Hi,
Pl. let me know how do I disable Windows File Protection on Vista. I need to
replace driver binaries.
Thanks
Amit
What specific files are you trying to replace? Although I am not
certain, I believe that the official answer is that you are not supposed
to replace in box binaries other than by service pack. In practice,
replacing a signed driver is not uncommonly a long, tedious process with
basically no feedback due to Windows doing what it wants rather than
what you specify. In addition to posting the name of the driver you
wish to replace, look in the setupapi.log in \Windows (that’s what it’s
used to be called at least) and see what it says when you attempt to
replace the driver in question, and post that information as well.
mm
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of amit poona
Sent: Monday, August 13, 2007 14:25
To: Windows System Software Devs Interest List
Subject: [ntdev] How to Disable WFP on Vista
Hi,
Pl. let me know how do I disable Windows File Protection on Vista. I
need to replace driver binaries.
Thanks
Amit
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging
and other seminars visit: http://www.osr.com/seminars To unsubscribe,
visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Hi Martin,
It is my own driver which was signed but now I need to fix a bug and test on
the existing system.
On 8/13/07, Martin O’Brien wrote:
>
> What specific files are you trying to replace? Although I am not
> certain, I believe that the official answer is that you are not supposed to
> replace in box binaries other than by service pack. In practice, replacing
> a signed driver is not uncommonly a long, tedious process with basically no
> feedback due to Windows doing what it wants rather than what you specify.
> In addition to posting the name of the driver you wish to replace, look in
> the setupapi.log in \Windows (that’s what it’s used to be called at least)
> and see what it says when you attempt to replace the driver in question, and
> post that information as well.
>
>
>
> mm
>
>
>
>
> ------------------------------
>
> From: xxxxx@lists.osr.com [mailto:
> xxxxx@lists.osr.com] *On Behalf Of *amit poona
> Sent: Monday, August 13, 2007 14:25
> To: Windows System Software Devs Interest List
> Subject: [ntdev] How to Disable WFP on Vista
>
>
>
> Hi,
>
>
>
> Pl. let me know how do I disable Windows File Protection on Vista. I need
> to replace driver binaries.
>
>
>
> Thanks
>
> Amit
>
> — NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
> the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
Thanks
Amit
Amit are you trying to replace a file in a production environment or
just while you are developing your driver/product? As martin said,
replacing the driver in the field in a production environment is not
supported and your product would pretty much be considered malware in
most circles.
d
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Martin O’Brien
Sent: Monday, August 13, 2007 11:39 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How to Disable WFP on Vista
What specific files are you trying to replace? Although I am not
certain, I believe that the official answer is that you are not supposed
to replace in box binaries other than by service pack. In practice,
replacing a signed driver is not uncommonly a long, tedious process with
basically no feedback due to Windows doing what it wants rather than
what you specify. In addition to posting the name of the driver you
wish to replace, look in the setupapi.log in \Windows (that’s what it’s
used to be called at least) and see what it says when you attempt to
replace the driver in question, and post that information as well.
mm
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of amit poona
Sent: Monday, August 13, 2007 14:25
To: Windows System Software Devs Interest List
Subject: [ntdev] How to Disable WFP on Vista
Hi,
Pl. let me know how do I disable Windows File Protection on Vista. I
need to replace driver binaries.
Thanks
Amit
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging
and other seminars visit: http://www.osr.com/seminars To unsubscribe,
visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Hi Doron,
It is a development environment, used to reproduce the bug with signed
driver now I want to replace it with new fixed driver which is not signed.
On 8/13/07, Doron Holan wrote:
>
> Amit are you trying to replace a file in a production environment or just
> while you are developing your driver/product? As martin said, replacing the
> driver in the field in a production environment is not supported and your
> product would pretty much be considered malware in most circles.
>
>
>
> d
>
>
>
> From: xxxxx@lists.osr.com [mailto:
> xxxxx@lists.osr.com] *On Behalf Of *Martin O’Brien
> Sent: Monday, August 13, 2007 11:39 AM
> To: Windows System Software Devs Interest List
> Subject: RE: [ntdev] How to Disable WFP on Vista
>
>
>
> What specific files are you trying to replace? Although I am not certain,
> I believe that the official answer is that you are not supposed to replace
> in box binaries other than by service pack. In practice, replacing a signed
> driver is not uncommonly a long, tedious process with basically no feedback
> due to Windows doing what it wants rather than what you specify. In
> addition to posting the name of the driver you wish to replace, look in the
> setupapi.log in \Windows (that’s what it’s used to be called at least) and
> see what it says when you attempt to replace the driver in question, and
> post that information as well.
