driver unload/Unregister problem

Farhan_Khan · January 17, 2008, 6:39am

I have wrote a simple driver which loaded on runtime by an exe , but i can successfully loaded. But when i try to close the driver then it never get stop and doesnt get unregister.
I Am very confuse why its not getting unregister and stop? Since OSRLoader register and unregister very easily. Please guide me …

below is my driver …

NTSTATUS DriverEntry(PDRIVER_OBJECT pDrvObj,PUNICODE_STRING pRegPath)
{
InitDriver(pDrvObj);

return STATUS_SUCCESS;
}

void InitDriver(PDRIVER_OBJECT pDrvObj)
{
NTSTATUS NtStatus=STATUS_SUCCESS;

//Initializing driver names for dos mode and for non-dos mode
RtlInitUnicodeString(&usDriverName,L"\Device\Farhan");
RtlInitUnicodeString(&usDosDriverName,L"\DosDevices\Farhan");

//send message to debugger
DbgPrint(“DriverEntry Called \r\n”);

//Create device object , we pass FILE_DEVICE_UNKNOWN as it’s not associated with any particular type of device
NtStatus = IoCreateDevice(pDrvObj,0,&usDriverName,FILE_DEVICE_UNKNOWN,FILE_DEVICE_SECURE_OPEN,FALSE,&pDeviceObj);

//pDeviceObj->Flags |= IO_TYPE;
pDeviceObj->Flags &= (~DO_DEVICE_INITIALIZING);

IoCreateSymbolicLink(&usDosDriverName, &usDriverName);
}

void FillAllIRP(PDRIVER_OBJECT pDrvObj)
{
int iloop;
PIRP o=0;

for(iloop=0;iloop<irp_mj_maximum_function iloop> {
pDrvObj->MajorFunction[iloop] = DriverFile_UnSupportedFunction;
}

pDrvObj->MajorFunction[IRP_MJ_CREATE]=DriverFile_Create;
pDrvObj->MajorFunction[IRP_MJ_CLOSE]=DriverFile_Close;
pDrvObj->MajorFunction[IRP_MJ_DEVICE_CONTROL]=DriverFile_IOControl;
pDrvObj->MajorFunction[IRP_MJ_WRITE]=DriverFile_Write;
pDrvObj->DriverUnload = CloseCurrentDriver;

}

void CloseCurrentDriver(PDRIVER_OBJECT pDrvObj)
{
UNICODE_STRING usDeviceName;
RtlInitUnicodeString(&usDeviceName,L"\DosDevices\Farhan");
IoDeleteSymbolicLink(&usDeviceName);
IoDeleteDevice(pDrvObj->DeviceObject);
}

And this one is a MFC base application functions on two buttons one for stop and one for start.

bool CDriverLoader::StartDriver_ByUserModeService(string strDrvName)
{
bool b =CDriverLoader_FAIL;

m_hService = OpenService(m_hSCManager, strDrvName.c_str(),
SERVICE_START | DELETE | SERVICE_STOP);
if(m_hService)
{
if(StartService(m_hService, 0, NULL))
b= CDriverLoader_PASS;
}

return b;
}

bool CDriverLoader::StopDriver_ByUserModeService()
{
bool b =CDriverLoader_FAIL;

if(m_hService)
{
ControlService(m_hService, SERVICE_CONTROL_STOP, &m_ss);
CloseServiceHandle(m_hService);
DeleteService(m_hService);
b =CDriverLoader_PASS;
m_hService=NULL;
}
CloseServiceHandle(m_hSCManager);
m_hSCManager=NULL;

return b;
}</irp_mj_maximum_function>

Mark_Roddy · January 17, 2008, 7:14am

You might want to actually call FillAllIRP().

As this driver of yours has nothing to do with filesystems, you should
probably post questions like this over on the ntdev email list
instead.

