minispy loading problem

Saurabh_Kothari · January 7, 2010, 10:27pm

Hi,
I’m new to driver development and was looking at the examples provided in the WinDDK. I built the minispy filter driver under the filesystem example, following the instructions at http://msdn.microsoft.com/en-us/library/dd163281.aspx. After installing the filter, I tried running the .exe file but got this error:
Connecting to filter’s port…
Could not connect to filter: 0x80070002
The system cannot find the file specified.

Could someone help me out with this? What am I doing wrong?

Thanks.

saurako

Rick_W · January 8, 2010, 3:44pm

Did you load the driver? “Fltmc load minispy”

Saurabh_Kothari · January 8, 2010, 4:14pm

Thanks Rick!
Yes, I tried loading the driver using Fltmc, but I get this error:
Load failed with error: 0x800704fb
This driver has been blocked from loading

I tried using net start minispy also, but get this error then:
System error 1275 has occurred.

This driver has been blocked from loading

I checked if the driver was installed properly… it was.
I thought it could be an admin problem, so I tried as an administrator, but
I keep getting the same problem.

Is there something else I can do?

On Fri, Jan 8, 2010 at 2:43 PM, wrote:

> Did you load the driver? “Fltmc load minispy”
>
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

Scott_Noone_OSR · January 8, 2010, 4:26pm

Are you running 64bit Windows? If so you need to sign the driver or disable
signature enforcement via the F8 boot menu.

-scott

–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Saurabh Kothari” wrote in message news:xxxxx@ntfsd…
Thanks Rick!
Yes, I tried loading the driver using Fltmc, but I get this error:
Load failed with error: 0x800704fb
This driver has been blocked from loading

I tried using net start minispy also, but get this error then:
System error 1275 has occurred.

This driver has been blocked from loading

I checked if the driver was installed properly… it was.
I thought it could be an admin problem, so I tried as an administrator, but
I keep getting the same problem.

Is there something else I can do?

On Fri, Jan 8, 2010 at 2:43 PM, wrote:

Did you load the driver? “Fltmc load minispy”

—
NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · January 8, 2010, 4:28pm

Are you running on a 64-bit OS? I’ve seen that before when I tried to load a driver that was not compatible with 64 bit.

Saurabh_Kothari · January 8, 2010, 4:37pm

Yes, I’m running a 64bit operating system- Win7 64bit.
Isn’t the minispy driver signed? It is part of the WinDDK right?

-saurabh

On Fri, Jan 8, 2010 at 3:26 PM, Scott Noone wrote:

> Are you running 64bit Windows? If so you need to sign the driver or disable
> signature enforcement via the F8 boot menu.
>
> -scott
>
> –
> Scott Noone
> Consulting Associate
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
>
> “Saurabh Kothari” wrote in message news:xxxxx@ntfsd.
> …
> Thanks Rick!
> Yes, I tried loading the driver using Fltmc, but I get this error:
> Load failed with error: 0x800704fb
> This driver has been blocked from loading
>
>
> I tried using net start minispy also, but get this error then:
> System error 1275 has occurred.
>
>
> This driver has been blocked from loading
>
>
> I checked if the driver was installed properly… it was.
> I thought it could be an admin problem, so I tried as an administrator, but
> I keep getting the same problem.
>
>
> Is there something else I can do?
>
>
>
>
>
>
> On Fri, Jan 8, 2010 at 2:43 PM, wrote:
>
> Did you load the driver? “Fltmc load minispy”
>
>
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

Saurabh_Kothari · January 8, 2010, 5:24pm

I disabled signature enforcement via the F8 boot option and tried again and
got the same error… driver blocked from loading…

On Fri, Jan 8, 2010 at 3:26 PM, Scott Noone wrote:

> Are you running 64bit Windows? If so you need to sign the driver or disable
> signature enforcement via the F8 boot menu.
>
> -scott
>
> –
> Scott Noone
> Consulting Associate
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
>
> “Saurabh Kothari” wrote in message news:xxxxx@ntfsd.
> …
> Thanks Rick!
> Yes, I tried loading the driver using Fltmc, but I get this error:
> Load failed with error: 0x800704fb
> This driver has been blocked from loading
>
>
> I tried using net start minispy also, but get this error then:
> System error 1275 has occurred.
>
>
> This driver has been blocked from loading
>
>
> I checked if the driver was installed properly… it was.
> I thought it could be an admin problem, so I tried as an administrator, but
> I keep getting the same problem.
>
>
> Is there something else I can do?
>
>
>
>
>
>
> On Fri, Jan 8, 2010 at 2:43 PM, wrote:
>
> Did you load the driver? “Fltmc load minispy”
>
>
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

OSR_Community_User · January 8, 2010, 5:29pm

Here is a page detailing how to release sign a driver. You *MUST* do this on a 64-bit OS.

http://www.microsoft.com/whdc/driver/tips/IFS_Signing.mspx

If that doesn’t fix the problem, then make sure you’re building in release mode and that the minispy driver is designed to work on a 64-bit OS. It may be that it just won’t work on anything other than 32 bit.

