Driver installation issues

Question

Driver installation issues

mrexodia opened this issue 8 years ago · comments

Originally reported by: siilky (Bitbucket: siilky, GitHub: Unknown)

I have clean WinXP SP3 installed with some updates and trying to install TH driver of latest release (013).

OS is missing KMDF by default and sc/serviceManager are ending with "file not found" error when starting service.
I spent another day discovering this error source ended up with KMDF installation, done with Microsoft Kernel-Mode Driver Framework Install-v1.9-Win2k-WinXP-Win2k3.exe found somewhere at internets since MS has ended support for XP and corresponding KB cannot be downloaded probably.

So, now it attemps to start and StartService fails with error 6 "Invalid Handle"
Here is more detailed wdf log from kernel debugger:

#!

WdfLdr: FxDllInitialize - OsVersion(5.1)
WdfLdr: WdfVersionBind - WdfLdr: WdfVersionBind: enter
WdfLdr: GetVersionRegistryHandle - Component path \Registry\Machine\System\CurrentControlSet\Control\Wdf\Kmdf\KmdfLibrary\Versions
WdfLdr: GetVersionServicePath - GetVersionServicePath (\Registry\Machine\System\CurrentControlSet\Services\Wdf01000)
WdfLdr: GetImageName - Version Image Name "wdf01000.sys"
WdfLdr: WdfLdrDiagnosticsValueByNameAsULONG - Value 0x1
WdfLdr: WdfLdrDiagnosticsValueByNameAsULONG - Status 0x0
Wdf01000: DriverEntry
WdfLdr: WdfRegisterLibrary - Module(85F71F70)
Wdf01000: LibraryCommission
Wdf01000: OsVersion(5.1)
WdfLdr: GetImageName - Version Image Name "TitanHide.sys"
WdfLdr: LibraryLinkInClient - Client Image Name: TitanHide.sys
Wdf01000: LibraryRegisterClient: enter
WdfLdr: WdfVersionBind - WdfLdr: libraryRegisterClient: LibraryLinkInClient failed C0000024
WdfLdr: ClientCleanupAndFree - Client Image Name: TitanHide.sys
WdfLdr: LibraryReleaseClientReference - WdfLdr: LibraryReleaseClientReference: Dereference module \Registry\Machine\System\CurrentControlSet\Services\Wdf01000
Wdf01000: LibraryDecommission: enter
Wdf01000: LibraryDecommission: exit
WdfLdr: LibraryUnload - WdfLdr: LibraryUnload: Unload module \Registry\Machine\System\CurrentControlSet\Services\Wdf01000
Wdf01000: DriverUnload
WdfLdr: WdfVersionUnbind - WdfLdr: WdfVersionUnbind: exit: 0
WdfLdr: WdfVersionBind - Returning with Status 0xc0000024
WdfLdr: DllUnload - WdfLdr: DllUnload: enter
WdfLdr: DllUnload - WdfLdr: DllUnload: exit

Quick googling leads us to possible KMDF version mismatch http://stackoverflow.com/questions/13254487/why-am-i-getting-error-code-6-on-startservice

TitanHideTest / TitanHideGui cannot be started and explorer says it's "not valid win32 application". Probably also dll/os version mismatch but I didn't dig into it yet.

Bitbucket: https://bitbucket.org/mrexodia/titanhide/issue/14

Duncan Ogilvie · Answer 1 · Sat Jul 16 2016 22:48:05 GMT+0800 (China Standard Time)

Original comment by Duncan (Bitbucket: mrexodia, GitHub: mrexodia):

If you find a fix that's welcome. I don't provide support for TitanHide.

Matthijs Lavrijsen · Answer 2 · Sun Oct 23 2016 04:14:09 GMT+0800 (China Standard Time)

This should be fixable by changing all occurrences of <DriverType>KMDF</DriverType> with <DriverType>WDM</DriverType> in the .vcxproj and recompiling. TitanHide is a pure WDM driver, it doesn't need the KMDF (which is what WdfLdr comes from and why it's deployed with the .sys when you compile as KMDF).

Duncan Ogilvie · Answer 3 · Sun Oct 23 2016 05:46:42 GMT+0800 (China Standard Time)

Thanks @Mattiwatti!