>
>
>
> mm
>
>
>
>
> ------------------------------
>
> From: xxxxx@lists.osr.com [mailto:
> xxxxx@lists.osr.com] *On Behalf Of *amit poona
> Sent: Monday, August 13, 2007 14:25
> To: Windows System Software Devs Interest List
> Subject: [ntdev] How to Disable WFP on Vista
>
>
>
> Hi,
>
>
>
> Pl. let me know how do I disable Windows File Protection on Vista. I need
> to replace driver binaries.
>
>
>
> Thanks
>
> Amit
>
> — NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
> the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
Thanks
Amit
Then play with the ImagePath value instead of replacing the binary.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
“amit poona” wrote in message news:xxxxx@ntdev…
> Hi Doron,
>
> It is a development environment, used to reproduce the bug with signed
> driver now I want to replace it with new fixed driver which is not signed.
>
>
>
> On 8/13/07, Doron Holan wrote:
> >
> > Amit are you trying to replace a file in a production environment or just
> > while you are developing your driver/product? As martin said, replacing
the
> > driver in the field in a production environment is not supported and your
> > product would pretty much be considered malware in most circles.
> >
> >
> >
> > d
> >
> >
> >
> > From: xxxxx@lists.osr.com [mailto:
> > xxxxx@lists.osr.com] *On Behalf Of *Martin O’Brien
> > Sent: Monday, August 13, 2007 11:39 AM
> > To: Windows System Software Devs Interest List
> > Subject: RE: [ntdev] How to Disable WFP on Vista
> >
> >
> >
> > What specific files are you trying to replace? Although I am not certain,
> > I believe that the official answer is that you are not supposed to replace
> > in box binaries other than by service pack. In practice, replacing a
signed
> > driver is not uncommonly a long, tedious process with basically no feedback
> > due to Windows doing what it wants rather than what you specify. In
> > addition to posting the name of the driver you wish to replace, look in the
> > setupapi.log in \Windows (that’s what it’s used to be called at least) and
> > see what it says when you attempt to replace the driver in question, and
> > post that information as well.
> >
> >
> >
> > mm
> >
> >
> >
> >
> > ------------------------------
> >
> > From: xxxxx@lists.osr.com [mailto:
> > xxxxx@lists.osr.com] *On Behalf Of *amit poona
> > Sent: Monday, August 13, 2007 14:25
> > To: Windows System Software Devs Interest List
> > Subject: [ntdev] How to Disable WFP on Vista
> >
> >
> >
> > Hi,
> >
> >
> >
> > Pl. let me know how do I disable Windows File Protection on Vista. I need
> > to replace driver binaries.
> >
> >
> >
> > Thanks
> >
> > Amit
> >
> > — NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
> > other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
> > the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
> >
> >
> > —
> > NTDEV is sponsored by OSR
> >
> > For our schedule of WDF, WDM, debugging and other seminars visit:
> > http://www.osr.com/seminars
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
> >
> > —
> > NTDEV is sponsored by OSR
> >
> > For our schedule of WDF, WDM, debugging and other seminars visit:
> > http://www.osr.com/seminars
> >
> > To unsubscribe, visit the List Server section of OSR Online at
> > http://www.osronline.com/page.cfm?name=ListServer
> >
>
>
>
> –
> Thanks
> Amit
>
This is different than the case of in box drivers (it doesn’t have the
same name as any, does it?), but the same basic information applies.
Look in setupapi.log and see what the problem is. It probably will say
something about it being demoted and a code 81. This is where Windows
does what it thinks is best; if it feels that it knows of a more
suitable driver for a device then the one you want, it prefers its
opinion over yours, and doesn’t mention this, other than in
setuplog.api. I guess my first question would be why can’t you just
copy over the driver?
WFP has nothing to do with this, as it is not a system driver; something
is missing from this picture.
mm
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of amit poona
Sent: Monday, August 13, 2007 14:48
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] How to Disable WFP on Vista
Hi Martin,
It is my own driver which was signed but now I need to fix a bug and
test on the existing system.
On 8/13/07, Martin O’Brien wrote:
What specific files are you trying to replace? Although I am not
certain, I believe that the official answer is that you are not supposed
to replace in box binaries other than by service pack. In practice,
replacing a signed driver is not uncommonly a long, tedious process with
basically no feedback due to Windows doing what it wants rather than
what you specify. In addition to posting the name of the driver you
wish to replace, look in the setupapi.log in \Windows (that’s what it’s
used to be called at least) and see what it says when you attempt to
replace the driver in question, and post that information as well.
mm
________________________________
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of amit poona
Sent: Monday, August 13, 2007 14:25
To: Windows System Software Devs Interest List
Subject: [ntdev] How to Disable WFP on Vista
Hi,
Pl. let me know how do I disable Windows File Protection on Vista. I
need to replace driver binaries.
Thanks
Amit
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging
and other seminars visit: http://www.osr.com/seminars To unsubscribe,
visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
–
Thanks
Amit — NTDEV is sponsored by OSR For our schedule of WDF, WDM,
debugging and other seminars visit: http://www.osr.com/seminars To
unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Alternately, you can use WinDbg to load drivers from an alternate path; e.g.
your build paths. Look at .kdfiles.
–
The personal opinion of
Gary G. Little
“Maxim S. Shatskih” wrote in message
news:xxxxx@ntdev…
> Then play with the ImagePath value instead of replacing the binary.
>
> –
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
> “amit poona” wrote in message news:xxxxx@ntdev…
>> Hi Doron,
>>
>> It is a development environment, used to reproduce the bug with signed
>> driver now I want to replace it with new fixed driver which is not
>> signed.
>>
>>
>>
>> On 8/13/07, Doron Holan wrote:
>> >
>> > Amit are you trying to replace a file in a production environment or
>> > just
>> > while you are developing your driver/product? As martin said,
>> > replacing
> the
>> > driver in the field in a production environment is not supported and
>> > your
>> > product would pretty much be considered malware in most circles.
>> >
>> >
>> >
>> > d
>> >
>> >
>> >
>> > From: xxxxx@lists.osr.com [mailto:
>> > xxxxx@lists.osr.com] *On Behalf Of *Martin O’Brien
>> > Sent: Monday, August 13, 2007 11:39 AM
>> > To: Windows System Software Devs Interest List
>> > Subject: RE: [ntdev] How to Disable WFP on Vista
>> >
>> >
>> >
>> > What specific files are you trying to replace? Although I am not
>> > certain,
>> > I believe that the official answer is that you are not supposed to
>> > replace
>> > in box binaries other than by service pack. In practice, replacing a
> signed
>> > driver is not uncommonly a long, tedious process with basically no
>> > feedback
>> > due to Windows doing what it wants rather than what you specify. In
>> > addition to posting the name of the driver you wish to replace, look in
>> > the
>> > setupapi.log in \Windows (that’s what it’s used to be called at least)
>> > and
>> > see what it says when you attempt to replace the driver in question,
>> > and
>> > post that information as well.
>> >
>> >
>> >
>> > mm
>> >
>> >
>> >
>> >
>> > ------------------------------
>> >
>> > From: xxxxx@lists.osr.com [mailto:
>> > xxxxx@lists.osr.com] *On Behalf Of *amit poona
>> > Sent: Monday, August 13, 2007 14:25
>> > To: Windows System Software Devs Interest List
>> > Subject: [ntdev] How to Disable WFP on Vista
>> >
>> >
>> >
>> > Hi,
>> >
>> >
>> >
>> > Pl. let me know how do I disable Windows File Protection on Vista. I
>> > need
>> > to replace driver binaries.
>> >
>> >
>> >
>> > Thanks
>> >
>> > Amit
>> >
>> > — NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging
>> > and
>> > other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
>> > the List Server section of OSR Online at
>> > http://www.osronline.com/page.cfm?name=ListServer
>> >
>> >
>> > —
>> > NTDEV is sponsored by OSR
>> >
>> > For our schedule of WDF, WDM, debugging and other seminars visit:
>> > http://www.osr.com/seminars
>> >
>> > To unsubscribe, visit the List Server section of OSR Online at
>> > http://www.osronline.com/page.cfm?name=ListServer
>> >
>> > —
>> > NTDEV is sponsored by OSR
>> >
>> > For our schedule of WDF, WDM, debugging and other seminars visit:
>> > http://www.osr.com/seminars
>> >
>> > To unsubscribe, visit the List Server section of OSR Online at
>> > http://www.osronline.com/page.cfm?name=ListServer
>> >
>>
>>
>>
>> –
>> Thanks
>> Amit
>>
>
>
Does this still work on Vista? I remember that there was an issue with
it a while back, that I don’t think was resolved, but I don’t remember
if it was only with boot drivers or not. Maybe the whole thing has been
fixed by now in any case.
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Monday, August 13, 2007 17:47
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] How to Disable WFP on Vista
Alternately, you can use WinDbg to load drivers from an alternate path;
e.g.
your build paths. Look at .kdfiles.
–
The personal opinion of
Gary G. Little
“Maxim S. Shatskih” wrote in message
news:xxxxx@ntdev…
> Then play with the ImagePath value instead of replacing the binary.
>
> –
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
> “amit poona” wrote in message
news:xxxxx@ntdev…
>> Hi Doron,
>>
>> It is a development environment, used to reproduce the bug with
signed
>> driver now I want to replace it with new fixed driver which is not
>> signed.
>>
>>
>>
>> On 8/13/07, Doron Holan wrote:
>> >
>> > Amit are you trying to replace a file in a production environment
or
>> > just
>> > while you are developing your driver/product? As martin said,
>> > replacing
> the
>> > driver in the field in a production environment is not supported
and
>> > your
>> > product would pretty much be considered malware in most circles.
>> >
>> >
>> >
>> > d
>> >
>> >
>> >
>> > From: xxxxx@lists.osr.com [mailto:
>> > xxxxx@lists.osr.com] *On Behalf Of *Martin O’Brien
>> > Sent: Monday, August 13, 2007 11:39 AM
>> > To: Windows System Software Devs Interest List
>> > Subject: RE: [ntdev] How to Disable WFP on Vista
>> >
>> >
>> >
>> > What specific files are you trying to replace? Although I am not
>> > certain,
>> > I believe that the official answer is that you are not supposed to
>> > replace
>> > in box binaries other than by service pack. In practice, replacing
a
> signed
>> > driver is not uncommonly a long, tedious process with basically no
>> > feedback
>> > due to Windows doing what it wants rather than what you specify.
In
>> > addition to posting the name of the driver you wish to replace,
look in
>> > the
>> > setupapi.log in \Windows (that’s what it’s used to be called at
least)
>> > and
>> > see what it says when you attempt to replace the driver in
question,
>> > and
>> > post that information as well.
>> >
>> >
>> >
>> > mm
>> >
>> >
>> >
>> >
>> > ------------------------------
>> >
>> > From: xxxxx@lists.osr.com [mailto:
>> > xxxxx@lists.osr.com] *On Behalf Of *amit poona
>> > Sent: Monday, August 13, 2007 14:25
>> > To: Windows System Software Devs Interest List
>> > Subject: [ntdev] How to Disable WFP on Vista
>> >
>> >
>> >
>> > Hi,
>> >
>> >
>> >
>> > Pl. let me know how do I disable Windows File Protection on Vista.
I
>> > need
>> > to replace driver binaries.
>> >
>> >
>> >
>> > Thanks
>> >
>> > Amit
>> >
>> > — NTDEV is sponsored by OSR For our schedule of WDF, WDM,
debugging
>> > and
>> > other seminars visit: http://www.osr.com/seminars To unsubscribe,
visit
>> > the List Server section of OSR Online at
>> > http://www.osronline.com/page.cfm?name=ListServer
>> >
>> >
>> > —
>> > NTDEV is sponsored by OSR
>> >
>> > For our schedule of WDF, WDM, debugging and other seminars visit:
>> > http://www.osr.com/seminars
>> >
>> > To unsubscribe, visit the List Server section of OSR Online at
>> > http://www.osronline.com/page.cfm?name=ListServer
>> >
>> > —
>> > NTDEV is sponsored by OSR
>> >
>> > For our schedule of WDF, WDM, debugging and other seminars visit:
>> > http://www.osr.com/seminars
>> >
>> > To unsubscribe, visit the List Server section of OSR Online at
>> > http://www.osronline.com/page.cfm?name=ListServer
>> >
>>
>>
>>
>> –
>> Thanks
>> Amit
>>
>
>
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
.kdfiles does not work for boot drivers, it works for all other drivers
loaded after the initial list of drivers loaded by the boot loader.
d
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Martin O’Brien
Sent: Monday, August 13, 2007 3:00 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How to Disable WFP on Vista
Does this still work on Vista? I remember that there was an issue with
it a while back, that I don’t think was resolved, but I don’t remember
if it was only with boot drivers or not. Maybe the whole thing has been
fixed by now in any case.
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Monday, August 13, 2007 17:47
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] How to Disable WFP on Vista
Alternately, you can use WinDbg to load drivers from an alternate path;
e.g.
your build paths. Look at .kdfiles.
–
The personal opinion of
Gary G. Little
“Maxim S. Shatskih” wrote in message
news:xxxxx@ntdev…
> Then play with the ImagePath value instead of replacing the binary.
>
> –
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
> “amit poona” wrote in message
news:xxxxx@ntdev…
>> Hi Doron,
>>
>> It is a development environment, used to reproduce the bug with
signed
>> driver now I want to replace it with new fixed driver which is not
>> signed.
>>
>>
>>
>> On 8/13/07, Doron Holan wrote:
>> >
>> > Amit are you trying to replace a file in a production environment
or
>> > just
>> > while you are developing your driver/product? As martin said,
>> > replacing
> the
>> > driver in the field in a production environment is not supported
and
>> > your
>> > product would pretty much be considered malware in most circles.
>> >
>> >
>> >
>> > d
>> >
>> >
>> >
>> > From: xxxxx@lists.osr.com [mailto:
>> > xxxxx@lists.osr.com] *On Behalf Of *Martin O’Brien
>> > Sent: Monday, August 13, 2007 11:39 AM
>> > To: Windows System Software Devs Interest List
>> > Subject: RE: [ntdev] How to Disable WFP on Vista
>> >
>> >
>> >
>> > What specific files are you trying to replace? Although I am not
>> > certain,
>> > I believe that the official answer is that you are not supposed to
>> > replace
>> > in box binaries other than by service pack. In practice, replacing
a
> signed
>> > driver is not uncommonly a long, tedious process with basically no
>> > feedback
>> > due to Windows doing what it wants rather than what you specify.
In
>> > addition to posting the name of the driver you wish to replace,
look in
>> > the
>> > setupapi.log in \Windows (that’s what it’s used to be called at
least)
>> > and
>> > see what it says when you attempt to replace the driver in
question,
>> > and
>> > post that information as well.
>> >
>> >
>> >
>> > mm
>> >
>> >
>> >
>> >
>> > ------------------------------
>> >
>> > From: xxxxx@lists.osr.com [mailto:
>> > xxxxx@lists.osr.com] *On Behalf Of *amit poona
>> > Sent: Monday, August 13, 2007 14:25
>> > To: Windows System Software Devs Interest List
>> > Subject: [ntdev] How to Disable WFP on Vista
>> >
>> >
>> >
>> > Hi,
>> >
>> >
>> >
>> > Pl. let me know how do I disable Windows File Protection on Vista.
I
>> > need
>> > to replace driver binaries.
>> >
>> >
>> >
>> > Thanks
>> >
>> > Amit
>> >
>> > — NTDEV is sponsored by OSR For our schedule of WDF, WDM,
debugging
>> > and
>> > other seminars visit: http://www.osr.com/seminars To unsubscribe,
visit
>> > the List Server section of OSR Online at
>> > http://www.osronline.com/page.cfm?name=ListServer
>> >
>> >
>> > —
>> > NTDEV is sponsored by OSR
>> >
>> > For our schedule of WDF, WDM, debugging and other seminars visit:
>> > http://www.osr.com/seminars
>> >
>> > To unsubscribe, visit the List Server section of OSR Online at
>> > http://www.osronline.com/page.cfm?name=ListServer
>> >
>> > —
>> > NTDEV is sponsored by OSR
>> >
>> > For our schedule of WDF, WDM, debugging and other seminars visit:
>> > http://www.osr.com/seminars
>> >
>> > To unsubscribe, visit the List Server section of OSR Online at
>> > http://www.osronline.com/page.cfm?name=ListServer
>> >
>>
>>
>>
>> –
>> Thanks
>> Amit
>>
>
>
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Thanks, Doron.
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doron Holan
Sent: Monday, August 13, 2007 18:22
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How to Disable WFP on Vista
.kdfiles does not work for boot drivers, it works for all other drivers
loaded after the initial list of drivers loaded by the boot loader.
d
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Martin O’Brien
Sent: Monday, August 13, 2007 3:00 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How to Disable WFP on Vista
Does this still work on Vista? I remember that there was an issue with
it a while back, that I don’t think was resolved, but I don’t remember
if it was only with boot drivers or not. Maybe the whole thing has been
fixed by now in any case.
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Monday, August 13, 2007 17:47
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] How to Disable WFP on Vista
Alternately, you can use WinDbg to load drivers from an alternate path;
e.g.
your build paths. Look at .kdfiles.
–
The personal opinion of
Gary G. Little
“Maxim S. Shatskih” wrote in message
news:xxxxx@ntdev…
> Then play with the ImagePath value instead of replacing the binary.
>
> –
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
> “amit poona” wrote in message
news:xxxxx@ntdev…
>> Hi Doron,
>>
>> It is a development environment, used to reproduce the bug with
signed
>> driver now I want to replace it with new fixed driver which is not
>> signed.
>>
>>
>>
>> On 8/13/07, Doron Holan wrote:
>> >
>> > Amit are you trying to replace a file in a production environment
or
>> > just
>> > while you are developing your driver/product? As martin said,
>> > replacing
> the
>> > driver in the field in a production environment is not supported
and
>> > your
>> > product would pretty much be considered malware in most circles.
>> >
>> >
>> >
>> > d
>> >
>> >
>> >
>> > From: xxxxx@lists.osr.com [mailto:
>> > xxxxx@lists.osr.com] *On Behalf Of *Martin O’Brien
>> > Sent: Monday, August 13, 2007 11:39 AM
>> > To: Windows System Software Devs Interest List
>> > Subject: RE: [ntdev] How to Disable WFP on Vista
>> >
>> >
>> >
>> > What specific files are you trying to replace? Although I am not
>> > certain,
>> > I believe that the official answer is that you are not supposed to
>> > replace
>> > in box binaries other than by service pack. In practice, replacing
a
> signed
>> > driver is not uncommonly a long, tedious process with basically no
>> > feedback
>> > due to Windows doing what it wants rather than what you specify.
In
>> > addition to posting the name of the driver you wish to replace,
look in
>> > the
>> > setupapi.log in \Windows (that’s what it’s used to be called at
least)
>> > and
>> > see what it says when you attempt to replace the driver in
question,
>> > and
>> > post that information as well.
>> >
>> >
>> >
>> > mm
>> >
>> >
>> >
>> >
>> > ------------------------------
>> >
>> > From: xxxxx@lists.osr.com [mailto:
>> > xxxxx@lists.osr.com] *On Behalf Of *amit poona
>> > Sent: Monday, August 13, 2007 14:25
>> > To: Windows System Software Devs Interest List
>> > Subject: [ntdev] How to Disable WFP on Vista
>> >
>> >
>> >
>> > Hi,
>> >
>> >
>> >
>> > Pl. let me know how do I disable Windows File Protection on Vista.
I
>> > need
>> > to replace driver binaries.
>> >
>> >
>> >
>> > Thanks
>> >
>> > Amit
>> >
>> > — NTDEV is sponsored by OSR For our schedule of WDF, WDM,
debugging
>> > and
>> > other seminars visit: http://www.osr.com/seminars To unsubscribe,
visit
>> > the List Server section of OSR Online at
>> > http://www.osronline.com/page.cfm?name=ListServer
>> >
>> >
>> > —
>> > NTDEV is sponsored by OSR
>> >
>> > For our schedule of WDF, WDM, debugging and other seminars visit:
>> > http://www.osr.com/seminars
>> >
>> > To unsubscribe, visit the List Server section of OSR Online at
>> > http://www.osronline.com/page.cfm?name=ListServer
>> >
>> > —
>> > NTDEV is sponsored by OSR
>> >
>> > For our schedule of WDF, WDM, debugging and other seminars visit:
>> > http://www.osr.com/seminars
>> >
>> > To unsubscribe, visit the List Server section of OSR Online at
>> > http://www.osronline.com/page.cfm?name=ListServer
>> >
>>
>>
>>
>> –
>> Thanks
>> Amit
>>
>
>
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Ok, this is simple enough for testing:
-
Setup the kernel debugger.
-
Break on intial breakpoint.
-
Type “.hh .kdfiles”, read about this mapping capability
-
Change your file to map to your private binary
-
When your driver loads, it’ll be sent over the debugger
connection
NOTE: this does replace the on-disk image. This is one way to recover a
test system that’s been hosed by the accidental placement of the
incorrect image, for example.
This is the only reliable and supported method I am aware of to do this.
There may be other methods (F8 at boot? Other? Don’t know…)
Hope that helps.
Henry Gabryjelski
Senior Software Development Engineer
US - Windows Device Experience
Microsoft Corporation
From: amit poona [mailto:xxxxx@gmail.com]
Sent: Monday, August 13, 2007 11:58 AM
Subject: Re: How to Disable WFP on Vista
Hi Doron,
It is a development environment, used to reproduce the bug with signed
driver now I want to replace it with new fixed driver which is not
signed.
On 8/13/07, Doron Holan wrote:
Amit are you trying to replace a file in a production environment or
just while you are developing your driver/product? As martin said,
replacing the driver in the field in a production environment is not
supported and your product would pretty much be considered malware in
most circles.
d
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Martin O’Brien
Sent: Monday, August 13, 2007 11:39 AM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How to Disable WFP on Vista
What specific files are you trying to replace? Although I am not
certain, I believe that the official answer is that you are not supposed
to replace in box binaries other than by service pack. In practice,
replacing a signed driver is not uncommonly a long, tedious process with
basically no feedback due to Windows doing what it wants rather than
what you specify. In addition to posting the name of the driver you
wish to replace, look in the setupapi.log in \Windows (that’s what it’s
used to be called at least) and see what it says when you attempt to
replace the driver in question, and post that information as well.
mm
________________________________
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of amit poona
Sent: Monday, August 13, 2007 14:25
To: Windows System Software Devs Interest List
Subject: [ntdev] How to Disable WFP on Vista
Hi,
Pl. let me know how do I disable Windows File Protection on Vista. I
need to replace driver binaries.
Thanks
Amit
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging
and other seminars visit: http://www.osr.com/seminars To unsubscribe,
visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
–
Thanks
Amit
>This is the only reliable and supported method I am aware of to do this.
There may be other methods (F8 at boot? Other? Don’t know…)
- connect WinDbg, and cause it to stop on initial breakpoint
- say “!dh DriverName” for the offending driver
- look at Image Base and Entry Point, add them together, get Address
- say “a Address”
- type
mov eax, 0xc0000001
ret 8 - type empty string
- say “g”
This will fail DriverEntry of the offending driver. The OS will boot with good
chances and allow to disable the driver in the registry.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
I didn’t know how to find the DriverEntry offset – thanks! 
For those who didn’t parse the below, this overwrites the call to the
driver’s DriverEntry so that it simply returns an error (thus failing to
load the driver altogether).
This solution works if you can disable the device entirely. If it’s a
boot-critical device (truly critical, not just boot start), then an
alternative process (such as the .kdfiles method) is still required as
the driver must load.
Thanks again for the tip, Maxim.
Henry Gabryjelski
Senior Software Development Engineer
US - Windows Device Experience
Microsoft Corporation
-----Original Message-----
From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
Sent: Tuesday, August 14, 2007 3:46 PM
Subject: Re: How to Disable WFP on Vista
This is the only reliable and supported method I am aware of to do
this.
There may be other methods (F8 at boot? Other? Don’t know…)
- connect WinDbg, and cause it to stop on initial breakpoint
- say “!dh DriverName” for the offending driver
- look at Image Base and Entry Point, add them together, get Address
- say “a Address”
- type
mov eax, 0xc0000001
ret 8 - type empty string
- say “g”
This will fail DriverEntry of the offending driver. The OS will boot
with good
chances and allow to disable the driver in the registry.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
> For those who didn’t parse the below, this overwrites the call to the
driver’s DriverEntry
Why couldn’t you just put an undefined break (bu BadDrv!DriverEntry) or even hardcode a break
in DriverEntry, once you get there, set the status you return to some error value and switch current instruction
to your
return status;
instead?
No asm, no 'rithmetic…
Oh, and tell windbg to break on [re]start.
-------------- Original message --------------
From: Henry Gabryjelski
> I didn’t know how to find the DriverEntry offset – thanks!
>
> For those who didn’t parse the below, this overwrites the call to the
> driver’s DriverEntry so that it simply returns an error (thus failing to
> load the driver altogether).
>
> This solution works if you can disable the device entirely. If it’s a
> boot-critical device (truly critical, not just boot start), then an
> alternative process (such as the .kdfiles method) is still required as
> the driver must load.
>
> Thanks again for the tip, Maxim.
>
> Henry Gabryjelski
> Senior Software Development Engineer
> US - Windows Device Experience
> Microsoft Corporation
>
>
> -----Original Message-----
> From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
> Sent: Tuesday, August 14, 2007 3:46 PM
> Subject: Re: How to Disable WFP on Vista
>
> >This is the only reliable and supported method I am aware of to do
> this.
> >There may be other methods (F8 at boot? Other? Don’t know…)
>
> - connect WinDbg, and cause it to stop on initial breakpoint
> - say “!dh DriverName” for the offending driver
> - look at Image Base and Entry Point, add them together, get Address
> - say “a Address”
> - type
> mov eax, 0xc0000001
> ret 8
> - type empty string
> - say “g”
>
> This will fail DriverEntry of the offending driver. The OS will boot
> with good
> chances and allow to disable the driver in the registry.
>
> –
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
.kdfiles doesn’t work for boot drivers. There is documentation in windbg
that points one to an alternate bootloader that supposedly allows for
windbg to load boot drivers, but I’ve never been able to get it to work.
The debug ntldr in the WDK just wrecks my test system, as far as I can
tell. In fact ntldr appears to be just missing from the WDK 6000/6001
releases. Perhaps the hideous BCDEdit has some option (BOOTDEBUG?) to
turn on boot loader debugging that enables windbg mapping of boot start
files?
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Henry Gabryjelski
Sent: Wednesday, August 15, 2007 1:04 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] How to Disable WFP on Vista
I didn’t know how to find the DriverEntry offset – thanks!
For those who didn’t parse the below, this overwrites the call to the
driver’s DriverEntry so that it simply returns an error (thus failing to
load the driver altogether).
This solution works if you can disable the device entirely. If it’s a
boot-critical device (truly critical, not just boot start), then an
alternative process (such as the .kdfiles method) is still required as
the driver must load.
Thanks again for the tip, Maxim.
Henry Gabryjelski
Senior Software Development Engineer
US - Windows Device Experience
Microsoft Corporation
-----Original Message-----
From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
Sent: Tuesday, August 14, 2007 3:46 PM
Subject: Re: How to Disable WFP on Vista
This is the only reliable and supported method I am aware of to do
this.
There may be other methods (F8 at boot? Other? Don’t know…)
- connect WinDbg, and cause it to stop on initial breakpoint
- say “!dh DriverName” for the offending driver
- look at Image Base and Entry Point, add them together, get Address
- say “a Address”
- type
mov eax, 0xc0000001
ret 8 - type empty string
- say “g”
This will fail DriverEntry of the offending driver. The OS will boot
with good
chances and allow to disable the driver in the registry.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
I concur with everything Mark said, except the part about ntldr, as I’ve
never tried it on Vista, and I believe that someone from Microsoft, not
one of the regulars, as I recall, confirmed that .kdfiles is not
supported on Vista for boot drivers.
mm
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Roddy, Mark
Sent: Wednesday, August 15, 2007 16:53
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How to Disable WFP on Vista
.kdfiles doesn’t work for boot drivers. There is documentation in windbg
that points one to an alternate bootloader that supposedly allows for
windbg to load boot drivers, but I’ve never been able to get it to work.
The debug ntldr in the WDK just wrecks my test system, as far as I can
tell. In fact ntldr appears to be just missing from the WDK 6000/6001
releases. Perhaps the hideous BCDEdit has some option (BOOTDEBUG?) to
turn on boot loader debugging that enables windbg mapping of boot start
files?
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Henry Gabryjelski
Sent: Wednesday, August 15, 2007 1:04 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] How to Disable WFP on Vista
I didn’t know how to find the DriverEntry offset – thanks!
For those who didn’t parse the below, this overwrites the call to the
driver’s DriverEntry so that it simply returns an error (thus failing to
load the driver altogether).
This solution works if you can disable the device entirely. If it’s a
boot-critical device (truly critical, not just boot start), then an
alternative process (such as the .kdfiles method) is still required as
the driver must load.
Thanks again for the tip, Maxim.
Henry Gabryjelski
Senior Software Development Engineer
US - Windows Device Experience
Microsoft Corporation
-----Original Message-----
From: Maxim S. Shatskih [mailto:xxxxx@storagecraft.com]
Sent: Tuesday, August 14, 2007 3:46 PM
Subject: Re: How to Disable WFP on Vista
This is the only reliable and supported method I am aware of to do
this.
There may be other methods (F8 at boot? Other? Don’t know…)
- connect WinDbg, and cause it to stop on initial breakpoint
- say “!dh DriverName” for the offending driver
- look at Image Base and Entry Point, add them together, get Address
- say “a Address”
- type
mov eax, 0xc0000001
ret 8 - type empty string
- say “g”
This will fail DriverEntry of the offending driver. The OS will boot
with good
chances and allow to disable the driver in the registry.
–
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer