Hello,
do Windows 7 still support loading kernel drivers via service? I managed to load my driver, but stopping the service returns error 1052 (“The requested control is not valid for this service.”) and the service’s status changes to not stoppable. I do have an unload routine, but it doesn’t seem to be ever called.
The driver doesn’t really do anything, it just creates a device and deletes it in the unload routine. It is not attached to device stack.
Ever encountered this problem?
Sure does.
Did you tell the driver about your unload routine during DriverEntry?
Mm
On Feb 1, 2014 1:49 PM, wrote:
> Hello,
> do Windows 7 still support loading kernel drivers via service? I managed
> to load my driver, but stopping the service returns error 1052 (“The
> requested control is not valid for this service.”) and the service’s status
> changes to not stoppable. I do have an unload routine, but it doesn’t seem
> to be ever called.
>
> The driver doesn’t really do anything, it just creates a device and
> deletes it in the unload routine. It is not attached to device stack.
>
> Ever encountered this problem?
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
I did
Ok… I tried to compile the driver from Toby Opferman’s driver tutorial and load it with OSRLoader. Pressing Stop service gets me the same error. Are sure Windows still supports this?
Yes it does for legacy, non-PnP drivers (ie. you get the same error if
you try to ‘sc stop pci’). What kind of driver do you have? Can you
paste your DriverEntry and DriverUnload routines?
Kris
On Mon, Feb 3, 2014 at 10:33 AM, wrote:
> Ok… I tried to compile the driver from Toby Opferman’s driver tutorial and load it with OSRLoader. Pressing Stop service gets me the same error. Are sure Windows still supports this?
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Kris
Here it is
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath)
{
PDEVICE_OBJECT DeviceObject;
UNICODE_STRING DriverName;
NTSTATUS Status;
int i;
RtlInitUnicodeString(&DriverName, L"\Device\DummyTest");
Status = IoCreateDevice(pDriverObject,
0,
&DriverName,
FILE_DEVICE_UNKNOWN,
FILE_DEVICE_SECURE_OPEN,
FALSE, &DeviceObject);
if (Status == STATUS_SUCCESS)
DbgPrint(“Device created.\r\n”);
else
DbgPrint(“Problem with device creation.\r\n”);
DeviceObject->Flags &= (~DO_DEVICE_INITIALIZING);
for (i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++)
pDriverObject->MajorFunction[i] = Unsupported;
pDriverObject->MajorFunction[IRP_MJ_CREATE] = Create;
pDriverObject->MajorFunction[IRP_MJ_CLOSE] = Close;
pDriverObject->MajorFunction[IRP_MJ_CLEANUP] = Cleanup;
pDriverObject->DriverUnload = DrvUnload;
return STATUS_SUCCESS;
}
VOID DrvUnload(PDRIVER_OBJECT DriverObject)
{
PDEVICE_OBJECT DeviceObject;
PDEVICE_OBJECT NextDevice;
DbgPrint(“Unload\r\n”);
DeviceObject = DriverObject->DeviceObject;
while (DeviceObject != NULL)
{
NextDevice = DeviceObject->NextDevice;
IoDeleteDevice(DeviceObject);
DeviceObject = NextDevice;
}
}
I link with
link /subsystem:native /driver:wdm /entry:DriverEntry entry.obj functions.obj ntoskrnl.lib /libpath:%winddk%\lib\crt\amd64 /libpath:%winddk%\lib\win7\amd64
compilation architecture AMD64
But wait you said it only works with non-PnP drivers. Which I thought WDM = PnP.
So what do I do? Do I need to learn to write *.inf files? To be able to unload?
How does the Device Manager actually do it?
xxxxx@gmail.com wrote:
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath)
{
PDEVICE_OBJECT DeviceObject;
UNICODE_STRING DriverName;
NTSTATUS Status;
int i;RtlInitUnicodeString(&DriverName, L"\Device\DummyTest");
Status = IoCreateDevice(pDriverObject,
0,
&DriverName,
FILE_DEVICE_UNKNOWN,
FILE_DEVICE_SECURE_OPEN,
FALSE, &DeviceObject);
You are creating the device before setting up your callbacks, so the I/O
subsystem thinks you don’t support DriverUnload. Where did you get this
code? You need to switch the order.
But wait you said it only works with non-PnP drivers. Which I thought WDM = PnP.
So what do I do? Do I need to learn to write *.inf files? To be able to unload?
How does the Device Manager actually do it?
Both WDM and KMDF can be used to create non-PnP drivers. When you call
IoCreateDevice during DriverEntry, that is a non-PnP driver. A PnP
driver does that in its AddDevice callback.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Source is: http://www.codeproject.com/Articles/9504/Driver-Development-Part-1-Introduction-to-Drivers
I changed the order but the error is the same 
Anyway I should have mentioned, viewing the devices properties in WinObj results in calling Create, Cleanup, Close routines.
Unfortunatelly stopping the service does not call nothing. I think I once tried to delete the device in Close routine and the driver got unloaded! but I couldnt reload the driver 
Something else is going on. The KMDF runtime (wdf01000.sys) is a driver service, not a pnp driver and it is loaded/unload on demand like a legacy driver, so this path definitely works.
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Monday, February 3, 2014 11:42 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Driver services
Source is: http://www.codeproject.com/Articles/9504/Driver-Development-Part-1-Introduction-to-Drivers
I changed the order but the error is the same Anyway I should have mentioned, viewing the devices properties in WinObj results in calling Create, Cleanup, Close routines.
Unfortunatelly stopping the service does not call nothing. I think I once tried to delete the device in Close routine and the driver got unloaded! but I couldnt reload the driver
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Initiating devices before setting up driver unload has nothing to do with his problem. I have working drivers that set up the devices before setting up the callbacks.
Bill Wandel
on Feb 03, 2014, Tim Roberts wrote:
xxxxx@gmail.com wrote:
> NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath)
> {
> PDEVICE_OBJECT DeviceObject;
> UNICODE_STRING DriverName;
> NTSTATUS Status;
> int i;
>
> RtlInitUnicodeString(&DriverName, L"\Device\DummyTest");
>
> Status = IoCreateDevice(pDriverObject,
> 0,
> &DriverName,
> FILE_DEVICE_UNKNOWN,
> FILE_DEVICE_SECURE_OPEN,
> FALSE, &DeviceObject);
You are creating the device before setting up your callbacks, so the I/O
subsystem thinks you don’t support DriverUnload. Where did you get this
code? You need to switch the order.
> But wait you said it only works with non-PnP drivers. Which I thought WDM = PnP.
> So what do I do? Do I need to learn to write *.inf files? To be able to unload?
> How does the Device Manager actually do it?
Both WDM and KMDF can be used to create non-PnP drivers. When you call
IoCreateDevice during DriverEntry, that is a non-PnP driver. A PnP
driver does that in its AddDevice callback.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
—
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Strictly speaking, it is not the call of IoCreateDevice in DrinerEntry
that marks the driver in some magical way as a non-PNP driver; there might
be good reasons to create a controlling driver of some sort that the
drivers created in AddDevice would use to log statistics or get
configuration informatio although there are better ways to do this now.
But someone who had this pattern from legacy drivers and didn’t want to
deal with GUIDs and ActiveX might write a driver like this…the pattern
you know, and all that.
joe
xxxxx@gmail.com wrote:
> NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING
> pRegistryPath)
> {
> PDEVICE_OBJECT DeviceObject;
> UNICODE_STRING DriverName;
> NTSTATUS Status;
> int i;
>
> RtlInitUnicodeString(&DriverName, L"\Device\DummyTest");
>
> Status = IoCreateDevice(pDriverObject,
> 0,
> &DriverName,
> FILE_DEVICE_UNKNOWN,
> FILE_DEVICE_SECURE_OPEN,
> FALSE, &DeviceObject);You are creating the device before setting up your callbacks, so the I/O
subsystem thinks you don’t support DriverUnload. Where did you get this
code? You need to switch the order.> But wait you said it only works with non-PnP drivers. Which I thought
> WDM = PnP.
> So what do I do? Do I need to learn to write *.inf files? To be able to
> unload?
> How does the Device Manager actually do it?Both WDM and KMDF can be used to create non-PnP drivers. When you call
IoCreateDevice during DriverEntry, that is a non-PnP driver. A PnP
driver does that in its AddDevice callback.–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminarsTo unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
If you don’t create any DO and only set unload routine and dispatchers
in DriverEntry, does it unload then? If so then (in the case when DO
is created) what does ‘!devstack <your_device_object_addr>’ say?
Btw. your error handling code is wrong, you dereference DeviceObject
even if IoCreateDevice() fails.
Kris
On Mon, Feb 3, 2014 at 3:37 PM, wrote:
> Here it is
>
> NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath)
> {
> PDEVICE_OBJECT DeviceObject;
> UNICODE_STRING DriverName;
> NTSTATUS Status;
> int i;
>
> RtlInitUnicodeString(&DriverName, L"\Device\DummyTest");
>
> Status = IoCreateDevice(pDriverObject,
> 0,
> &DriverName,
> FILE_DEVICE_UNKNOWN,
> FILE_DEVICE_SECURE_OPEN,
> FALSE, &DeviceObject);
>
> if (Status == STATUS_SUCCESS)
> DbgPrint(“Device created.\r\n”);
> else
> DbgPrint(“Problem with device creation.\r\n”);
>
> DeviceObject->Flags &= (~DO_DEVICE_INITIALIZING);
>
> for (i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++)
> pDriverObject->MajorFunction[i] = Unsupported;
>
> pDriverObject->MajorFunction[IRP_MJ_CREATE] = Create;
> pDriverObject->MajorFunction[IRP_MJ_CLOSE] = Close;
> pDriverObject->MajorFunction[IRP_MJ_CLEANUP] = Cleanup;
>
> pDriverObject->DriverUnload = DrvUnload;
>
> return STATUS_SUCCESS;
> }
>
> VOID DrvUnload(PDRIVER_OBJECT DriverObject)
> {
> PDEVICE_OBJECT DeviceObject;
> PDEVICE_OBJECT NextDevice;
>
> DbgPrint(“Unload\r\n”);
>
> DeviceObject = DriverObject->DeviceObject;
>
> while (DeviceObject != NULL)
> {
> NextDevice = DeviceObject->NextDevice;
> IoDeleteDevice(DeviceObject);
> DeviceObject = NextDevice;
> }
> }
>
>
> I link with
>
> link /subsystem:native /driver:wdm /entry:DriverEntry entry.obj functions.obj ntoskrnl.lib /libpath:%winddk%\lib\crt\amd64 /libpath:%winddk%\lib\win7\amd64
>
> compilation architecture AMD64
>
> But wait you said it only works with non-PnP drivers. Which I thought WDM = PnP.
> So what do I do? Do I need to learn to write *.inf files? To be able to unload?
> How does the Device Manager actually do it?
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Kris</your_device_object_addr>
Not creating the device results in immediate unload of the driver, but I think I commented the dispatchers too. It did print “Unload” in dbgview though…
!devstack:
!DevObj !DrvObj !DevExt ObjectName
fffffa8003d34060 \Driver\drvtest 00000000 DummyTest
Actually, IIRC from the last time I read the source code, it specifically WAS calling IoCreateDevice in DriverEntry that marked the driver as a non-PNP driver.
That and not supporting IRP_MJ_PNP…
Peter
OSR
Well what do I do? How do I write drivers without constantly needing to reboot?
Sorry if you’ve answered this already but does your driver attach to the boot disk stack? If so, the answer is you can’t. In order to unload/reload your driver you would need to reboot.
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com
Sent: Tuesday, February 4, 2014 10:25 AM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Driver services
Well what do I do? How do I write drivers without constantly needing to reboot?
NTDEV is sponsored by OSR
Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
OSR is HIRING!! See http://www.osr.com/careers
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
No problem, no functions that could attach it aren’t called. Also in WinDbg the !devstack command returned only the one device created by the driver.
Try to remove for-loop where you set Unsupported dispatcher for the
functions you don’t care about (including IRP_MJ_PNP that Mr.
Viscarola mentioned in his email).
Kris
On Tue, Feb 4, 2014 at 6:24 PM, wrote:
> Well what do I do? How do I write drivers without constantly needing to reboot?
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
–
Kris
> Actually, IIRC from the last time I read the source code, it specifically WAS calling IoCreateDevice in
DriverEntry that marked the driver as a non-PNP driver.
Lack of AddDevice function was once the way
–
Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com
Yeah I already actually tried that. No change concerning the unload error but at least in the device tree tool it shows the actual IRPs it can handle. I was fiddeling around with a couple other drivers to see if there actually exists a driver that can be loaded/unloaded just by starting stopping it’s service and I found this secdrv.sys. The only difference between that driver and mine is that somehow the secdrv.sys has this LEGACY_DRIVER flag on the driver which I couldn’t find on the DRIVER_OBJECT at all. Any ideas on how does this tool actually get that flag?