Preventing connection of a USB device

ntdev,

I am working on a USB class filter (lower) and I am attempting to
prevent the loading of a USB device via a policy set (I posted some
months back). When I return an error in the filter’s
EvtDriverDeviceAdd (per Tim Roberts’ suggestion), it does nothing to
prevent loading of the device. Of course after reading
https://msdn.microsoft.com/en-us/library/windows/hardware/ff541693(v=vs.85).aspx,
I see this is by design as it says:
“If a filter driver’s EvtDriverDeviceAdd callback function does not
return STATUS_SUCCESS, the framework converts the return value to
STATUS_SUCCESS, and the I/O manager builds the device stack without
the filter driver.”

Clearly, I am doing something wrong. How else can I deny loading of a
USB device driver from a USB class filter driver since returning an
error from EvtDriverDeviceAdd does nothing?

Thanks.

Fail evtdevicepreparehw, although that will be after the driver has loaded. But before it can talk to the hw in any way

d

Bent from my phone


From: cruxpotmailto:xxxxx
Sent: ?2/?7/?2015 11:03 PM
To: Windows System Software Devs Interest Listmailto:xxxxx
Subject: [ntdev] Preventing connection of a USB device

ntdev,

I am working on a USB class filter (lower) and I am attempting to
prevent the loading of a USB device via a policy set (I posted some
months back). When I return an error in the filter’s
EvtDriverDeviceAdd (per Tim Roberts’ suggestion), it does nothing to
prevent loading of the device. Of course after reading
https://msdn.microsoft.com/en-us/library/windows/hardware/ff541693(v=vs.85).aspx,
I see this is by design as it says:
“If a filter driver’s EvtDriverDeviceAdd callback function does not
return STATUS_SUCCESS, the framework converts the return value to
STATUS_SUCCESS, and the I/O manager builds the device stack without
the filter driver.”

Clearly, I am doing something wrong. How else can I deny loading of a
USB device driver from a USB class filter driver since returning an
error from EvtDriverDeviceAdd does nothing?

Thanks.


NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</mailto:xxxxx></mailto:xxxxx>

Awesome, Doron. That worked!

On Sun, Feb 8, 2015 at 1:31 AM, Doron Holan wrote:
> Fail evtdevicepreparehw, although that will be after the driver has loaded.
> But before it can talk to the hw in any way
>
> d
>
> Bent from my phone
> ________________________________
> From: cruxpot
> Sent: ‎2/‎7/‎2015 11:03 PM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Preventing connection of a USB device
>
> ntdev,
>
> I am working on a USB class filter (lower) and I am attempting to
> prevent the loading of a USB device via a policy set (I posted some
> months back). When I return an error in the filter’s
> EvtDriverDeviceAdd (per Tim Roberts’ suggestion), it does nothing to
> prevent loading of the device. Of course after reading
> https://msdn.microsoft.com/en-us/library/windows/hardware/ff541693(v=vs.85).aspx,
> I see this is by design as it says:
> “If a filter driver’s EvtDriverDeviceAdd callback function does not
> return STATUS_SUCCESS, the framework converts the return value to
> STATUS_SUCCESS, and the I/O manager builds the device stack without
> the filter driver.”
>
> Clearly, I am doing something wrong. How else can I deny loading of a
> USB device driver from a USB class filter driver since returning an
> error from EvtDriverDeviceAdd does nothing?
>
> Thanks.
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev
>
> OSR is HIRING!! See http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer