Hello everyone. I am a beginner, so please excuse me if i’m asking primitive questions.
I’m trying to write a simple driver that has no relation to a real device. Firstly, i wrote a skeleton for the driver that consisted of DriverEntry(), AddDevice(), Unload(), IRP_MJ_CREATE, IRP_MJ_CLOSE handlers and a dummy handler for all other IRPs. I tried to test my driver by loading it with DriverMonitor from DriverStudio and found out that the unload proc is called immediately if i don’t create the driver object in AddDevice(). But when i create the driver object i can’t get this driver unloaded. I know that it can’t be unloaded as long as the driver object exits, that’s why i wrote a simple application that opened and closed the device handle and i tried to delete the device object in the IRP_MJ_CLOSE handler. That gives no result, WinDbg shows that the driver object is deleted but the unload proc is never called and it makes me reboot the computer everytime i want to test the driver.
I haven’t found any solution for this, so i decided to try using SCM functions to run this driver as a service and made another application to do it. When i executed it the first time i successfuly installed the driver. AddDevice() wasn’t called in this case (is this because of the driver being loaded this way is interpreted by the system as a legacy driver?). After that i removed it with DeleteService() to change the driver’s code and tried to start the service again. But now CreateService() always returns 0, and GetLastError() return ERROR_ACCESS_DENIED, although the code responsible for installing is intact.
I have tried to find any information in google but without any result. Help me please, debugging with continuous reboots turns into hell.
Hello everyone. I am a beginner, so please excuse me if i’m asking primitive questions.
I’m trying to write a simple driver that has no relation to a real device. Firstly, i wrote a skeleton for the driver that consisted of DriverEntry(), AddDevice(), Unload(), IRP_MJ_CREATE, IRP_MJ_CLOSE handlers and a dummy handler for all other IRPs. I tried to test my driver by loading it with DriverMonitor from DriverStudio and found out that the unload proc is called immediately if i don’t create the driver object in AddDevice(). But when i create the driver object i can’t get this driver unloaded. I know that it can’t be unloaded as long as the driver object exits, that’s why i wrote a simple application that opened and closed the device handle and i tried to delete the device object in the IRP_MJ_CLOSE handler. That gives no result, WinDbg shows that the driver object is deleted but the unload proc is never called and it makes me reboot the computer everytime i want to test the driver.
I haven’t found any solution for this, so i decided to try using SCM functions to run this driver as a service and made another application to do it. When i executed it the first time i successfuly installed the driver. AddDevice() wasn’t called in this case (is this because of the driver being loaded this way is interpreted by the system as a legacy driver?). After that i removed it with DeleteService() to change the driver’s code and tried to start the service again. But now CreateService() always returns 0, and GetLastError() return ERROR_ACCESS_DENIED, although the code responsible for installing is intact.
I have tried to find any information in google but without any result. Help me please, debugging with continuous reboots turns into hell.
Pavel A, using of EzDriverInstaller and Device Manager seems to be equal, but i did what you’ve written with Device Manager and neither disabling nor deleting of the device causes the unload proc to be called.
Since you don’t have an PnP support, you have no way of deleting the
device object. As long as the device object references your driver
object your driver is not unloadable. Using DriverStudio is a great
way to create a buggy unreliable driver, that no one will ever want to
use.
> Pavel A, using of EzDriverInstaller and Device Manager seems to be equal, but i did what you’ve written with Device Manager and neither disabling nor deleting of the device causes the unload proc to be called.
Pavel A, using of EzDriverInstaller and Device Manager seems to be equal, but i did what you’ve written with Device Manager and neither disabling nor deleting of the device causes the unload proc to be called.
Then you might have a strange mix of a “normal” legacy driver
that is a service and can be installed by various “installers”,
and a root enumerated driver that has AddDevice callback.
If your driver belongs to the former type, its AddDevice won’t be called.
Why it won’t unload? Probably because of some error in your code. It is
better to start with some well known driver, like
the WDK source samples, and modify it step by step. When it breaks, roll
back your recent changes and debug.
Don Burn, actually, I do not use DriverStudio, I use only two tools from its package: EzDriverInstaller that needs INF file to install the driver and DriverMonitor to see DbgPrint messages.
“you have no way of deleting the device object.”
Could you tell me please why deleting the device object in IRP_MJ_CLOSE handler doesn’t lead to the driver’s being unloaded?
I’ve just tried to test the example ioctl driver from WDK (src\general\ioctl\wdm\sys). But the application from src\general\ioctl\wdm\exe that had to install it as a service could not do it because CreateService() failed with ERROR_ACCESS_DENIED code again. It seems now I can’t install any driver as a service at all.
Please run application which installs driver as service from elevated
command prompt. That is run it as administrator.
Thanks,
–rc
On Mon, Sep 12, 2011 at 9:05 AM, wrote: > I’ve just tried to test the example ioctl driver from WDK (src\general\ioctl\wdm\sys). But the application from src\general\ioctl\wdm\exe that had to install it as a service could not do it because CreateService() failed with ERROR_ACCESS_DENIED code again. It seems now I can’t install any driver as a service at all. > > — > NTDEV is sponsored by OSR > > For our schedule of WDF, WDM, debugging and other seminars visit: > http://www.osr.com/seminars > > To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer >
Rajnish Chauhan, is the elevated command prompt specific only for Windows Vista/7? I use XP and my user account is a member of the Administrators group, so there mustn’t be any problems with access.
Don Burn, actually, I do not use DriverStudio, I use only two tools from its package: EzDriverInstaller that needs INF file to install the driver and DriverMonitor to see DbgPrint messages.
“you have no way of deleting the device object.”
Could you tell me please why deleting the device object in IRP_MJ_CLOSE handler doesn’t lead to the driver’s being unloaded?
There are fundamentally two types of drivers in a post-NT system: legacy
drivers and PnP drivers. They are very different beasts.
A legacy driver is installed using the Service Control Manager. It
creates its device object within DriverEntry, and it deletes its device
object in the unload handler, which is called when someone uses the
Service Control Manager to disable or delete the service (such as
through “net stop”).
A PnP driver is installed using an INF file. It creates its device
object in AddDevice, in response to a call from the PnP manager, and it
deletes its device object in its IRP_MN_REMOVE_DEVICE handler. It is
unloaded when the last device object is removed.
In neither case do you delete a device object in IRP_MJ_CLOSE. You
cannot force yourself to be unloaded. In both driver models, you are
only unloaded based on some external event.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.