Doug_N · January 8, 2010, 5:30pm

It’s part of the WinDDK, but it’s not signed. You sign it to show that you
created it (and by extension are somewhat responsible for it). Microsoft
couldn’t be responsible for something you compiled.

You have to get a code signing cert
(http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx ) or disable
signature enforcement.

See http://www.microsoft.com/whdc/winlogo/drvsign/kmcs_walkthrough.mspx

Doug

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Saurabh Kothari
Sent: Friday, January 08, 2010 3:37 PM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] minispy loading problem

Yes, I’m running a 64bit operating system- Win7 64bit.

Isn’t the minispy driver signed? It is part of the WinDDK right?

-saurabh

On Fri, Jan 8, 2010 at 3:26 PM, Scott Noone wrote:

Are you running 64bit Windows? If so you need to sign the driver or disable
signature enforcement via the F8 boot menu.

-scott

–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Saurabh Kothari” wrote in message news:xxxxx@ntfsd…

Thanks Rick!
Yes, I tried loading the driver using Fltmc, but I get this error:
Load failed with error: 0x800704fb
This driver has been blocked from loading

I tried using net start minispy also, but get this error then:
System error 1275 has occurred.

This driver has been blocked from loading

I checked if the driver was installed properly… it was.
I thought it could be an admin problem, so I tried as an administrator, but
I keep getting the same problem.

Is there something else I can do?

On Fri, Jan 8, 2010 at 2:43 PM, wrote:

Did you load the driver? “Fltmc load minispy”

—
NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

—
NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

— NTFSD is sponsored by OSR For our schedule of debugging and file system
seminars (including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars To unsubscribe, visit the List Server section of
OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Eric_Diven · January 8, 2010, 5:39pm

Lyndon Clarke posted a batch file a while ago to help ease the pain:

http://www.osronline.com/showThread.cfm?link=143925

That’s what I started from when I went through this a couple of months
ago. Thanks Lyndon!

Eric

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doug
Sent: Friday, January 08, 2010 5:29 PM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] minispy loading problem

It’s part of the WinDDK, but it’s not signed. You sign it to
show that you created it (and by extension are somewhat responsible for
it). Microsoft couldn’t be responsible for something you compiled.

You have to get a code signing cert
(http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx ) or
disable signature enforcement.

See
http://www.microsoft.com/whdc/winlogo/drvsign/kmcs_walkthrough.mspx

Doug

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Saurabh Kothari
Sent: Friday, January 08, 2010 3:37 PM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] minispy loading problem

Yes, I’m running a 64bit operating system- Win7 64bit.

Isn’t the minispy driver signed? It is part of the WinDDK right?

-saurabh

On Fri, Jan 8, 2010 at 3:26 PM, Scott Noone
wrote:

Are you running 64bit Windows? If so you need to sign the driver
or disable
signature enforcement via the F8 boot menu.

-scott

–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Saurabh Kothari” wrote in message
news:xxxxx@ntfsd…

Thanks Rick!
Yes, I tried loading the driver using Fltmc, but I get this
error:
Load failed with error: 0x800704fb
This driver has been blocked from loading

I tried using net start minispy also, but get this error then:
System error 1275 has occurred.

This driver has been blocked from loading

I checked if the driver was installed properly… it was.
I thought it could be an admin problem, so I tried as an
administrator, but
I keep getting the same problem.

Is there something else I can do?

On Fri, Jan 8, 2010 at 2:43 PM,
wrote:

Did you load the driver? “Fltmc load minispy”

—
NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

—
NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

— NTFSD is sponsored by OSR For our schedule of debugging and
file system seminars (including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars To unsubscribe, visit the List Server
section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

—
NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Gary_Little-3 · January 8, 2010, 6:26pm

If you built it, of course, it is not signed. You have to either use a test
certificate, or a real one. If using a TC then you have to set the sytem to
accept it in the boot menu.

