Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
armadillo-cld2020-09-27 16:48:42
C++ / C#
armadillo-cld, 2020-09-27 16:48:42

Why does the driver hang and not call the DeviceAdd function but only DriverEntry?

I am writing a kernel-mode driver in C++ for Windows.
I debug it through SoftICE and DebugView.
There is this code:

The code

#include <ntddk.h>
#include <wdf.h>

DRIVER_INITIALIZE DriverEntry;
EVT_WDF_DRIVER_DEVICE_ADD EvtDeviceAdd;

VOID Unload(_In_ PDRIVER_OBJECT  pDriverObject) {
  KdPrintEx((DPFLTR_IHVDRIVER_ID, DPFLTR_INFO_LEVEL, "Unload driver"));
  DbgPrint("Unload Driver");
  IoDeleteDevice(pDriverObject->DeviceObject);
  return;
}

NTSTATUS DriverEntry(_In_ PDRIVER_OBJECT DriverObject, _In_ PUNICODE_STRING RegistryPath) {
  NTSTATUS status = STATUS_SUCCESS;
  
  WDF_DRIVER_CONFIG config;

  KdPrintEx((DPFLTR_IHVDRIVER_ID, DPFLTR_INFO_LEVEL, "Driver Entry has been started"));
  DbgPrint("Driver Entry");
  
  WDF_DRIVER_CONFIG_INIT(&config, &EvtDeviceAdd);
  
  status = WdfDriverCreate(DriverObject, RegistryPath, WDF_NO_OBJECT_ATTRIBUTES, &config, WDF_NO_HANDLE);

  DriverObject->DriverUnload = &Unload;

  return status;
}

NTSTATUS EvtDeviceAdd(_In_ WDFDRIVER Driver, PWDFDEVICE_INIT DeviceInit) {
  UNREFERENCED_PARAMETER(Driver);

  NTSTATUS status = STATUS_SUCCESS;

  WDFDEVICE hDevice;

  KdPrintEx((DPFLTR_IHVDRIVER_ID, DPFLTR_INFO_LEVEL, "Device has been added"));
  DbgPrint("Device Added!");

  status = WdfDeviceCreate(&DeviceInit, WDF_NO_OBJECT_ATTRIBUTES, &hDevice);

  return status;
}



I compile it, sign it, register it and run it.
I look in DebugView - I see the message "Driver Entry", i.e. the DriverEntry function was called.
After that, the driver just hangs, or does not reach the next function, because the message "Device Added" does not appear, and when I try sc stop MyDriver, I get an error
[SC] ControlService: ошибка: 1052:

Команда неуместна для данной службы.


What is the problem? The driver is removed only after a reboot. Not very convenient, what if I write a "one-time driver", and I don't want to reboot in order to use it, and then immediately unload it?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
armadillo-cld, 2020-09-28
@armadillo-cld

The problem was in the driver code.
Here is a working Hello World

#include <ntddk.h>  
#include <wdm.h>

VOID DriverUnload(PDRIVER_OBJECT Driver)
{
  UNREFERENCED_PARAMETER(Driver);
  return;
}

NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING RegistryPath)
{
UNREFERENCED_PARAMETER(pDriverObject);
UNREFERENCED_PARAMETER(RegistryPath);
DbgPrint("Hello, world!");
pDriverObject->DriverUnload = 
return STATUS_SUCCESS;
}

As it turned out, it is not always necessary to create a device for the driver (IoCreateDevice), so that later it can be deleted in Unload. It's enough just to add the Unload function and add it to pDriverObject, and everything will work.

Similar questions
Y
YujiYay2021-06-18 19:26:39
How to write a small hash table using generics in C#? 1Reply
I
Ivan the Terrible2015-10-11 16:14:23
How to convert decimal negative number to binary? 4Reply
M
maxemga2021-06-19 13:25:27
Why is ASP.NET request not working? 1Reply
Z
zakatzakatom2020-04-23 16:18:04
How to display the result of a cpp program in ms excel? 2Reply
O
oeiua2011-06-08 11:44:28
IIS: how to organize simultaneous networking and servicing http requests? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question