device class of tdi filter and tdi client

Hello,

I am new to the kernel related work and their installations. I have a
few questions.

To install any driver, is it ok to just create a windows service of
type SERVICE_KERNEL_DRIVER, and set the path to the .sys file?

When is an INF file absolutely required to install a driver?

Does installing any driver always creates a windows service?

What would be the device setup class of a tdi filter and a tdi client?

/Piyush

 

If you want to write non-PnP driver, CreateService() will do just fine.
However, if you want to write PnP-compliant one, you need .INF file,
and the whole thing has to be installed vis the Device Manager. As we
have discussed on one of the threads, if driver that has been
installed as CreateService() call tries no fill AddDevice() member in
its DRIVER_OBJECT
(i.e. acts as PnP driver), you will BSOD right after DriverEntry()
returns control



Anton Bassov

 

To install any driver, is it ok to just create a windows service of

No need in setting the path, the default of \SystemRoot\system3
\drivers\ServiceName.sys works fine

Yes, SC key is enough to register a kernel module which will be loaded and
DriverEntry called (except Vista 64bit which will require the binary to be
signed by the company's cert, with self-contained-signature-in-the-SYS-file as
an option).

For functional device drivers in the PnP stacks. For filter devices in the PnP
stacks, adding to UpperFilters registry keys from, say, an InstallShield helper
DLL is usually enough.

Yes. This is an absolute must and is step 1, can be done by INF file or by
CreateService.

TDI filter does not participate in PnP stacks. So - just plain old usual
service.

The notion of "TDI client" only describes the lower edge of the driver. Its
upper edge can be _any_, and the driver can be both a usual kernel mode
(service only) and a PnP driver with INF of any setup class.

 

have discussed on one of the threads, if driver that has been

I still think this is due to some other bugs in the driver, not AddDevice
presense. Try this with any PnP driver like, say, USBSTOR with the absense of
USB storage. Just try to start if by "net start". Will the OS crash?

 

Maxim,

How can you start PnP driver via SC Manager???? If you try it, you
will get "System error 1058". However, even if you could start a
service, the test you proposed would not be indicative, for the simple
reason that USBSTOR is PnP service, and, hence, is configured as the
one in the registry. This is not the question of starting the service,
but the question of installing it - everything depends on
modifications, made to the registry upon installation.
Once there are no appropriate entries in the registry, presence of
AddDevice() member in DRIVER_OBJECT of, according to the registry
settings, non-PnP driver makes the system "confused". Therefore, the
system assumes an error, and bugchecks


Anton Bassov

 

How can you start PnP driver via SC Manager???? If you try it, you

Correct. No BSODs as I was expecting so sorry, this BSOD is bug in your
code.

SC registry contains no information about whether the service is PnP or not.
So, the words "PnP service" are nonsense.

USBSTOR is a PnP driver binary, since it has an AddDevice routine. Attempt to
start _properly written_ PnP driver binaries using StartService causes "System
Error 1058" (ERROR_SERVICE_DISABLED), buggy PnP driver binaries cause BSOD.

SC database keys contain no information about whether the service is PnP or not
so.

There are no such "appropriate entries" in the SC registry, and other branches
of registry are not involved in StartService. So, this BSOD is the bug in your
code, and not Windows behaviour.

 

How can you start PnP driver via SC Manager???? If you try it, you

As I already told you, the test you proposed is not indicative, for the
simple reason that USBSTOR is PnP service, and, hence, is configured as
the one in the registry.

In order to run an indicative test, you have to do the following:

1. Copy usbstor.sys, and rename the copy to something like
"dummyusbstor.sys"
2. Install some "dummyusbstorservice" service via CreateService() call,
and specify "dummyusbstor.sys" as its binary
3. Start "dummyusbstorservice" via SC Manager

Do it, and let's see what happens....



so sorry, this BSOD is bug in your code.


Following our discussion on I made an experiment, where DriverEntry()
just fills AddDevice() and Unload() members of DRIVER_OBJECT, and
returns right on the spot. If it fills AddDevice() member, the whole
thing blue-screens after DriverEntry() returns - execution just has no
chance to reach AddDevice(), which has been tested within a debugger(
the system goes off before breakpoint gets reached). If I comment the
line that fills AddDevice(), everything works fine.

