World: r4wp

Hehe.  Possibly but got a new job that is hitting me hard.

Working mostly in SAN/NAS Cloud technologies.

What is your most pressing windows driver issue?

Kaj will explain it to you. :-)

ok

Basically, we have a minifilter driver in Red/System that can be 
installed through an INF file, but when started (using `sc start`) 
we get either error 1058 or error 2 (File not found).

SC is the service control manager command line utility

Is the process created as a service?

The INF file installs the filter driver as a service, yes.

ok

What is the verbose for 1058?

Just thinking loud, does that mean that the filter driver has to 
respond to service commands?

Yes most likely.

1058: I don't know, that's Kaj's error.

ok

Hmm, I guess we should try then implementing a suitable callback 
to answer properly to SCM commands...

Yes, still not sure what SC seen as file not found though.  But a 
process monitor from systems internals might tell us that.

Run procmon.exe against it and see if it records a specific file 
not found.

Thanks for helping on this, Paul!

Sure no problem.

Filemon: yeah, thanks for the reminder, forgot about it.

Procmon is the newer version of Filemon.

It gives you much more including registry, network, and profiling 
counters in addition to file system calls.

Thanks, Paul

When working with Windows debugging, I typically like to run a process 
through procmon.exe and dependancy walker profiling before tossing 
into the windows debugger.

np

1058 is driver deactivated or couldn't bind to any devices

ok, so I assume that was on another platform?  Or was that also on 
windows?

However, the driver just has a skeleton success return entry point, 
it doesn't try to take any devices or anything yet

That's XP

Yeah run against Process Monitor and look for any access denied or 
file not founds or path not found messages.

Does that do kernel drivers?

Is it a driver or system service?

A kernel driver, but it's started with the service infrastructure

Have you isolated it down to the system perspective or the driver 
perspective as to where the error is encountered?

It stops earlier for Doc. File not found seems to be the driver file 
itself, so it probably doesn't load at all

On my machine, it loads but then comes back with error 1058

I would use the driver verifier utility on that.

So the system is expecting it to do more than it does. But a null 
driver should just work

Sounds good, what's that?

It checks windows drivers to ensure they don't crash or have other 
stability issues.

You'll want to start  there.

It sounds vaguely familiar, but where is it?

Should be able to find a free download via Microsoft site.  I think 
it is include in the Driver Development kit.

Yes, I may have encountered it, but don't remember the name

http://support.microsoft.com/kb/244617

Thanks!

np

Sadly, I can't get any information about the driver out of Verifier 
or ProcMon

ProcMon is more about userland, and Verifier is about drivers that 
actually run