On Jan 17, 2008 6:39 AM, wrote:
>
> I have wrote a simple driver which loaded on runtime by an exe , but i can successfully loaded. But when i try to close the driver then it never get stop and doesnt get unregister.
> I Am very confuse why its not getting unregister and stop? Since OSRLoader register and unregister very easily. Please guide me …
>
> below is my driver …
>
>
> NTSTATUS DriverEntry(PDRIVER_OBJECT pDrvObj,PUNICODE_STRING pRegPath)
> {
> InitDriver(pDrvObj);
>
> return STATUS_SUCCESS;
> }
>
> void InitDriver(PDRIVER_OBJECT pDrvObj)
> {
> NTSTATUS NtStatus=STATUS_SUCCESS;
>
> //Initializing driver names for dos mode and for non-dos mode
> RtlInitUnicodeString(&usDriverName,L"\Device\Farhan");
> RtlInitUnicodeString(&usDosDriverName,L"\DosDevices\Farhan");
>
> //send message to debugger
> DbgPrint(“DriverEntry Called \r\n”);
>
> //Create device object , we pass FILE_DEVICE_UNKNOWN as it’s not associated with any particular type of device
> NtStatus = IoCreateDevice(pDrvObj,0,&usDriverName,FILE_DEVICE_UNKNOWN,FILE_DEVICE_SECURE_OPEN,FALSE,&pDeviceObj);
>
> //pDeviceObj->Flags |= IO_TYPE;
> pDeviceObj->Flags &= (~DO_DEVICE_INITIALIZING);
>
> IoCreateSymbolicLink(&usDosDriverName, &usDriverName);
> }
>
> void FillAllIRP(PDRIVER_OBJECT pDrvObj)
> {
> int iloop;
> PIRP o=0;
>
> for(iloop=0;iloop<irp_mj_maximum_function iloop>> {
> pDrvObj->MajorFunction[iloop] = DriverFile_UnSupportedFunction;
> }
>
> pDrvObj->MajorFunction[IRP_MJ_CREATE]=DriverFile_Create;
> pDrvObj->MajorFunction[IRP_MJ_CLOSE]=DriverFile_Close;
> pDrvObj->MajorFunction[IRP_MJ_DEVICE_CONTROL]=DriverFile_IOControl;
> pDrvObj->MajorFunction[IRP_MJ_WRITE]=DriverFile_Write;
> pDrvObj->DriverUnload = CloseCurrentDriver;
>
> }
>
> void CloseCurrentDriver(PDRIVER_OBJECT pDrvObj)
> {
> UNICODE_STRING usDeviceName;
> RtlInitUnicodeString(&usDeviceName,L"\DosDevices\Farhan");
> IoDeleteSymbolicLink(&usDeviceName);
> IoDeleteDevice(pDrvObj->DeviceObject);
> }
>
>
>
> And this one is a MFC base application functions on two buttons one for stop and one for start.
>
> bool CDriverLoader::StartDriver_ByUserModeService(string strDrvName)
> {
> bool b =CDriverLoader_FAIL;
>
> m_hService = OpenService(m_hSCManager, strDrvName.c_str(),
> SERVICE_START | DELETE | SERVICE_STOP);
> if(m_hService)
> {
> if(StartService(m_hService, 0, NULL))
> b= CDriverLoader_PASS;
> }
>
> return b;
> }
>
> bool CDriverLoader::StopDriver_ByUserModeService()
> {
> bool b =CDriverLoader_FAIL;
>
> if(m_hService)
> {
> ControlService(m_hService, SERVICE_CONTROL_STOP, &m_ss);
> CloseServiceHandle(m_hService);
> DeleteService(m_hService);
> b =CDriverLoader_PASS;
> m_hService=NULL;
> }
> CloseServiceHandle(m_hSCManager);
> m_hSCManager=NULL;
>
> return b;
> }
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> You are currently subscribed to ntfsd as: unknown lmsubst tag argument: ‘’
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>

–
Mark Roddy</irp_mj_maximum_function>

Farhan_Khan · January 18, 2008, 6:51am

Thanks Mark Roddy, next time i will remmember that ntdev. (But still its not getting remove when i see OSRLoader’s active services)