Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Not loaded function AddDevice in Minifilter Serial Port (Upper Filter)

Boris_NaimarkBoris_Naimark Member Posts: 12

Hi. I have developed my first filter driver for SerialPort, and I need to obtain data about the port settings via IRP. The driver has functions like DriverEntry and Unload LogDataFile, and it works perfectly. However, after I added the AddDevice function, I noticed through the log that AddDevice is not loading, and this has caused the Unload function to stop working.

here you can see prt of my code from inf and c files

**From inf file **

[Version]
Signature = "$WINDOWS NT$"
Class = "Ports"
ClassGuid = {4d36e978-e325-11ce-bfc1-08002be10318}

Standard]

%MyPortMonitor.DeviceDesc%=MyPortMonitor_Device, *PNP0501

[MyPortMonitor_Device.NT]
CopyFiles=Drivers_Dir

[MyPortMonitor_Device.NT.HW]
AddReg=MyPortMonitor_UpperFilters_AddReg

[MyPortMonitor_UpperFilters_AddReg]
HKR,,"UpperFilters",0x00010008,"MyPortMonitor"

[MyPortMonitor_Device.NT.AddReg]
HKR,,DeviceCharacteristics,0x10001,0x0100 ; Use same security checks on relative opens
HKR,,Security,,"D:P(A;;GA;;;BA)(A;;GA;;;SY)" ; Allow generic-all access to Built-in administrators and Local system

From mydriverMonitor.c

NTSTATUS AddDevices(PDRIVER_OBJECT DriverObject, In PDEVICE_OBJECT PhysicalDeviceObject)
{
NTSTATUS status = STATUS_SUCCESS;
PDEVICE_OBJECT myFilterDeviceObject = NULL;
KdPrint(("Entering AddDevices\n"));

// Logging the entry into the function.

WriteStringLogFile("Entering AddDevices\r\n");

// Create a filter device object for the detected COM port.
status = IoCreateDevice(
    DriverObject,
    0,  // Set to 0 since we're not using a device extension.
    NULL,  // No name for the filter device object.
    FILE_DEVICE_SERIAL_PORT,
    0,
    FALSE,
    &myFilterDeviceObject);

if (!NT_SUCCESS(status))
{
    KdPrint(("Error creating device object for COM port: %08x\n", status));
    WriteStringLogFile("Error creating device object for COM port\r\n");
    return status;
}

// Attach filter to the device stack
    myFilterDeviceObject->NextDevice = IoAttachDeviceToDeviceStack(
    myFilterDeviceObject,
    PhysicalDeviceObject
);

if (!myFilterDeviceObject->NextDevice)
{
    IoDeleteDevice(myFilterDeviceObject);
    KdPrint(("Failed to attach to device stack\n"));
    WriteStringLogFile("Failed to attach to device stack\r\n");
    return STATUS_UNSUCCESSFUL;
}

// Set the flags inherited from the lower device object
myFilterDeviceObject->Flags |= DO_BUFFERED_IO | DO_POWER_PAGABLE;
myFilterDeviceObject->Flags &= ~DO_DEVICE_INITIALIZING;

// Log success message
KdPrint(("COM port device added successfully\n"));
WriteStringLogFile("COM port device added successfully\r\n");*/

return STATUS_SUCCESS;

}

NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
{
NTSTATUS status = STATUS_SUCCESS;
PDEVICE_OBJECT deviceObject = NULL;
UNICODE_STRING comPortNames[MAX_COM_PORTS];
UNICODE_STRING comPortDevicePaths[MAX_COM_PORTS];
ULONG numPortsFound = 0;
PDEVICE_OBJECT myDeviceObject = NULL;

KdPrint(("LOAD SUCCESS \r\n"));
WriteStringLogFile("LOAD SUCCESS\r\n");
KIRQL currentIrql = KeGetCurrentIrql();

if (currentIrql == PASSIVE_LEVEL) 
{
    // The current IRQL is PASSIVE_LEVEL
    KdPrint(("Current IRQL is PASSIVE_LEVEL\n"));
    WriteStringLogFile("Current IRQL is PASSIVE_LEVE\r\n");
}
else 
{
    // The current IRQL is not PASSIVE_LEVEL
    KdPrint(("Current IRQL is NOT PASSIVE_LEVEL, it is %d\n", currentIrql));
    WriteULongLogFIle("Current IRQL is NOT PASSIVE_LEVEL, it is: ", (ULONG)currentIrql);
}

DriverObject->DriverUnload = UnloadDriver;
DriverObject->DriverExtension->AddDevice = AddDevices;
DriverObject->MajorFunction[IRP_MJ_CREATE] = MySerialPortCreate;

Thank you in advance for your help.

Boris .

Comments

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,832

    Your INF file is missing some pieces. Note, for example, the line "Standard]". How, exactly, have you installed this driver? The INF you have written will REPLACE the existing serial port driver, not add to it.

    Tim Roberts, [email protected]
    Software Wizard Emeritus

  • Doron_HolanDoron_Holan Member - All Emails Posts: 10,828

    Also, why WDM?

    d
  • Boris_NaimarkBoris_Naimark Member Posts: 12

    Hi Tim, Thank you for your answer. I see Standard]

    %MyPortMonitor.DeviceDesc%=MyPortMonitor_Device, *PNP0501 does need to use [
    [Standard.NTx86]
    %MyPortMonitor.DeviceDesc%=MyPortMonitor, Root\MyPortMonitor ?
    I used inf file for install and sc commands (create and start)

  • Boris_NaimarkBoris_Naimark Member Posts: 12

    Hi Doron. I am using the Windows Driver Model (WDM) to obtain real-time information about serial port properties. Additionally, I am employing user-mode hooking with a C++ DLL. However, I am encountering a problem when trying to interface with a Java application. My current user-mode hooking approach does not seem to connect with the Java API. To resolve this, I am considering the use of a filter driver.

    Thank you
    Boris

  • Doron_HolanDoron_Holan Member - All Emails Posts: 10,828

    If your install is scoped to Windows10 and newer, you can create an extension INF to install your filter. https://learn.microsoft.com/en-us/windows-hardware/drivers/install/using-an-extension-inf-file

    If you are targeting < Windows10, uou need to use Needs and Include directives to pull in the relevant install sections from msports.inf. When done correctly, it will install serial.sys and your INF installs the filter.

    WDM is not faster or more real time compared to KMDF. And with WDM you have to implement all of the filtering behavior yourself. With KMDF, it is one function call.

    d
  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,832

    I used inf file for install ...

    What does that mean? Exactly how did you install it? The INF you have (assuming you fix the syntax problems) is a PnP INF, but one does NOT use "sc" to create and start PnP drivers. And if it's not PnP, then AddDevice is not called. I think you have a fair amount of confusion about the driver model here.

    Tim Roberts, [email protected]
    Software Wizard Emeritus

  • Boris_NaimarkBoris_Naimark Member Posts: 12

    Hi Doron, I need to use my driver for Windows kernel versions 6.1, 6.2, 6.3, and 10.0. For this, I need to use WDM. Can you advise me if I can use KMDF instead, especially for the earlier mentioned Windows versions?

  • Boris_NaimarkBoris_Naimark Member Posts: 12

    Hi Tim, I need to use it as a Plug and Play device and only require an INF file for installation. I need to correct my INF file for this purpose. Where can I find information about filling out INF files for PnP devices?

  • Doron_HolanDoron_Holan Member - All Emails Posts: 10,828
    Kmdf can be used in all of these versions of windows.
    d
  • Boris_NaimarkBoris_Naimark Member Posts: 12

    Hi Doron . I understood that need use for install inf file only is it correct And have I to implement all of the filtering behavior myself?

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,832

    It is not strictly necessary to use an INF for a device filter driver install. All you need is to (1) copy the file into place, (2) create the service entry, and (3) tweak the UpperFilters registry entry. All of that can be done with a relatively simple install application.

    Tim Roberts, [email protected]
    Software Wizard Emeritus

  • Doron_HolanDoron_Holan Member - All Emails Posts: 10,828

    @Boris_Naimark said:
    Hi Doron . I understood that need use for install inf file only is it correct And have I to implement all of the filtering behavior myself?

    In KMDF you call WdfFdoInitSetFilter and you get the default correct filtering behavior. In WDM, yes, you have to implement all the filtering behavior yourself.

    d
  • Boris_NaimarkBoris_Naimark Member Posts: 12

    @Tim_Roberts said:
    It is not strictly necessary to use an INF for a device filter driver install. All you need is to (1) copy the file into place, (2) create the service entry, and (3) tweak the UpperFilters registry entry. All of that can be done with a relatively simple install application.

    I understood. I will try it for the KMDF filter driver port monitor. Thank you so much.

  • Boris_NaimarkBoris_Naimark Member Posts: 12

    @Doron_Holan said:

    @Boris_Naimark said:
    Hi Doron . I understood that need use for install inf file only is it correct And have I to implement all of the filtering behavior myself?

    In KMDF you call WdfFdoInitSetFilter and you get the default correct filtering behavior. In WDM, yes, you have to implement all the filtering behavior yourself.

    Okay, thank you. I will use it

  • Boris_NaimarkBoris_Naimark Member Posts: 12

    Which type of upper filter driver is needed for detecting both physical and virtual serial ports in Driver Plug and Play (PnP)? Should the upper filter driver be applied at the device level or the class level?

  • Doron_HolanDoron_Holan Member - All Emails Posts: 10,828
    If you need to do this for all ports it should be a class filter. Settings on virtual ports are not that interesting though, while they are set they usually mean absolutely nothing
    d
  • Boris_NaimarkBoris_Naimark Member Posts: 12

    Thank you

  • Boris_NaimarkBoris_Naimark Member Posts: 12

    I cannot attach an Epson virtual serial port . I'm encountering an error: 'Failed to attach device for COM port \Device\00000010, status: 0xC0000010. physical port filtering without encountering any errors

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,832

    That's STATUS_INVALID_DEVICE_REQUEST. Maybe they have some additional security to make sure it's only accessed from certain apps?

    Tim Roberts, [email protected]
    Software Wizard Emeritus

  • Boris_NaimarkBoris_Naimark Member Posts: 12

    How can I check it ?

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,832

    You can't. If they don't want to be filtered, there's nothing you can do, unless you want ti disassemble their driver.

    Tim Roberts, [email protected]
    Software Wizard Emeritus

  • cromzpunecromzpune Member Posts: 1

    I need to correct my INF file for this purpose. Where can I find information about filling out INF files for PnP devices?

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 13-17 May 2024 Live, Online
Developing Minifilters 1-5 Apr 2024 Live, Online
Internals & Software Drivers 11-15 Mar 2024 Live, Online
Writing WDF Drivers 20-24 May 2024 Live, Online