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Saurabh Kothari
Sent: Friday, January 08, 2010 3:37 PM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] minispy loading problem

Yes, I’m running a 64bit operating system- Win7 64bit.

Isn’t the minispy driver signed? It is part of the WinDDK right?

-saurabh

On Fri, Jan 8, 2010 at 3:26 PM, Scott Noone wrote:

Are you running 64bit Windows? If so you need to sign the driver or disable
signature enforcement via the F8 boot menu.

-scott

–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Saurabh Kothari” wrote in message news:xxxxx@ntfsd…

Thanks Rick!
Yes, I tried loading the driver using Fltmc, but I get this error:
Load failed with error: 0x800704fb
This driver has been blocked from loading

I tried using net start minispy also, but get this error then:
System error 1275 has occurred.

This driver has been blocked from loading

I checked if the driver was installed properly… it was.
I thought it could be an admin problem, so I tried as an administrator, but
I keep getting the same problem.

Is there something else I can do?

On Fri, Jan 8, 2010 at 2:43 PM, wrote:

Did you load the driver? “Fltmc load minispy”

—
NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

—
NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

— NTFSD is sponsored by OSR For our schedule of debugging and file system
seminars (including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars To unsubscribe, visit the List Server section of
OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Information from ESET Smart Security, version of virus signature
database 4755 (20100108)

The message was checked by ESET Smart Security.

http://www.eset.com

Gary_Little-3 · January 8, 2010, 6:27pm

Do you have WinDbg connected?

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Saurabh Kothari
Sent: Friday, January 08, 2010 4:24 PM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] minispy loading problem

I disabled signature enforcement via the F8 boot option and tried again and
got the same error… driver blocked from loading…

On Fri, Jan 8, 2010 at 3:26 PM, Scott Noone wrote:

Are you running 64bit Windows? If so you need to sign the driver or disable
signature enforcement via the F8 boot menu.

-scott

–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Saurabh Kothari” wrote in message news:xxxxx@ntfsd…

Thanks Rick!
Yes, I tried loading the driver using Fltmc, but I get this error:
Load failed with error: 0x800704fb
This driver has been blocked from loading

I tried using net start minispy also, but get this error then:
System error 1275 has occurred.

This driver has been blocked from loading

I checked if the driver was installed properly… it was.
I thought it could be an admin problem, so I tried as an administrator, but
I keep getting the same problem.

Is there something else I can do?

On Fri, Jan 8, 2010 at 2:43 PM, wrote:

Did you load the driver? “Fltmc load minispy”

—
NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

—
NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

— NTFSD is sponsored by OSR For our schedule of debugging and file system
seminars (including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars To unsubscribe, visit the List Server section of
OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Information from ESET Smart Security, version of virus signature
database 4755 (20100108)

The message was checked by ESET Smart Security.

http://www.eset.com

Saurabh_Kothari · January 8, 2010, 7:53pm

No, I dont have WinDbg connected. Although I think I should do it…
I’m reading through the Digital Signatures for Kernel Modules on Systems
Running Windows
Vistahttp:
guide
provided by MS. I think I’ll use the test certificate option for signing the
driver.
I hope this works!
I’ll let you all know what happens.

On Fri, Jan 8, 2010 at 5:27 PM, Gary G. Little wrote:

> Do you have WinDbg connected?
>
>
>
> Gary G. Little
>
> H (952) 223-1349
>
> C (952) 454-4629
>
> xxxxx@comcast.net
>
>
>
>
>
>
>
> From: xxxxx@lists.osr.com [mailto:
> xxxxx@lists.osr.com] *On Behalf Of *Saurabh Kothari
> Sent: Friday, January 08, 2010 4:24 PM
>
> To: Windows File Systems Devs Interest List
> Subject: Re: [ntfsd] minispy loading problem
>
>
>
> I disabled signature enforcement via the F8 boot option and tried again and
> got the same error… driver blocked from loading…
>
>
>
> On Fri, Jan 8, 2010 at 3:26 PM, Scott Noone wrote:
>
> Are you running 64bit Windows? If so you need to sign the driver or disable
> signature enforcement via the F8 boot menu.
>
> -scott
>
> –
> Scott Noone
> Consulting Associate
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
>
> “Saurabh Kothari” wrote in message news:xxxxx@ntfsd.
> …
>
> Thanks Rick!
> Yes, I tried loading the driver using Fltmc, but I get this error:
> Load failed with error: 0x800704fb
> This driver has been blocked from loading
>
>
> I tried using net start minispy also, but get this error then:
> System error 1275 has occurred.
>
>
> This driver has been blocked from loading
>
>
> I checked if the driver was installed properly… it was.
> I thought it could be an admin problem, so I tried as an administrator, but
> I keep getting the same problem.
>
>
> Is there something else I can do?
>
>
>
>
>
>
> On Fri, Jan 8, 2010 at 2:43 PM, wrote:
>
> Did you load the driver? “Fltmc load minispy”
>
>
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
>
> — NTFSD is sponsored by OSR For our schedule of debugging and file system
> seminars (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars To unsubscribe, visit the List Server section
> of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>
>
>
> Information from ESET Smart Security, version of virus signature
> database 4755 (20100108)
>
>
>
> The message was checked by ESET Smart Security.
>
>
>
> http://www.eset.com
>
>
> Information from ESET Smart Security, version of virus signature
> database 4755 (20100108)
>
> The message was checked by ESET Smart Security.
>
> http://www.eset.com
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
></http:>

