Delay in Boot Driver CDO creation

All,

we have a disk upper filter, which means that it is BOOT_START.

This driver talks to an user mode service which also starts at windows
startup.

The driver’s control device object is ACL protected through the INF based
installation, so that only administrators and above can access it.

This driver binary and service pair works perfectly fine on vista+ OSs, but
we have observed that sometimes in older OSs like win2k3 the service gets
windows error 87 when it tries to access the driver at service init.

However, if we disable and reenable the service after the boot process
completed and we are logged in, then everything goes well and we are able
to get a handle to the CDO.

This makes me think that somehow some objects of win2k3 (win32 etc) is
getting delayed in init and our service starts up earlier and hence till
the win32 apis (it might be something else) gets inited, it cant
communicate with the driver.

How do i debug this problem? I need to roto cause it before I can take a
call whether or not it is a problem.

thanks
awbadhho

Where do you create the control device’s symbolic link?

in DriverEntry using this piece of code…

status = IoCreateDeviceSecure(
DriverObject, // ptr to our Driver object
sizeof(MY_DEVICE_INFO), // size (in bytes) of our Device Extension struct
for the CDO
&MyDeviceName, // ptr to “name” of this device (the CDO)
FILE_DEVICE_DISK, // set our device “type” (note: not sure this is correct,
but it looks “plausible”)
FILE_DEVICE_SECURE_OPEN,
FALSE, // not opening for “exclusive” access
&SDDL_DEVOBJ_SYS_ALL, // D:P(A;;GA;;;SY)
&MyGuid,
&MyDriverInfo.CDO); // ptr to dest for ptr to “Control Device Object” (CDO)
for this driver

On Thu, Apr 11, 2013 at 1:51 AM, wrote:

> Where do you create the control device’s symbolic link?
>
> —
> NTDEV is sponsored by OSR
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

How does your symbolic link look?

And what’s the name of your device object?

here is the info you wanted:

In the driver:
#define MY_DEVICE_NAME L"\Device\MyControl"
#define MY_SYMLINK_NAME L"\??\MyControl"

the user mode tries to access it with:
#define MY_CDO_NAME L"\\.\MyControl"

On Thu, Apr 11, 2013 at 3:14 AM, wrote:

> And what’s the name of your device object?
>
> —
> NTDEV is sponsored by OSR
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

A boot-time driver has many restrictions it must adhere to. For example,
it cannot access the Registry, because the necessary Registry capabilities
do not exist at the time of the boot, but only at a much later time in the
boot cycle.

Services are typically not started until the boot has completed. “Windows
startup” is a multiphased event sequence, and therefore you cannot assume
that everything is available at a given “Windows startup”. You have to
study the startup sequence and understand the restrictions.

Note that a driver does not talk to a service. A service talks to a
driver. A boot driver is loaded very, very early in the boot sequence.
Services start after the end of the boot sequence. Therefore, a boot-time
driver must be able to operate fully and correctly in the complete absence
of the service.

For those of us who have not memorized all 1300+ error codes in nterr.h,
it is considered essential that you give the text of the error code. I
have no idea what “87” means. I’m on my iPad, so I do not have access to
the DDK header files.

You have provided virtually no useful information to help us guess at what
is happening. All I know is that the boot sequence has changed a few
times in the history of Windows, but if you followed the rules, there
should be no problem.

For example, how does the service access the device? By GUID or by
symbolic link? What is the symbolic link, and are you sure it was created
correctly? Do you know that your driver is actually /present//? If it
had a failure in loading, you won’t have anything, and if you didn’t log
the error to the system error log, nobody will know or be able to find out
if it had a problem.

I would sprinkle some KdPrint calls around in the debug version, and some
debug message output in the service, and use them to determine if the
device has fully instantiated by the time the service is up. A common
failure might be that you are trying to read the Registry, get an error
because you are reading a nonexistent part of the Registry (only a few
keys are accessible to boot-start drivers), take an error, and abort the
loading of the driver.

Trust nothing. ANY error that causes your driver to fail should generate
an error log entry; otherwise, field support can become a nightmare.
Every kernel call is suspect, and unless you verify that it has completed
successfully, you have no idea if your driver is in a sensible state. Or
even installed.

It is /not/ paranoia. The system really is out to get you.
joe

All,

we have a disk upper filter, which means that it is BOOT_START.

This driver talks to an user mode service which also starts at windows
startup.

The driver’s control device object is ACL protected through the INF based
installation, so that only administrators and above can access it.

This driver binary and service pair works perfectly fine on vista+ OSs,
but
we have observed that sometimes in older OSs like win2k3 the service gets
windows error 87 when it tries to access the driver at service init.

However, if we disable and reenable the service after the boot process
completed and we are logged in, then everything goes well and we are able
to get a handle to the CDO.

This makes me think that somehow some objects of win2k3 (win32 etc) is
getting delayed in init and our service starts up earlier and hence till
the win32 apis (it might be something else) gets inited, it cant
communicate with the driver.

