WDF Cointstaller on Vista

I’ve spent the last 3 days converting the nonpnp executable to load the
WdfCoinstaller, current version, and my WFP driver on Vista 32. The
coinstaller is loading and looks to be installing, at least the pre-WDF
calls are being set and some of them called during the install process. The
service for the driver is being created and OpenService returns a service
control handle. All good, but when I start it using StartService, the return
value is FALSE and GetLastError returns a 2, or ERROR_FILE_NOT_FOUND. The
ImagePath is set to:

“??\C:\Windows\System32\Drivers\wfpcallout.sys”.

Checking other drivers in and around mine I see all of them using either
“\SystemRoot\System32.” or “%SystemRoot%\System32.”.

I’ve looked at the paths and file names involved here until my eyes have
crossed and re-crossed and I do not see any differences between were I am
copying the driver file and how I am defining the path for the service key
in the registry, such as spelling errors. The only difference I see is the
use of “??\C:\Windows” versus \SystemRoot.

The inf file for the add service section is:

[WfpCallout.Service]

DisplayName = %WfpCalloutServiceName%

Description = %WfpCalloutServiceDesc%

ServiceBinary = %12%\WfpCallout.sys
;%windir%\system32\drivers\WfpCallout.sys

ServiceType = 1 ;SERVICE_KERNEL_DRIVER

StartType = 3 ;SERVICE_DEMAND_START

ErrorControl = 1 ;SERVICE_ERROR_NORMAL

The CreateService:

LPCTSTR ServiceExe=L"C:\Windows\System32\Drivers\wfpcallout.sys";

schService = CreateService(

SchSCManager, // handle of service
control manager database

DriverName, // address of name
of service to start

DriverName, // address of
display name

SERVICE_ALL_ACCESS, // type of access to
service

SERVICE_KERNEL_DRIVER, // type of service

SERVICE_DEMAND_START, // when to start
service

SERVICE_ERROR_NORMAL, // severity if
service fails to start

ServiceExe, // address of name
of binary file

NULL, // service does not
belong to a group

NULL, // no tag requested

NULL, // no dependency
names

NULL, // use LocalSystem
account

NULL // no password for
service account

);

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

__________ Information from ESET Smart Security, version of virus signature
database 4890 (20100223) __________

The message was checked by ESET Smart Security.

http://www.eset.com

Gary G. Little wrote:

I’ve spent the last 3 days converting the nonpnp executable to load
the WdfCoinstaller, current version, and my WFP driver on Vista 32.
The coinstaller is loading and looks to be installing, at least the
pre-WDF calls are being set and some of them called during the install
process. The service for the driver is being created and OpenService
returns a service control handle. All good, but when I start it using
StartService, the return value is FALSE and GetLastError returns a 2,
or ERROR_FILE_NOT_FOUND. The ImagePath is set to:

“??\C:\Windows\System32\Drivers\wfpcallout.sys”.

Checking other drivers in and around mine I see all of them using
either “\SystemRoot\System32…” or “%SystemRoot%\System32…”.

Is this a boot-time driver? The C: mount is not created until later in
boot.

The CreateService:

LPCTSTR ServiceExe=L”C:\Windows\System32\Drivers\wfpcallout.sys”;

That’s not your literal code, is it? Surely an experienced C programmer
like yourself would know that you need to escape your backslashes.

LPCTSTR ServiceExe=L"C:\Windows\System32\Drivers\wfpcallout.sys";


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Gosh Tim, can’t you even give an old geezer a break? All the ""s are escaped. :slight_smile:

I wish it were that simple. That line is a paraphrase of what I see in the code. SeviceExe is actually built using an API function call. What you see, is what I acutally get in the Local Symbols window of Visual Studio, not how I built it in the code.

At best it will be an Auto-Start driver. Right now it is set for Demand for testing, though the client can keep it Demand-Start if they so desire.

I’ve manually changed the ImagePath in the registry prior to StartService being called to the more customary “\SystemRoot.…”, but I still get the file not found return. I know the "??" is valid for this start time since it is used during DriverEntry to get a configuration file from the HDD.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Tim Roberts
Sent: Tuesday, February 23, 2010 12:23 PM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] WDF Cointstaller on Vista

Gary G. Little wrote:

I’ve spent the last 3 days converting the nonpnp executable to load
the WdfCoinstaller, current version, and my WFP driver on Vista 32.
The coinstaller is loading and looks to be installing, at least the
pre-WDF calls are being set and some of them called during the install
process. The service for the driver is being created and OpenService
returns a service control handle. All good, but when I start it using
StartService, the return value is FALSE and GetLastError returns a 2,
or ERROR_FILE_NOT_FOUND. The ImagePath is set to:

“??\C:\Windows\System32\Drivers\wfpcallout.sys”.

