ACCESS_DENIED CreateFile with hande to UMDF 2.0 driver interface

Hello
I'm trying to update IndirectDisplay sample from Windows Driver Samples and add interface to it just like in
Echo Sample also from Windows Driver Samples but when I'm trying to open created device interface with CreateFile I get
error ACCESS_DENIED. Here's what I did and how to reproduce my problem:

I have generated GUID interface and added PnpPowerCallbacks just like in echo sample:
PnpPowerCallbacks.EvtDeviceSelfManagedIoInit = IddDeviceSelfManagedIoInit;
PnpPowerCallbacks.EvtDeviceSelfManagedIoSuspend = IddDeviceSelfManagedIoSuspend;
PnpPowerCallbacks.EvtDeviceSelfManagedIoRestart = IddDeviceSelfManagedIoRestart;

In my modified Indirect Display sample after:

Status = IddCxDeviceInitialize(Device);

// Create a new device context object and attach it to the WDF device object
auto* pContext = WdfObjectGet_IndirectDeviceContextWrapper(Device);
pContext->pContext = new IndirectDeviceContext(Device);

I have added:

NTSTATUS deviceInterfaceStatus = WdfDeviceCreateDeviceInterface(Device, &GUID_DEVINTERFACE_MY_VIRTUAL_DISPLAY, NULL); // my generated GUID

if (!NT_SUCCESS(deviceInterfaceStatus)) {
return deviceInterfaceStatus;
}

NTSTATUS queueStatus = EchoQueueInitialize(Device); // Here is copied function from echo sample

if (!NT_SUCCESS(queueStatus)) {
return queueStatus;
}

When I deployed modified driver to remote machine I have enumerated my interface with GetDevicePath function from Windows-driver-samples/blob/main/general/echo/umdf2/driver/echoapp.cpp
but when CreateFile is called:

hDevice = CreateFile(G_DevicePath,
GENERIC_READ|GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL,
OPEN_EXISTING,
0,
NULL );

if (hDevice == INVALID_HANDLE_VALUE) {
printf("Failed to open device. Error %d\n",GetLastError());
result = FALSE;
goto exit;
}

ACCESS_DENIED is returned (I'm running program as ADMIN, when I'm running original echo sample it works)

I think that there is something wrong with my inf file (which is from Indirect Display sample not from Echo sample), so I tried
to deploy UMDF Verifier, enabled in (Configuration Properties -> Driver Install -> UMDF Verifier -> Deploy UMDF Verifier (Yes), but then
in output window this error is displayed:

Deploying driver files for project "F:\Sources\Windows-driver-samples-main\video\IndirectDisplay\IddSampleDriver\IddSampleDriver.vcxproj". Deployment may take a few minutes...
Inf file "F:\Sources\Windows-driver-samples-main\video\IndirectDisplay\x64\Debug\IddSampleDriver\IddSampleDriver.inf" is not compatible with target arch "amd64.10.0". Check if you are building for the right architecture.

the same error is generated when I use this option on original Indirect Display sample (with no changes).
I tried to determine what is wrong with:
infverif.exe /stampinf /osver NTAMD64.10.0

and I got output:
WARNING IddSampleDriver.inf: Failed to determine supported architectures
ERROR(1085) in F:\Sources\Windows-driver-samples-main\video\IndirectDisplay\IddSampleDriver\IddSampleDriver.inf, line 13: DriverVer directive incomplete.
ERROR(1218) in F:\Sources\Windows-driver-samples-main\video\IndirectDisplay\IddSampleDriver\IddSampleDriver.inf, line 13: Invalid driver date value in Version, expecting MM/DD/YYYY.

I have added driver version and get rid of this errors but I'm still left with WARNING and can't deploy with UMDF Verifier.

I'm not sure if I'm doing this right but I tried to compare security permissions with WinObj by clicking on properties of
ROOT#GENERIC#0000#{cdc35b6e-0be4-4936-bf5f-5537380a7c1a} (working echo sample interface) and interface of my driver and
they look exacly the same. (Admins, allow column checked Delete and Special permissions, in advanced permissions checked Delete, Change Permissions, Change Owner)

My inf file looks like here:
Windows-driver-samples/blob/main/video/IndirectDisplay/IddSampleDriver/IddSampleDriver.inf
and here is the echo driver inf file:
Windows-driver-samples/blob/main/general/echo/umdf2/driver/AutoSync/echoum.inx

If only admin should have access to driver interface should I specify security descriptor for it ?

I have also tried to CreateFile with my device: \\.\GLOBALROOT\Device\00000094 and symbolic name created with
WdfDeviceCreateSymbolicLink but all attemps return ACCESS_DENIED error.

Any idea how to find what's wrong ?

Okay I have solved that by modyfing inf file and adding
HKR,,Security,,"D:P(A;;GA;;;SY)(A;;GA;;;BA)" ;Allow generic all access to system and built-in Admin.
to AddReg

But I still don't know why I can't deploy UMDF Verifier
Any idea how to find what's wrong ?

1 Like

I think your inf should be processed by StampInf that sets the architecture properly. The architecture you need is 'amd64'. The resulting .inf file should look like this:

...
[Manufacturer]
%ManufacturerName%=Standard,NTamd64.10.0...22000

[Standard.NTamd64.10.0...22000]
%DeviceName%=MyDevice_Install, Root\IddSampleDriver ; TODO: edit hw-id, this hardware id is used by Visual Studio remote debugging
%DeviceName%=MyDevice_Install, IddSampleDriver ; TODO: edit hw-id, this hardware if is used by the IddSampleApp.exe
...

1 Like

You're probably right I have rewritten it two weeks ago with
AMD64 instead %arch% and many other changes. When I launched deploy with UMDF verifier, instead that error I could see Visual Studio crashing.