How do i debug this problem? I need to roto cause it before I can take a
call whether or not it is a problem.

thanks
awbadhho


NTDEV is sponsored by OSR

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

The symbolic link needs to use DosDevices directory. ‘??’ alias may be created only later in the boot process.

your information is very help full for any system level programmer…

thanks a lot:-)

On Thu, Apr 11, 2013 at 1:43 PM, wrote:

> A boot-time driver has many restrictions it must adhere to. For example,
> it cannot access the Registry, because the necessary Registry capabilities
> do not exist at the time of the boot, but only at a much later time in the
> boot cycle.
>
> Services are typically not started until the boot has completed. “Windows
> startup” is a multiphased event sequence, and therefore you cannot assume
> that everything is available at a given “Windows startup”. You have to
> study the startup sequence and understand the restrictions.
>
> Note that a driver does not talk to a service. A service talks to a
> driver. A boot driver is loaded very, very early in the boot sequence.
> Services start after the end of the boot sequence. Therefore, a boot-time
> driver must be able to operate fully and correctly in the complete absence
> of the service.
>
> For those of us who have not memorized all 1300+ error codes in nterr.h,
> it is considered essential that you give the text of the error code. I
> have no idea what “87” means. I’m on my iPad, so I do not have access to
> the DDK header files.
>
> You have provided virtually no useful information to help us guess at what
> is happening. All I know is that the boot sequence has changed a few
> times in the history of Windows, but if you followed the rules, there
> should be no problem.
>
> For example, how does the service access the device? By GUID or by
> symbolic link? What is the symbolic link, and are you sure it was created
> correctly? Do you know that your driver is actually /present//? If it
> had a failure in loading, you won’t have anything, and if you didn’t log
> the error to the system error log, nobody will know or be able to find out
> if it had a problem.
>
> I would sprinkle some KdPrint calls around in the debug version, and some
> debug message output in the service, and use them to determine if the
> device has fully instantiated by the time the service is up. A common
> failure might be that you are trying to read the Registry, get an error
> because you are reading a nonexistent part of the Registry (only a few
> keys are accessible to boot-start drivers), take an error, and abort the
> loading of the driver.
>
> Trust nothing. ANY error that causes your driver to fail should generate
> an error log entry; otherwise, field support can become a nightmare.
> Every kernel call is suspect, and unless you verify that it has completed
> successfully, you have no idea if your driver is in a sensible state. Or
> even installed.
>
> It is /not/ paranoia. The system really is out to get you.
> joe
>
> > All,
> >
> > we have a disk upper filter, which means that it is BOOT_START.
> >
> > This driver talks to an user mode service which also starts at windows
> > startup.
> >
> > The driver’s control device object is ACL protected through the INF based
> > installation, so that only administrators and above can access it.
> >
> > This driver binary and service pair works perfectly fine on vista+ OSs,
> > but
> > we have observed that sometimes in older OSs like win2k3 the service gets
> > windows error 87 when it tries to access the driver at service init.
> >
> > However, if we disable and reenable the service after the boot process
> > completed and we are logged in, then everything goes well and we are able
> > to get a handle to the CDO.
> >
> > This makes me think that somehow some objects of win2k3 (win32 etc) is
> > getting delayed in init and our service starts up earlier and hence till
> > the win32 apis (it might be something else) gets inited, it cant
> > communicate with the driver.
> >
> >
> > How do i debug this problem? I need to roto cause it before I can take a
> > call whether or not it is a problem.
> >
> > thanks
> > awbadhho
> >
> > —
> > NTDEV is sponsored by OSR
> >
> > OSR is HIRING!! See http://www.osr.com/careers
> >
> > For our schedule of WDF, WDM, debugging and other seminars visit:
> > http://www.osr.com/seminars
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
>
>
>
> —
> NTDEV is sponsored by OSR
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

>For example, it cannot access the Registry, because the necessary Registry capabilities
do not exist at the time of the boot, but only at a much later time in the
boot cycle.

It CAN access SOME registry, notably SYSTEM\CurrentControlSet, which is all a driver must access.

>A boot-time driver has many restrictions it must adhere to. For example,

it cannot access the Registry, because the necessary Registry capabilities
do not exist at the time of the boot, but only at a much later time in the
boot cycle.

It can access the SYSTEM tree.

have no idea what “87” means.

“The parameter is invalid”


Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com

>>A boot-time driver has many restrictions it must adhere to. For example,

> it cannot access the Registry, because the necessary Registry
> capabilities
> do not exist at the time of the boot, but only at a much later time in
> the
> boot cycle.

It can access the SYSTEM tree.

Yes, I think I said somewhere that only sone keys are accessible. Main
point was to inform the OP that the boot-load-driver enviroment is not tbe
same as the post-boot environment. The details wre left AAEFTR.

> have no idea what “87” means.

“The parameter is invalid”

I never bothered to memorize the 1300+ codes, except for 5 (access denied)
and 2 (named thing not found). I do find the people who say “I got
compiler error LNK0322” to be a tiresome lot; they either lack the ability
to ask a question or the courtesy to the potential helpers to give the
complete message text or decode the numeric error. Since my PTP (Psychic
Transfer Protocol) system seems to be broken, I am unable to look these
things up on their machine, and these days I answer most of my mail on my
iPad, so it is not easy to find some of this out. So I don’t bother. If
the question was important, the OP would give us all te information we
need to understand the problem.
joe


Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com


NTDEV is sponsored by OSR

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer