Hi,
I want my driver to be loaded inmediately after the one who creates device letter assignments. As far as I know this drives is the Ntfs.sys.
If I look at HKLM\System\CurrentControlSet\Services\Ntfs its not surprise that its group is “File system” but its Start is 4 (disabled?). If I understanded ““WinNT Device Driver Dev.”” book right its enough to put my driver inside the “Event log” group that will be loaded after “File system” (English is not my first language so…).
I have tried with service and group dependencies in vain.
this is how are starting drivers during the boot of my NT4, as you can see win32k.sys is loaded before mydriver.sys. My driver’s config is Start=2, Type=1, Group=“Event log”.
Windows NT 4 Kernel Version 1381 UP Free x86 compatible
Kernel base = 0x80100000 PsLoadedModuleList = 0x80150b70
System Uptime: not available
Loaded dbghelp extension DLL
Loaded ext extension DLL
Loaded kext extension DLL
Loaded kdextx86 extension DLL
Force unload of ntoskrnl.exe
…
ModLoad: f7498000 f749a520 mouclass.sys
ModLoad: f74a0000 f74a24a0 kbdclass.sys
ModLoad: f7370000 f7376120 VIDEOPRT.SYS
ModLoad: f74a8000 f74ab880 vga.sys
ModLoad: f74b0000 f74b3880 vga.sys
ModLoad: f7408000 f740d6a0 Msfs.SYS
ModLoad: f7010000 f7019520 Npfs.SYS
ModLoad: fcc7b000 fcc98f60 NDIS.SYS
ModLoad: fcbf6000 fcc528e0 Ntfs.SYS
ModLoad: a0000000 a013f960 win32k.sys
LDR: Automatic DLL Relocation in winlogon.exe
LDR: Dll SAMLIB.dll base 77ae0000 relocated due to collision with C:\WINNT\system32\COMCTL32.dll
LDR: Automatic DLL Relocation in winlogon.exe
LDR: Dll WINMM.dll base 77fd0000 relocated due to collision with C:\WINNT\System32\ntdll.dll
LDR: Automatic DLL Relocation in services.exe
LDR: Dll SAMLIB.dll base 77ae0000 relocated due to collision with C:\WINNT\system32\COMCTL32.dll
LDR: Automatic DLL Relocation in lsass.exe
LDR: Dll FPNWCLNT.dll base 76dc0000 relocated due to collision with C:\WINNT\system32\msv1_0.dll
ModLoad: fc36f000 fc392000 mydriver.sys
Any suggestions?
Juli?n
Este mensaje, y en su caso, cualquier fichero anexo al mismo,
puede contener informacion clasificada por su emisor como confidencial
en el marco de su Sistema de Gestion de Seguridad de la
Informacion siendo para uso exclusivo del destinatario, quedando
prohibida su divulgacion copia o distribucion a terceros sin la
autorizacion expresa del remitente. Si Vd. ha recibido este mensaje
erroneamente, se ruega lo notifique al remitente y proceda a su borrado.
Gracias por su colaboracion.
This message including any attachments may contain confidential
information, according to our Information Security Management System,
and intended solely for a specific individual to whom they are addressed.
Any unauthorised copy, disclosure or distribution of this message
is strictly forbidden. If you have received this transmission in error,
please notify the sender immediately and delete it.
Hello,
You will need SERVICE_SYSTEM_START instead of SERVICE_AUTO_START, because the Service Control Manager (services.exe) is started too late (after the Win32 subsystem is already set up).
I have tried too. But if set my driver as SERVICE_SYSTEM_START or BOOT_SYSTEM_START just does not start.
Its a good thing to know services.exe is the SCM.
Thanks,
Julian
-----Mensaje original-----
De: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] En nombre de xxxxx@hushmail.com
Enviado el: viernes, 16 de noviembre de 2007 10:01
Para: Windows System Software Devs Interest List
Asunto: RE:[ntdev] NT4 Driver load order
Hello,
You will need SERVICE_SYSTEM_START instead of SERVICE_AUTO_START, because the Service Control Manager (services.exe) is started too late (after the Win32 subsystem is already set up).
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
Este mensaje, y en su caso, cualquier fichero anexo al mismo,
puede contener informacion clasificada por su emisor como confidencial
en el marco de su Sistema de Gestion de Seguridad de la
Informacion siendo para uso exclusivo del destinatario, quedando
prohibida su divulgacion copia o distribucion a terceros sin la
autorizacion expresa del remitente. Si Vd. ha recibido este mensaje
erroneamente, se ruega lo notifique al remitente y proceda a su borrado.
Gracias por su colaboracion.
This message including any attachments may contain confidential
information, according to our Information Security Management System,
and intended solely for a specific individual to whom they are addressed.
Any unauthorised copy, disclosure or distribution of this message
is strictly forbidden. If you have received this transmission in error,
please notify the sender immediately and delete it.
First it definitely is not ntfs.sys that is the file system which needs that
volume to load. Unfortunately, I have not booted up NT4.0 is so long I
can’t name what does. Second, this work is done at boot time, so your start
of 2 is way too late.
–
Don Burn (MVP, Windows DDK)
Windows 2k/XP/2k3 Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr
Remove StopSpam to reply
“Julián de Navascués Melero” wrote in message
news:xxxxx@ntdev…
Hi,
I want my driver to be loaded inmediately after the one who creates device
letter assignments. As far as I know this drives is the Ntfs.sys.
If I look at HKLM\System\CurrentControlSet\Services\Ntfs its not surprise
that its group is “File system” but its Start is 4 (disabled?). If I
understanded ““WinNT Device Driver Dev.”” book right its enough to put my
driver inside the “Event log” group that will be loaded after “File system”
(English is not my first language so…).
I have tried with service and group dependencies in vain.
this is how are starting drivers during the boot of my NT4, as you can see
win32k.sys is loaded before mydriver.sys. My driver’s config is Start=2,
Type=1, Group=“Event log”.
Windows NT 4 Kernel Version 1381 UP Free x86 compatible
Kernel base = 0x80100000 PsLoadedModuleList = 0x80150b70
System Uptime: not available
Loaded dbghelp extension DLL
Loaded ext extension DLL
Loaded kext extension DLL
Loaded kdextx86 extension DLL
Force unload of ntoskrnl.exe
…
ModLoad: f7498000 f749a520 mouclass.sys
ModLoad: f74a0000 f74a24a0 kbdclass.sys
ModLoad: f7370000 f7376120 VIDEOPRT.SYS
ModLoad: f74a8000 f74ab880 vga.sys
ModLoad: f74b0000 f74b3880 vga.sys
ModLoad: f7408000 f740d6a0 Msfs.SYS
ModLoad: f7010000 f7019520 Npfs.SYS
ModLoad: fcc7b000 fcc98f60 NDIS.SYS
ModLoad: fcbf6000 fcc528e0 Ntfs.SYS
ModLoad: a0000000 a013f960 win32k.sys
LDR: Automatic DLL Relocation in winlogon.exe
LDR: Dll SAMLIB.dll base 77ae0000 relocated due to collision with
C:\WINNT\system32\COMCTL32.dll
LDR: Automatic DLL Relocation in winlogon.exe
LDR: Dll WINMM.dll base 77fd0000 relocated due to collision with
C:\WINNT\System32\ntdll.dll
LDR: Automatic DLL Relocation in services.exe
LDR: Dll SAMLIB.dll base 77ae0000 relocated due to collision with
C:\WINNT\system32\COMCTL32.dll
LDR: Automatic DLL Relocation in lsass.exe
LDR: Dll FPNWCLNT.dll base 76dc0000 relocated due to collision with
C:\WINNT\system32\msv1_0.dll
ModLoad: fc36f000 fc392000 mydriver.sys
Any suggestions?
Julián
Este mensaje, y en su caso, cualquier fichero anexo al mismo,
puede contener informacion clasificada por su emisor como confidencial
en el marco de su Sistema de Gestion de Seguridad de la
Informacion siendo para uso exclusivo del destinatario, quedando
prohibida su divulgacion copia o distribucion a terceros sin la
autorizacion expresa del remitente. Si Vd. ha recibido este mensaje
erroneamente, se ruega lo notifique al remitente y proceda a su borrado.
Gracias por su colaboracion.
This message including any attachments may contain confidential
information, according to our Information Security Management System,
and intended solely for a specific individual to whom they are addressed.
Any unauthorised copy, disclosure or distribution of this message
is strictly forbidden. If you have received this transmission in error,
please notify the sender immediately and delete it.
______________________