As you can see, there is no chance of bug in my code - it is just too
small for being buggy

What about "ROOT\LEGACY_XYZ_SERVICE" string under Enum key,
corresponding to the service????? Would you expect to come across
something like that when dealing with PnP -compliant driver service ???
In fact, it is irrelevant in our discussion, but still a tip.....

I am afraid your logic is just faulty....

Let me repeat again - it is not a call to StartService() that causes
BSOD. Look at what I said in my previous post

[begin quote][end quote]

BSOD is caused by the fact that a driver that has been installed by
CreateService() call fills AddDevice() member of DRIVER_OBJECT.
AddDevice() gets called by PnP Manager, and it has to supply a pointer
to the appropriate PDO as an argument to AddDevice() . What is it about
to do if it has to call AddDevice() and cannot find any appropriate
entries in the registry???? Bugcheck seems to be the most logical
solution in this situation, don't you think?

Anton Bassov

 

As I already told you, the test you proposed is not indicative, for the

OK, here is the SC database entry for USBSTOR on w2k SP4.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR
DisplayName SZ USB Mass Storage Driver
ErrorControl DWORD 1
ImagePath EXPAND_SZ System32\DRIVERS\USBSTOR.SYS
Start DWORD 3
Type DWORD 1

Start = 3 is Manual
Type = 1 is Kernel Driver

No special marks on being PnP, as you can see

Services are NOT marked being PnP in the registry. Yes, they are associated
with devnodes, but sorry, StartService knows nothing on these associations.

Tried this, though used manual registry edits + reboot instead of
CreateService.

Here are the results:

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\maxim>net start ttt
System error 1058 has occurred.

The service cannot be started, either because it is disabled or because it has
no enabled devices associated with it.

Yes, maybe it is too small to be valid BTW - what is the BSOD stack?

They are volatile. Re-created on each reboot. Also - looks like it is some NT4
legacy, not needed for now and just forgotten to be removed.

No. I just _know_ how the drivers for PnP devices are registered. No special
marks in SC database about "this is the PnP service".

A copy of USBSTOR does not BSOD. It surely fills AddDevice.

 

As you can see, there is no chance of bug in my code - it is just too

Well, I would fully agree with you if I expected my test driver to be
functional. However, the only success criteria in my test is the
ability to reach the breakpoint on the very first line of
AddDevice(), and this does not seem to happen - the whole thing goes
off before this point gets reached. At the same time, you have a point
- its DriverEntry() returns STATUS_SUCCESS unconditionally. However,
when it comes to USBSTOR, its DriverEntry(), apparently, does some
checks and returns an error - this is the only possible explanation to
the fact that the service fails to start

Anton Bassov

 

Maxim,

It looks like you are right and I was wrong.......

Anton Bassov

 

Well, I would fully agree with you if I expected my test driver to be

Then where the BSOD occurs?

For me, it looks another way. ZwLoadDriver checks for existence of the device
objects created in DriverEntry. If not created - then the driver load is
considered to be failed, and Unload is called.

PnP drivers are loaded by some routine other then ZwLoadDriver.

 

It looks like you are right and I was wrong.......

OK, then let's find your issue at last what was the BSOD cause?

 

Maxim,

I wish I could tell you that - for the time being I am totally confused
.......

The problem is that I managed to run my test sample with 1058 error,
rather than BSOD, although I did not apply *ANY*modifications to the
source........

Anton Bassov

 

What was the BSOD stack?

 

Maxim,

Well, up to this point I am unable to reproduce BSOD, so that I cannot
tell you anything -
as I have already said, no modifications to the source had been
applied. The only thing I can tell you is that there were no mentioning
of my "testcrash.sys" anywhere on the screen, and, as far as I
remember, the error was PAGE_FAULT_IN_NONPAGED_AREA, i.e. the most
common error that get displayed by the BSODs ....

I just wonder if SoftIce played a trick on me just one more time.....


Anton Bassov