Checking other drivers in and around mine I see all of them using
either “\SystemRoot\System32…” or “%SystemRoot%\System32…”.

Is this a boot-time driver? The C: mount is not created until later in
boot.

The CreateService:

LPCTSTR ServiceExe=L”C:\Windows\System32\Drivers\wfpcallout.sys”;

That’s not your literal code, is it? Surely an experienced C programmer
like yourself would know that you need to escape your backslashes.

LPCTSTR ServiceExe=L"C:\Windows\System32\Drivers\wfpcallout.sys";


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature database 4890 (20100223) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature database 4891 (20100223) __________

The message was checked by ESET Smart Security.

http://www.eset.com

I think that you will get this error if you have a version mismatch of the
WDF driver or the WDF driver is not installed. Which OS?

Bill Wandel


From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Tuesday, February 23, 2010 1:14 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] WDF Cointstaller on Vista

I’ve spent the last 3 days converting the nonpnp executable to load the
WdfCoinstaller, current version, and my WFP driver on Vista 32. The
coinstaller is loading and looks to be installing, at least the pre-WDF
calls are being set and some of them called during the install process. The
service for the driver is being created and OpenService returns a service
control handle. All good, but when I start it using StartService, the return
value is FALSE and GetLastError returns a 2, or ERROR_FILE_NOT_FOUND. The
ImagePath is set to:

“??\C:\Windows\System32\Drivers\wfpcallout.sys”.

Checking other drivers in and around mine I see all of them using either
“\SystemRoot\System32.” or “%SystemRoot%\System32.”.

I’ve looked at the paths and file names involved here until my eyes have
crossed and re-crossed and I do not see any differences between were I am
copying the driver file and how I am defining the path for the service key
in the registry, such as spelling errors. The only difference I see is the
use of “??\C:\Windows” versus \SystemRoot.

The inf file for the add service section is:

[WfpCallout.Service]

DisplayName = %WfpCalloutServiceName%

Description = %WfpCalloutServiceDesc%

ServiceBinary = %12%\WfpCallout.sys
;%windir%\system32\drivers\WfpCallout.sys

ServiceType = 1 ;SERVICE_KERNEL_DRIVER

StartType = 3 ;SERVICE_DEMAND_START

ErrorControl = 1 ;SERVICE_ERROR_NORMAL

The CreateService:

LPCTSTR ServiceExe=L"C:\Windows\System32\Drivers\wfpcallout.sys";

schService = CreateService(

SchSCManager, // handle of service
control manager database

DriverName, // address of name
of service to start

DriverName, // address of
display name

SERVICE_ALL_ACCESS, // type of access to
service

SERVICE_KERNEL_DRIVER, // type of service

SERVICE_DEMAND_START, // when to start
service

SERVICE_ERROR_NORMAL, // severity if
service fails to start

ServiceExe, // address of name
of binary file

NULL, // service does not
belong to a group

NULL, // no tag requested

NULL, // no dependency
names

NULL, // use LocalSystem
account

NULL // no password for
service account

);

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

__________ Information from ESET Smart Security, version of virus signature
database 4890 (20100223) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4890 (20100223) __________

The message was checked by ESET Smart Security.

http://www.eset.com


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

That was the reason for writing an installer. The first thing that happens
is to take the WdfCoinstaller01009.dll, load it and install it. The first
time I successfully got to that point in the code, I was immediately
prompted for a reboot, which made since because I was replaceing 1.5 with
1.9. If the 1.9 version of KMDF is NOT installed then some one please tell
me how, since the example that Doron referrred me to last week is not
working. L

The OS is Vista 32, and the driver is compiled using Win7 7600, and DDKBUILD
-WIN7WLH.

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill Wandel
Sent: Tuesday, February 23, 2010 5:00 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] WDF Cointstaller on Vista

I think that you will get this error if you have a version mismatch of the
WDF driver or the WDF driver is not installed. Which OS?

Bill Wandel


From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Tuesday, February 23, 2010 1:14 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] WDF Cointstaller on Vista

I’ve spent the last 3 days converting the nonpnp executable to load the
WdfCoinstaller, current version, and my WFP driver on Vista 32. The
coinstaller is loading and looks to be installing, at least the pre-WDF
calls are being set and some of them called during the install process. The
service for the driver is being created and OpenService returns a service
control handle. All good, but when I start it using StartService, the return
value is FALSE and GetLastError returns a 2, or ERROR_FILE_NOT_FOUND. The
ImagePath is set to:

“??\C:\Windows\System32\Drivers\wfpcallout.sys”.

Checking other drivers in and around mine I see all of them using either
“\SystemRoot\System32.” or “%SystemRoot%\System32.”.

I’ve looked at the paths and file names involved here until my eyes have
crossed and re-crossed and I do not see any differences between were I am
copying the driver file and how I am defining the path for the service key
in the registry, such as spelling errors. The only difference I see is the
use of “??\C:\Windows” versus \SystemRoot.

The inf file for the add service section is:

[WfpCallout.Service]

DisplayName = %WfpCalloutServiceName%

Description = %WfpCalloutServiceDesc%

ServiceBinary = %12%\WfpCallout.sys
;%windir%\system32\drivers\WfpCallout.sys

ServiceType = 1 ;SERVICE_KERNEL_DRIVER

StartType = 3 ;SERVICE_DEMAND_START

ErrorControl = 1 ;SERVICE_ERROR_NORMAL

The CreateService:

LPCTSTR ServiceExe=L"C:\Windows\System32\Drivers\wfpcallout.sys";

schService = CreateService(

SchSCManager, // handle of service
control manager database

DriverName, // address of name
of service to start

DriverName, // address of
display name

SERVICE_ALL_ACCESS, // type of access to
service

SERVICE_KERNEL_DRIVER, // type of service

SERVICE_DEMAND_START, // when to start
service

SERVICE_ERROR_NORMAL, // severity if
service fails to start

ServiceExe, // address of name
of binary file

NULL, // service does not
belong to a group

NULL, // no tag requested

NULL, // no dependency
names

NULL, // use LocalSystem
account

NULL // no password for
service account

);

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

__________ Information from ESET Smart Security, version of virus signature
database 4890 (20100223) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4890 (20100223) __________

The message was checked by ESET Smart Security.

http://www.eset.com


NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4891 (20100223) __________

The message was checked by ESET Smart Security.

http://www.eset.com

Try using \SystemRoot


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

“Gary G. Little” wrote in message news:xxxxx@ntdev…
I’ve spent the last 3 days converting the nonpnp executable to load the WdfCoinstaller, current version, and my WFP driver on Vista 32. The coinstaller is loading and looks to be installing, at least the pre-WDF calls are being set and some of them called during the install process. The service for the driver is being created and OpenService returns a service control handle. All good, but when I start it using StartService, the return value is FALSE and GetLastError returns a 2, or ERROR_FILE_NOT_FOUND. The ImagePath is set to:

“??\C:\Windows\System32\Drivers\wfpcallout.sys”.

Checking other drivers in and around mine I see all of them using either “\SystemRoot\System32.” or “%SystemRoot%\System32.”.

I’ve looked at the paths and file names involved here until my eyes have crossed and re-crossed and I do not see any differences between were I am copying the driver file and how I am defining the path for the service key in the registry, such as spelling errors. The only difference I see is the use of “??\C:\Windows” versus \SystemRoot.

The inf file for the add service section is:

[WfpCallout.Service]

DisplayName = %WfpCalloutServiceName%

Description = %WfpCalloutServiceDesc%

ServiceBinary = %12%\WfpCallout.sys ;%windir%\system32\drivers\WfpCallout.sys

ServiceType = 1 ;SERVICE_KERNEL_DRIVER

StartType = 3 ;SERVICE_DEMAND_START

ErrorControl = 1 ;SERVICE_ERROR_NORMAL

The CreateService:

LPCTSTR ServiceExe=L"C:\Windows\System32\Drivers\wfpcallout.sys";

schService = CreateService(

SchSCManager, // handle of service control manager database

DriverName, // address of name of service to start

DriverName, // address of display name

SERVICE_ALL_ACCESS, // type of access to service

SERVICE_KERNEL_DRIVER, // type of service

SERVICE_DEMAND_START, // when to start service

SERVICE_ERROR_NORMAL, // severity if service fails to start

ServiceExe, // address of name of binary file

NULL, // service does not belong to a group

NULL, // no tag requested

NULL, // no dependency names

NULL, // use LocalSystem account

NULL // no password for service account

);

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

Information from ESET Smart Security, version of virus signature database 4890 (20100223)

The message was checked by ESET Smart Security.

http://www.eset.com

Information from ESET Smart Security, version of virus signature database 4890 (20100223)

The message was checked by ESET Smart Security.

http://www.eset.com

Also, have you checked to see if the KMDF DriverEntry is being called? Could
be a binding issue, I haven’t tried it in a while but this worked for me
last time I had similar issues:

From http://www.osronline.com/article.cfm?article=446

“set a breakpoint in the KMDF DriverEntry routine (‘bu
drivername!FxDriverEntry’) and set WDFLDR!WdfLdrDiags to TRUE (‘eb
WDFLDR!WdfLdrDiags 1’). This will print out some diagnostics that might be
helpful”

-scott


Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Maxim S. Shatskih” wrote in message
news:xxxxx@ntdev…
Try using \SystemRoot


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com

“Gary G. Little” wrote in message
news:xxxxx@ntdev…
I’ve spent the last 3 days converting the nonpnp executable to load the
WdfCoinstaller, current version, and my WFP driver on Vista 32. The
coinstaller is loading and looks to be installing, at least the pre-WDF
calls are being set and some of them called during the install process. The
service for the driver is being created and OpenService returns a service
control handle. All good, but when I start it using StartService, the return
value is FALSE and GetLastError returns a 2, or ERROR_FILE_NOT_FOUND. The
ImagePath is set to:

“??\C:\Windows\System32\Drivers\wfpcallout.sys”.

