Not loaded function AddDevice in Minifilter Serial Port (Upper Filter)

Boris_Naimark · January 9, 2024, 3:06pm

Hi. I have developed my first filter driver for SerialPort, and I need to obtain data about the port settings via IRP. The driver has functions like DriverEntry and Unload LogDataFile, and it works perfectly. However, after I added the AddDevice function, I noticed through the log that AddDevice is not loading, and this has caused the Unload function to stop working.

here you can see prt of my code from inf and c files

**From inf file **

[Version]
Signature = “$WINDOWS NT$”
Class = “Ports”
ClassGuid = {4d36e978-e325-11ce-bfc1-08002be10318}

Standard]

%MyPortMonitor.DeviceDesc%=MyPortMonitor_Device, *PNP0501

[MyPortMonitor_Device.NT]
CopyFiles=Drivers_Dir

[MyPortMonitor_Device.NT.HW]
AddReg=MyPortMonitor_UpperFilters_AddReg

[MyPortMonitor_UpperFilters_AddReg]
HKR,“UpperFilters”,0x00010008,“MyPortMonitor”

[MyPortMonitor_Device.NT.AddReg]
HKR,DeviceCharacteristics,0x10001,0x0100 ; Use same security checks on relative opens
HKR,Security,“D:P(A;;GA;;;BA)(A;;GA;;;SY)” ; Allow generic-all access to Built-in administrators and Local system

From mydriverMonitor.c

NTSTATUS AddDevices(PDRIVER_OBJECT DriverObject, In PDEVICE_OBJECT PhysicalDeviceObject)
{
NTSTATUS status = STATUS_SUCCESS;
PDEVICE_OBJECT myFilterDeviceObject = NULL;
KdPrint((“Entering AddDevices\n”));

// Logging the entry into the function.

WriteStringLogFile("Entering AddDevices\r\n");

// Create a filter device object for the detected COM port.
status = IoCreateDevice(
    DriverObject,
    0,  // Set to 0 since we're not using a device extension.
    NULL,  // No name for the filter device object.
    FILE_DEVICE_SERIAL_PORT,
    0,
    FALSE,
    &myFilterDeviceObject);

if (!NT_SUCCESS(status))
{
    KdPrint(("Error creating device object for COM port: %08x\n", status));
    WriteStringLogFile("Error creating device object for COM port\r\n");
    return status;
}

// Attach filter to the device stack
	myFilterDeviceObject->NextDevice = IoAttachDeviceToDeviceStack(
    myFilterDeviceObject,
    PhysicalDeviceObject
);

if (!myFilterDeviceObject->NextDevice)
{
    IoDeleteDevice(myFilterDeviceObject);
    KdPrint(("Failed to attach to device stack\n"));
    WriteStringLogFile("Failed to attach to device stack\r\n");
    return STATUS_UNSUCCESSFUL;
}

// Set the flags inherited from the lower device object
myFilterDeviceObject->Flags |= DO_BUFFERED_IO | DO_POWER_PAGABLE;
myFilterDeviceObject->Flags &= ~DO_DEVICE_INITIALIZING;

// Log success message
KdPrint(("COM port device added successfully\n"));
WriteStringLogFile("COM port device added successfully\r\n");*/

return STATUS_SUCCESS;

}

NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
{
NTSTATUS status = STATUS_SUCCESS;
PDEVICE_OBJECT deviceObject = NULL;
UNICODE_STRING comPortNames[MAX_COM_PORTS];
UNICODE_STRING comPortDevicePaths[MAX_COM_PORTS];
ULONG numPortsFound = 0;
PDEVICE_OBJECT myDeviceObject = NULL;

KdPrint(("LOAD SUCCESS \r\n"));
WriteStringLogFile("LOAD SUCCESS\r\n");
KIRQL currentIrql = KeGetCurrentIrql();

if (currentIrql == PASSIVE_LEVEL) 
{
    // The current IRQL is PASSIVE_LEVEL
    KdPrint(("Current IRQL is PASSIVE_LEVEL\n"));
    WriteStringLogFile("Current IRQL is PASSIVE_LEVE\r\n");
}
else 
{
    // The current IRQL is not PASSIVE_LEVEL
    KdPrint(("Current IRQL is NOT PASSIVE_LEVEL, it is %d\n", currentIrql));
    WriteULongLogFIle("Current IRQL is NOT PASSIVE_LEVEL, it is: ", (ULONG)currentIrql);
}

DriverObject->DriverUnload = UnloadDriver;
DriverObject->DriverExtension->AddDevice = AddDevices;
DriverObject->MajorFunction[IRP_MJ_CREATE] = MySerialPortCreate;

Thank you in advance for your help.

Boris .

Tim_Roberts · January 9, 2024, 5:55pm

Your INF file is missing some pieces. Note, for example, the line “Standard]”. How, exactly, have you installed this driver? The INF you have written will REPLACE the existing serial port driver, not add to it.

Doron_Holan · January 9, 2024, 6:30pm

Also, why WDM?

Boris_Naimark · January 9, 2024, 6:34pm

Hi Tim, Thank you for your answer. I see Standard]

%MyPortMonitor.DeviceDesc%=MyPortMonitor_Device, *PNP0501 does need to use [
[Standard.NTx86]
%MyPortMonitor.DeviceDesc%=MyPortMonitor, Root\MyPortMonitor ?
I used inf file for install and sc commands (create and start)

Boris_Naimark · January 9, 2024, 6:45pm

Hi Doron. I am using the Windows Driver Model (WDM) to obtain real-time information about serial port properties. Additionally, I am employing user-mode hooking with a C++ DLL. However, I am encountering a problem when trying to interface with a Java application. My current user-mode hooking approach does not seem to connect with the Java API. To resolve this, I am considering the use of a filter driver.

Thank you
Boris

Doron_Holan · January 9, 2024, 7:01pm

If your install is scoped to Windows10 and newer, you can create an extension INF to install your filter. https://learn.microsoft.com/en-us/windows-hardware/drivers/install/using-an-extension-inf-file

If you are targeting < Windows10, uou need to use Needs and Include directives to pull in the relevant install sections from msports.inf. When done correctly, it will install serial.sys and your INF installs the filter.

WDM is not faster or more real time compared to KMDF. And with WDM you have to implement all of the filtering behavior yourself. With KMDF, it is one function call.

Tim_Roberts · January 9, 2024, 7:08pm

I used inf file for install …

What does that mean? Exactly how did you install it? The INF you have (assuming you fix the syntax problems) is a PnP INF, but one does NOT use “sc” to create and start PnP drivers. And if it’s not PnP, then AddDevice is not called. I think you have a fair amount of confusion about the driver model here.

Boris_Naimark · January 10, 2024, 4:59am

Hi Doron, I need to use my driver for Windows kernel versions 6.1, 6.2, 6.3, and 10.0. For this, I need to use WDM. Can you advise me if I can use KMDF instead, especially for the earlier mentioned Windows versions?

Boris_Naimark · January 10, 2024, 5:06am

Hi Tim, I need to use it as a Plug and Play device and only require an INF file for installation. I need to correct my INF file for this purpose. Where can I find information about filling out INF files for PnP devices?

Doron_Holan · January 10, 2024, 3:04pm

Kmdf can be used in all of these versions of windows.

Boris_Naimark · January 10, 2024, 3:20pm

Hi Doron . I understood that need use for install inf file only is it correct And have I to implement all of the filtering behavior myself?

Tim_Roberts · January 10, 2024, 6:51pm

It is not strictly necessary to use an INF for a device filter driver install. All you need is to (1) copy the file into place, (2) create the service entry, and (3) tweak the UpperFilters registry entry. All of that can be done with a relatively simple install application.

Doron_Holan · January 10, 2024, 8:42pm

@Boris_Naimark said:
Hi Doron . I understood that need use for install inf file only is it correct And have I to implement all of the filtering behavior myself?

In KMDF you call WdfFdoInitSetFilter and you get the default correct filtering behavior. In WDM, yes, you have to implement all the filtering behavior yourself.

Boris_Naimark · January 11, 2024, 2:40pm

@Tim_Roberts said:
It is not strictly necessary to use an INF for a device filter driver install. All you need is to (1) copy the file into place, (2) create the service entry, and (3) tweak the UpperFilters registry entry. All of that can be done with a relatively simple install application.

I understood. I will try it for the KMDF filter driver port monitor. Thank you so much.

Boris_Naimark · January 11, 2024, 2:42pm

@Doron_Holan said:

@Boris_Naimark said:
Hi Doron . I understood that need use for install inf file only is it correct And have I to implement all of the filtering behavior myself?

In KMDF you call WdfFdoInitSetFilter and you get the default correct filtering behavior. In WDM, yes, you have to implement all the filtering behavior yourself.

Okay, thank you. I will use it

Boris_Naimark · January 15, 2024, 7:27am

Which type of upper filter driver is needed for detecting both physical and virtual serial ports in Driver Plug and Play (PnP)? Should the upper filter driver be applied at the device level or the class level?

Doron_Holan · January 15, 2024, 5:57pm

If you need to do this for all ports it should be a class filter. Settings on virtual ports are not that interesting though, while they are set they usually mean absolutely nothing

Boris_Naimark · January 18, 2024, 7:27am

Thank you

Boris_Naimark · January 25, 2024, 4:36pm

I cannot attach an Epson virtual serial port . I’m encountering an error: 'Failed to attach device for COM port \Device\00000010, status: 0xC0000010. physical port filtering without encountering any errors

Tim_Roberts · January 25, 2024, 6:22pm

That’s STATUS_INVALID_DEVICE_REQUEST. Maybe they have some additional security to make sure it’s only accessed from certain apps?