Lets say I have a driver that is crashing in-field every time Windows starts. The user is required to manually intervene and go into Safe Mode and disable my driver. This is very costly if it happens on a large scale. Is there a way to prevent the driver from loading automatically if it fails after certain number of times? For UM services this can be done through ChangeServiceConfig2 and SERVICE_CONFIG_FAILURE_ACTIONS but fails with ERROR_CANNOT_DETECT_DRIVER_FAILURE when called on a KM driver.
Simply review and debug… with enough patience… Art of learning.
If it loads from service don’t make it auto start… put it as manual. Or
delay load something… Please learn the basics and get into it.
On 20-Dec-2017 8:06 AM, “xxxxx@hotmail.com” wrote:
Lets say I have a driver that is crashing in-field every time Windows
starts. The user is required to manually intervene and go into Safe Mode
and disable my driver. This is very costly if it happens on a large
scale. Is there a way to prevent the driver from loading automatically if
it fails after certain number of times? For UM services this can be done
through ChangeServiceConfig2 and SERVICE_CONFIG_FAILURE_ACTIONS but fails
with ERROR_CANNOT_DETECT_DRIVER_FAILURE when called on a KM driver.
—
NTDEV is sponsored by OSR
Visit the list online at: http:>
MONTHLY seminars on crash dump analysis, WDF, Windows internals and
software drivers!
Details at http:
To unsubscribe, visit the List Server section of OSR Online at <
http://www.osronline.com/page.cfm?name=ListServer></http:></http:>
I don’t think you can get away with it by plain and simple windows configuration alone.
You would need to implement a failsafe method and try to store in the registry, or some other place of your choice a “driver load status/counter” or better yet a “failed load counter”. What counts as a successful or bad load is up for you to decide but should it not load correctly just return from DriverEntry a STATUS_SUCCESS without doing anything and that should be the equivalent of your driver not being at all loaded. Depending on what driver you have returning an error status code might prevent the system from starting.
Another approach is to actually create a second driver which has the sole purpose of tracking your main driver’s successful or bad loads on boot. If it “detects” a bad load then it will try to mark the service Start key value as manual or disabled depending on how you want it. This way you could deploy this 2nd driver to your clients and have it monitor your main driver.
You can register it for a bugcheck callback and bugcheckcallbackreason routines and check if it is your own driver doing the crashing.
I am not sure if this is the answer you’re looking for but this would be something I would try.
Then again it really depends on how “early” in the boot process you driver is crashing. Crashing too early will not be of any help with the registry modification technique since the registry change will not be reflected in the actual file on disk but rather in memory at the time. Even calling ZwFlushKey will not be of any help to you there.
Maybe one last method is to deploy a patch to your customers that will simply change the start configuration from BOOT to Manual and again having a second driver that does the loading of the main driver on boot. This driver will of course load your driver if and only if it can read a “last load status” key value from the registry which will indicate a successful load otherwise it will simply not load your main driver.
Good luck,
Gabriel
www.kasardia.com
You could use the registry to count consecutive failures - clearing the
count on normal system shutdown, and at some threshold you could decide to
put your driver into some sort of passive mode where it can do no harm.
This is just a stupid hack though, fix your bugs.
Mark Roddy
On Tue, Dec 19, 2017 at 9:35 PM, xxxxx@hotmail.com
wrote:
> Lets say I have a driver that is crashing in-field every time Windows
> starts. The user is required to manually intervene and go into Safe Mode
> and disable my driver. This is very costly if it happens on a large
> scale. Is there a way to prevent the driver from loading automatically if
> it fails after certain number of times? For UM services this can be done
> through ChangeServiceConfig2 and SERVICE_CONFIG_FAILURE_ACTIONS but fails
> with ERROR_CANNOT_DETECT_DRIVER_FAILURE when called on a KM driver.
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:> showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer>
></http:></http:>
Mark, I agree it is a stupid hack. But one cannot foresee every possible bug until the software is in the hands of your customer. If you ship a buggy driver, the pain is real. The customer may dump your product and you will not even get a chance to fix your mistake.