Saurabh_Kothari · January 9, 2010, 5:57pm

Hi guys,

I followed these steps and the problem still persists:

Started Win7 with the F8 option
Generated a test certificate using MakeCert and signed the minispy.sys
using this certificate. The SignTool verify command produced this result:
SignTool Error: A certificate chain processed, but terminated in a
root
certificate which is not trusted by the trust provider.

Number of errors: 1

(I think this is the problem.)

Because the F8 boot option allows the improperly signed drivers to load,
I installed my (now improperly) signed driver using the .inf file.
I then tried loading the filter using Fltmc load minispy command, and got
the same message:
System error 1275 has occurred.

This driver has been blocked from loading

I verified the minispy filter can be used on x64 operating system.

I’m back to square one! … can someone suggest what I can do to get this
working?

Thanks!

saurako

On Fri, Jan 8, 2010 at 6:52 PM, Saurabh Kothari wrote:

> No, I dont have WinDbg connected. Although I think I should do it…
> I’m reading through the Digital Signatures for Kernel Modules on Systems
> Running Windows Vistahttp: guide
> provided by MS. I think I’ll use the test certificate option for signing the
> driver.
> I hope this works!
> I’ll let you all know what happens.
>
>
> On Fri, Jan 8, 2010 at 5:27 PM, Gary G. Little wrote:
>
>> Do you have WinDbg connected?
>>
>>
>>
>> Gary G. Little
>>
>> H (952) 223-1349
>>
>> C (952) 454-4629
>>
>> xxxxx@comcast.net
>>
>>
>>
>>
>>
>>
>>
>> From: xxxxx@lists.osr.com [mailto:
>> xxxxx@lists.osr.com] *On Behalf Of *Saurabh Kothari
>> Sent: Friday, January 08, 2010 4:24 PM
>>
>> To: Windows File Systems Devs Interest List
>> Subject: Re: [ntfsd] minispy loading problem
>>
>>
>>
>> I disabled signature enforcement via the F8 boot option and tried again
>> and got the same error… driver blocked from loading…
>>
>>
>>
>> On Fri, Jan 8, 2010 at 3:26 PM, Scott Noone wrote:
>>
>> Are you running 64bit Windows? If so you need to sign the driver or
>> disable
>> signature enforcement via the F8 boot menu.
>>
>> -scott
>>
>> –
>> Scott Noone
>> Consulting Associate
>> OSR Open Systems Resources, Inc.
>> http://www.osronline.com
>>
>>
>> “Saurabh Kothari” wrote in message
>> news:xxxxx@ntfsd…
>>
>> Thanks Rick!
>> Yes, I tried loading the driver using Fltmc, but I get this error:
>> Load failed with error: 0x800704fb
>> This driver has been blocked from loading
>>
>>
>> I tried using net start minispy also, but get this error then:
>> System error 1275 has occurred.
>>
>>
>> This driver has been blocked from loading
>>
>>
>> I checked if the driver was installed properly… it was.
>> I thought it could be an admin problem, so I tried as an administrator,
>> but
>> I keep getting the same problem.
>>
>>
>> Is there something else I can do?
>>
>>
>>
>>
>>
>>
>> On Fri, Jan 8, 2010 at 2:43 PM, wrote:
>>
>> Did you load the driver? “Fltmc load minispy”
>>
>>
>>
>>
>> —
>> NTFSD is sponsored by OSR
>>
>> For our schedule of debugging and file system seminars
>> (including our new fs mini-filter seminar) visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>>
>>
>> —
>> NTFSD is sponsored by OSR
>>
>> For our schedule of debugging and file system seminars
>> (including our new fs mini-filter seminar) visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>>
>>
>> — NTFSD is sponsored by OSR For our schedule of debugging and file
>> system seminars (including our new fs mini-filter seminar) visit:
>> http://www.osr.com/seminars To unsubscribe, visit the List Server section
>> of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>>
>>
>>
>> Information from ESET Smart Security, version of virus
>> signature database 4755 (20100108)
>>
>>
>>
>> The message was checked by ESET Smart Security.
>>
>>
>>
>> http://www.eset.com
>>
>>
>> Information from ESET Smart Security, version of virus
>> signature database 4755 (20100108)
>>
>> The message was checked by ESET Smart Security.
>>
>> http://www.eset.com
>>
>> —
>> NTFSD is sponsored by OSR
>>
>> For our schedule of debugging and file system seminars
>> (including our new fs mini-filter seminar) visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
></http:>

OSR_Community_User · January 9, 2010, 6:22pm

Did you install the test certificate in the root store of the machine that
you are using to sign the driver? You shouldn’t need this if booting with
the F8 option.
Are you sure that you are using the x64 build environment to build the
driver?

Bill Wandel

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Saurabh Kothari
Sent: Saturday, January 09, 2010 5:57 PM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] minispy loading problem

Hi guys,

I followed these steps and the problem still persists:

Started Win7 with the F8 option
Generated a test certificate using MakeCert and signed the minispy.sys
using this certificate. The SignTool verify command produced this result:
SignTool Error: A certificate chain processed, but terminated in a
root
certificate which is not trusted by the trust provider.

Number of errors: 1

(I think this is the problem.)

Because the F8 boot option allows the improperly signed drivers to load,
I installed my (now improperly) signed driver using the .inf file.
I then tried loading the filter using Fltmc load minispy command, and got
the same message:
System error 1275 has occurred.

This driver has been blocked from loading

I verified the minispy filter can be used on x64 operating system.

I’m back to square one! … can someone suggest what I can do to get this
working?

Thanks!

saurako

On Fri, Jan 8, 2010 at 6:52 PM, Saurabh Kothari wrote:

No, I dont have WinDbg connected. Although I think I should do it…
I’m reading through the Digital Signatures for Kernel Modules on Systems
Running Windows
http: Vista guide
provided by MS. I think I’ll use the test certificate option for signing the
driver.
I hope this works!
I’ll let you all know what happens.

On Fri, Jan 8, 2010 at 5:27 PM, Gary G. Little wrote:

Do you have WinDbg connected?

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Saurabh Kothari
Sent: Friday, January 08, 2010 4:24 PM

To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] minispy loading problem

I disabled signature enforcement via the F8 boot option and tried again and
got the same error… driver blocked from loading…

On Fri, Jan 8, 2010 at 3:26 PM, Scott Noone wrote:

Are you running 64bit Windows? If so you need to sign the driver or disable
signature enforcement via the F8 boot menu.

-scott

–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Saurabh Kothari” wrote in message news:xxxxx@ntfsd…

Thanks Rick!
Yes, I tried loading the driver using Fltmc, but I get this error:
Load failed with error: 0x800704fb
This driver has been blocked from loading

I tried using net start minispy also, but get this error then:
System error 1275 has occurred.

This driver has been blocked from loading

I checked if the driver was installed properly… it was.
I thought it could be an admin problem, so I tried as an administrator, but
I keep getting the same problem.

Is there something else I can do?

On Fri, Jan 8, 2010 at 2:43 PM, wrote:

Did you load the driver? “Fltmc load minispy”

—
NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

—
NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

— NTFSD is sponsored by OSR For our schedule of debugging and file system
seminars (including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars To unsubscribe, visit the List Server section of
OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Information from ESET Smart Security, version of virus signature
database 4755 (20100108)

The message was checked by ESET Smart Security.

http://www.eset.com

Information from ESET Smart Security, version of virus signature
database 4755 (20100108)

The message was checked by ESET Smart Security.

http://www.eset.com

—

NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

— NTFSD is sponsored by OSR For our schedule of debugging and file system
seminars (including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars To unsubscribe, visit the List Server section of
OSR Online at http://www.osronline.com/page.cfm?name=ListServer</http:>

Saurabh_Kothari · January 9, 2010, 6:39pm

Thank you so much Bill !!
I was using the x86 build environment all along and hadn’t realized I was
doing the wrong thing!

