCAA10001 (unknown); IsPrimaryUser: false Logged at AccountRecovery.cpp, line: 110, method: AccountRecovery::DetermineRecoveryNeeded. Code: 0xcaa10001 (level=2) Message: Need user interaction to continue. Details: Operation name: GetTokenSilently, Error: -895418367 (0xcaa10001), Description: Need user interaction to continue. Logged at WebAccountProcessor.cpp, line: 376, method: AAD::Core::WebAccountProcessor::ProcessOperationAsync::<lambda_3b8d1a083fc9118c6550fcc057d5207f>::operator ().
Upcoming OSR Seminars | ||
---|---|---|
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
Kernel Debugging | 16-20 October 2023 | Live, Online |
Developing Minifilters | 13-17 November 2023 | Live, Online |
Internals & Software Drivers | 4-8 Dec 2023 | Live, Online |
Writing WDF Drivers | 10-14 July 2023 | Live, Online |
Comments
It looks like this got approved. I changed the way the report was coded and it said it was flagged for review. Anyway, I figured out this problem.
Initially when I installed the driver, it said it installed correctly, but when I went back to the Device Manager, Windows had deactivated it. Looking further I hadn't written the driver correctly for a non-PnP driver. Once I got the non-PnP functions set up correctly, the driver loaded and worked, though I am having another problem that I will address in another post.