Checking other drivers in and around mine I see all of them using either
“\SystemRoot\System32.” or “%SystemRoot%\System32.”.

I’ve looked at the paths and file names involved here until my eyes have
crossed and re-crossed and I do not see any differences between were I am
copying the driver file and how I am defining the path for the service key
in the registry, such as spelling errors. The only difference I see is the
use of “??\C:\Windows” versus \SystemRoot.

The inf file for the add service section is:

[WfpCallout.Service]
DisplayName = %WfpCalloutServiceName%
Description = %WfpCalloutServiceDesc%
ServiceBinary = %12%\WfpCallout.sys
;%windir%\system32\drivers\WfpCallout.sys
ServiceType = 1 ;SERVICE_KERNEL_DRIVER
StartType = 3 ;SERVICE_DEMAND_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL

The CreateService:

LPCTSTR ServiceExe=L"C:\Windows\System32\Drivers\wfpcallout.sys";
schService = CreateService(
SchSCManager, // handle of service
control manager database
DriverName, // address of name
of service to start
DriverName, // address of
display name
SERVICE_ALL_ACCESS, // type of access to
service
SERVICE_KERNEL_DRIVER, // type of service
SERVICE_DEMAND_START, // when to start
service
SERVICE_ERROR_NORMAL, // severity if
service fails to start
ServiceExe, // address of name
of binary file
NULL, // service does not
belong to a group
NULL, // no tag requested
NULL, // no dependency
names
NULL, // use LocalSystem
account
NULL // no password for
service account
);

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

Information from ESET Smart Security, version of virus signature
database 4890 (20100223)


The message was checked by ESET Smart Security.

http://www.eset.com

Information from ESET Smart Security, version of virus signature
database 4890 (20100223)


The message was checked by ESET Smart Security.

http://www.eset.com

Aaaargh!!! Here I sit, waiting on a friend who had a doctor’s appointment, reading

Gary G. Little
Sent via HTC Diamond on Sprint.

-----Original Message-----
From: Scott Noone
Sent: Wednesday, 24 February, 2010 08:05 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] WDF Cointstaller on Vista

Also, have you checked to see if the KMDF DriverEntry is being called? Could
be a binding issue, I haven’t tried it in a while but this worked for me
last time I had similar issues:

From http://www.osronline.com/article.cfm?article=446

“set a breakpoint in the KMDF DriverEntry routine (‘bu
drivername!FxDriverEntry’) and set WDFLDR!WdfLdrDiags to TRUE (‘eb
WDFLDR!WdfLdrDiags 1’). This will print out some diagnostics that might be
helpful”

-scott


Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Maxim S. Shatskih” wrote in message
news:xxxxx@ntdev…
Try using \SystemRoot


Maxim S. Shatskih

[The entire original message is not included]

Thank you Scott, that one finally jogged my brain into thinking outside the narrow confines of the hole I had for myself. The driver has a chicken/egg problem. It opens a disk file by first reading a value from the registery for the path/filename and then loading the file. That value has not been entered yet, when StartService is called so the read fails with 0x00000002, file not found.

Duh!

Gary G. Little
Sent via HTC Diamond on Sprint.

-----Original Message-----
From: Scott Noone
Sent: Wednesday, 24 February, 2010 08:05 AM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] WDF Cointstaller on Vista

Also, have you checked to see if the KMDF DriverEntry is being called? Could
be a binding issue, I haven’t tried it in a while but this worked for me
last time I had similar issues:

From http://www.osronline.com/article.cfm?article=446

“set a breakpoint in the KMDF DriverEntry routine (‘bu
drivername!FxDriverEntry’) and set WDFLDR!WdfLdrDiags to TRUE (‘eb
WDFLDR!WdfLdrDiags 1’). This will print out some diagnostics that might be
helpful”

-scott


Scott Noone
Consulting Associate
OSR Open Systems Resources, Inc.
http://www.osronline.com

“Maxim S. Shatskih” wrote in message
news:xxxxx@ntdev…
Try using \SystemRoot


Maxim S. Shatskih

[The entire original message is not included]