The filter loads without any problems now and works perfectly…

saurako

On Sat, Jan 9, 2010 at 5:22 PM, Bill Wandel wrote:

> Did you install the test certificate in the root store of the machine
> that you are using to sign the driver? You shouldn’t need this if booting
> with the F8 option.
> Are you sure that you are using the x64 build environment to build the
> driver?
>
>
> Bill Wandel
>
>
> ------------------------------
> From: xxxxx@lists.osr.com [mailto:
> xxxxx@lists.osr.com] *On Behalf Of *Saurabh Kothari
> Sent: Saturday, January 09, 2010 5:57 PM
>
> To: Windows File Systems Devs Interest List
> Subject: Re: [ntfsd] minispy loading problem
>
> Hi guys,
>
> I followed these steps and the problem still persists:
> 1. Started Win7 with the F8 option
> 2. Generated a test certificate using MakeCert and signed the minispy.sys
> using this certificate. The SignTool verify command produced this result:
> SignTool Error: A certificate chain processed, but terminated in a
> root
> certificate which is not trusted by the trust provider.
>
> Number of errors: 1
>
> (I think this is the problem.)
>
> 3. Because the F8 boot option allows the improperly signed drivers to load,
> I installed my (now improperly) signed driver using the .inf file.
> 4. I then tried loading the filter using Fltmc load minispy command, and
> got the same message:
> System error 1275 has occurred.
>
> This driver has been blocked from loading
>
> 5. I verified the minispy filter can be used on x64 operating system.
>
> I’m back to square one! … can someone suggest what I can do to get this
> working?
>
> Thanks!
>
> saurako
>
> On Fri, Jan 8, 2010 at 6:52 PM, Saurabh Kothari wrote:
>
>> No, I dont have WinDbg connected. Although I think I should do it…
>> I’m reading through the Digital Signatures for Kernel Modules on Systems
>> Running Windows Vistahttp: guide
>> provided by MS. I think I’ll use the test certificate option for signing the
>> driver.
>> I hope this works!
>> I’ll let you all know what happens.
>>
>>
>> On Fri, Jan 8, 2010 at 5:27 PM, Gary G. Little wrote:
>>
>>> Do you have WinDbg connected?
>>>
>>>
>>>
>>> Gary G. Little
>>>
>>> H (952) 223-1349
>>>
>>> C (952) 454-4629
>>>
>>> xxxxx@comcast.net
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> From: xxxxx@lists.osr.com [mailto:
>>> xxxxx@lists.osr.com] *On Behalf Of *Saurabh Kothari
>>> Sent: Friday, January 08, 2010 4:24 PM
>>>
>>> To: Windows File Systems Devs Interest List
>>> Subject: Re: [ntfsd] minispy loading problem
>>>
>>>
>>>
>>> I disabled signature enforcement via the F8 boot option and tried again
>>> and got the same error… driver blocked from loading…
>>>
>>>
>>>
>>> On Fri, Jan 8, 2010 at 3:26 PM, Scott Noone wrote:
>>>
>>> Are you running 64bit Windows? If so you need to sign the driver or
>>> disable
>>> signature enforcement via the F8 boot menu.
>>>
>>> -scott
>>>
>>> –
>>> Scott Noone
>>> Consulting Associate
>>> OSR Open Systems Resources, Inc.
>>> http://www.osronline.com
>>>
>>>
>>> “Saurabh Kothari” wrote in message
>>> news:xxxxx@ntfsd…
>>>
>>> Thanks Rick!
>>> Yes, I tried loading the driver using Fltmc, but I get this error:
>>> Load failed with error: 0x800704fb
>>> This driver has been blocked from loading
>>>
>>>
>>> I tried using net start minispy also, but get this error then:
>>> System error 1275 has occurred.
>>>
>>>
>>> This driver has been blocked from loading
>>>
>>>
>>> I checked if the driver was installed properly… it was.
>>> I thought it could be an admin problem, so I tried as an administrator,
>>> but
>>> I keep getting the same problem.
>>>
>>>
>>> Is there something else I can do?
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Fri, Jan 8, 2010 at 2:43 PM, wrote:
>>>
>>> Did you load the driver? “Fltmc load minispy”
>>>
>>>
>>>
>>>
>>> —
>>> NTFSD is sponsored by OSR
>>>
>>> For our schedule of debugging and file system seminars
>>> (including our new fs mini-filter seminar) visit:
>>> http://www.osr.com/seminars
>>>
>>> To unsubscribe, visit the List Server section of OSR Online at
>>> http://www.osronline.com/page.cfm?name=ListServer
>>>
>>>
>>>
>>> —
>>> NTFSD is sponsored by OSR
>>>
>>> For our schedule of debugging and file system seminars
>>> (including our new fs mini-filter seminar) visit:
>>> http://www.osr.com/seminars
>>>
>>> To unsubscribe, visit the List Server section of OSR Online at
>>> http://www.osronline.com/page.cfm?name=ListServer
>>>
>>>
>>>
>>> — NTFSD is sponsored by OSR For our schedule of debugging and file
>>> system seminars (including our new fs mini-filter seminar) visit:
>>> http://www.osr.com/seminars To unsubscribe, visit the List Server
>>> section of OSR Online at
>>> http://www.osronline.com/page.cfm?name=ListServer
>>>
>>>
>>>
>>> Information from ESET Smart Security, version of virus
>>> signature database 4755 (20100108)
>>>
>>>
>>>
>>> The message was checked by ESET Smart Security.
>>>
>>>
>>>
>>> http://www.eset.com
>>>
>>>
>>> Information from ESET Smart Security, version of virus
>>> signature database 4755 (20100108)
>>>
>>> The message was checked by ESET Smart Security.
>>>
>>> http://www.eset.com
>>>
>>> —
>>> NTFSD is sponsored by OSR
>>>
>>> For our schedule of debugging and file system seminars
>>> (including our new fs mini-filter seminar) visit:
>>> http://www.osr.com/seminars
>>>
>>> To unsubscribe, visit the List Server section of OSR Online at
>>> http://www.osronline.com/page.cfm?name=ListServer
>>>
>>
>>
> — NTFSD is sponsored by OSR For our schedule of debugging and file system
> seminars (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars To unsubscribe, visit the List Server section
> of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
>
> —
> NTFSD is sponsored by OSR
>
> For our schedule of debugging and file system seminars
> (including our new fs mini-filter seminar) visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
></http:>

Doug_N · January 9, 2010, 6:49pm

From what I understand, you have to cross-sign with a MS certificate for
Vista and newer. See the URL I sent earlier:

http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx

Doug

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Saurabh Kothari
Sent: Saturday, January 09, 2010 4:57 PM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] minispy loading problem

Hi guys,

I followed these steps and the problem still persists:

Started Win7 with the F8 option
Generated a test certificate using MakeCert and signed the minispy.sys
using this certificate. The SignTool verify command produced this result:

SignTool Error: A certificate chain processed, but terminated in a
root

certificate which is not trusted by the trust provider.

Number of errors: 1

(I think this is the problem.)

Because the F8 boot option allows the improperly signed drivers to load,
I installed my (now improperly) signed driver using the .inf file.
I then tried loading the filter using Fltmc load minispy command, and got
the same message:

System error 1275 has occurred.

This driver has been blocked from loading

I verified the minispy filter can be used on x64 operating system.

I’m back to square one! … can someone suggest what I can do to get this
working?

Thanks!

saurako

On Fri, Jan 8, 2010 at 6:52 PM, Saurabh Kothari wrote:

No, I dont have WinDbg connected. Although I think I should do it…

I’m reading through the
http: Digital
Signatures for Kernel Modules on Systems Running Windows Vista guide
provided by MS. I think I’ll use the test certificate option for signing the
driver.

I hope this works!

I’ll let you all know what happens.

On Fri, Jan 8, 2010 at 5:27 PM, Gary G. Little wrote:

Do you have WinDbg connected?

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Saurabh Kothari
Sent: Friday, January 08, 2010 4:24 PM

To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] minispy loading problem

I disabled signature enforcement via the F8 boot option and tried again and
got the same error… driver blocked from loading…

On Fri, Jan 8, 2010 at 3:26 PM, Scott Noone wrote:

Are you running 64bit Windows? If so you need to sign the driver or disable
signature enforcement via the F8 boot menu.

-scott

–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Saurabh Kothari” wrote in message news:xxxxx@ntfsd…

Thanks Rick!
Yes, I tried loading the driver using Fltmc, but I get this error:
Load failed with error: 0x800704fb
This driver has been blocked from loading

I tried using net start minispy also, but get this error then:
System error 1275 has occurred.

This driver has been blocked from loading

I checked if the driver was installed properly… it was.
I thought it could be an admin problem, so I tried as an administrator, but
I keep getting the same problem.

Is there something else I can do?

On Fri, Jan 8, 2010 at 2:43 PM, wrote:

Did you load the driver? “Fltmc load minispy”

—
NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

—
NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

— NTFSD is sponsored by OSR For our schedule of debugging and file system
seminars (including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars To unsubscribe, visit the List Server section of
OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Information from ESET Smart Security, version of virus signature
database 4755 (20100108)

The message was checked by ESET Smart Security.

http://www.eset.com

Information from ESET Smart Security, version of virus signature
database 4755 (20100108)

The message was checked by ESET Smart Security.

http://www.eset.com

—

NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

— NTFSD is sponsored by OSR For our schedule of debugging and file system
seminars (including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars To unsubscribe, visit the List Server section of
OSR Online at http://www.osronline.com/page.cfm?name=ListServer</http:>

OSR_Community_User · January 9, 2010, 7:08pm

You don’t need to cross-sign (and you can’t) if you are using a test
certificate.

Bill Wandel

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doug
Sent: Saturday, January 09, 2010 6:50 PM
To: Windows File Systems Devs Interest List
Subject: RE: [ntfsd] minispy loading problem

From what I understand, you have to cross-sign with a MS certificate for
Vista and newer. See the URL I sent earlier:

http://www.microsoft.com/whdc/winlogo/drvsign/crosscert.mspx

Doug

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Saurabh Kothari
Sent: Saturday, January 09, 2010 4:57 PM
To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] minispy loading problem

Hi guys,

I followed these steps and the problem still persists:

Started Win7 with the F8 option
Generated a test certificate using MakeCert and signed the minispy.sys
using this certificate. The SignTool verify command produced this result:

SignTool Error: A certificate chain processed, but terminated in a
root

certificate which is not trusted by the trust provider.

Number of errors: 1

(I think this is the problem.)

Because the F8 boot option allows the improperly signed drivers to load,
I installed my (now improperly) signed driver using the .inf file.
I then tried loading the filter using Fltmc load minispy command, and got
the same message:

System error 1275 has occurred.

This driver has been blocked from loading

I verified the minispy filter can be used on x64 operating system.

I’m back to square one! … can someone suggest what I can do to get this
working?

Thanks!

saurako

On Fri, Jan 8, 2010 at 6:52 PM, Saurabh Kothari wrote:

No, I dont have WinDbg connected. Although I think I should do it…

I’m reading through the
http: Digital
Signatures for Kernel Modules on Systems Running Windows Vista guide
provided by MS. I think I’ll use the test certificate option for signing the
driver.

I hope this works!

I’ll let you all know what happens.

On Fri, Jan 8, 2010 at 5:27 PM, Gary G. Little wrote:

Do you have WinDbg connected?

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Saurabh Kothari
Sent: Friday, January 08, 2010 4:24 PM

To: Windows File Systems Devs Interest List
Subject: Re: [ntfsd] minispy loading problem

I disabled signature enforcement via the F8 boot option and tried again and
got the same error… driver blocked from loading…

On Fri, Jan 8, 2010 at 3:26 PM, Scott Noone wrote:

Are you running 64bit Windows? If so you need to sign the driver or disable
signature enforcement via the F8 boot menu.

-scott

–
Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Saurabh Kothari” wrote in message news:xxxxx@ntfsd…

Thanks Rick!
Yes, I tried loading the driver using Fltmc, but I get this error:
Load failed with error: 0x800704fb
This driver has been blocked from loading

I tried using net start minispy also, but get this error then:
System error 1275 has occurred.

This driver has been blocked from loading

I checked if the driver was installed properly… it was.
I thought it could be an admin problem, so I tried as an administrator, but
I keep getting the same problem.

Is there something else I can do?

On Fri, Jan 8, 2010 at 2:43 PM, wrote:

Did you load the driver? “Fltmc load minispy”

—
NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

—
NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

— NTFSD is sponsored by OSR For our schedule of debugging and file system
seminars (including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars To unsubscribe, visit the List Server section of
OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Information from ESET Smart Security, version of virus signature
database 4755 (20100108)

The message was checked by ESET Smart Security.

http://www.eset.com

Information from ESET Smart Security, version of virus signature
database 4755 (20100108)

The message was checked by ESET Smart Security.

http://www.eset.com

—

NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

— NTFSD is sponsored by OSR For our schedule of debugging and file system
seminars (including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars To unsubscribe, visit the List Server section of
OSR Online at http://www.osronline.com/page.cfm?name=ListServer

—
NTFSD is sponsored by OSR

For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer</http:>