FindWDK
FindWDK copied to clipboard
SergiusTheBest
Can't create a service for the driver
All versions are the same for both host and target Windows version: Windows 10 home 21H2 19044.1826 WDK version: 10.0.22621.0
I try to run on host:
sc.exe create driver_name type=kernel binPath=C:\Users\WDKRemoteUser\Desktop\driver_name .sys start=demand
sc.exe start driver_name
this is the output I get when I query for the service:
SERVICE_NAME: driver_name
TYPE : 1 KERNEL_DRIVER
STATE : 1 STOPPED
WIN32_EXIT_CODE : 87 (0x57)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
Problem it doesn't happen when I try to run driver as a service if I compile a test driver with a vs solution. I tried to compare the compiler and linker options but could find something relevant that is missing that might cause this. Here's the vs solution compiled driver compiler and linker options:
/ifcOutput "x64\Debug\" /GS /W4 /wd"4748" /wd"4603" /wd"4627" /wd"4986" /wd"4987" /Gy /Zc:wchar_t- /I"x64\Debug\" /analyze:"stacksize1024" /guard:cf /Zi /Gm- /Od /Fd"x64\Debug\vc143.pdb" /FI"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22621.0\shared\warning.h" /Zc:inline /fp:precise /Zp8 /D "_WIN64" /D "_AMD64_" /D "AMD64" /D "DEPRECATE_DDK_FUNCTIONS=1" /D "MSC_NOOPT" /D "_WIN32_WINNT=0x0A00" /D "WINVER=0x0A00" /D "WINNT=1" /D "NTDDI_VERSION=0xA00000C" /D "DBG=1" /errorReport:prompt /GF /WX /Zc:forScope /GR- /Gz /Oy- /Oi /FC /Fa"x64\Debug\" /nologo /Fo"x64\Debug\" /Fp"x64\Debug\driver-test.pch" /diagnostics:column
/OUT:"C:\Users\user\Desktop\driver-test\driver-test\x64\Debug\driver-test.sys"
/MANIFEST:NO
/PROFILE
/Driver
/PDB:"C:\Users\user\Desktop\driver-test\driver-test\x64\Debug\driver-test.pdb"
"C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\km\x64\BufferOverflowFastFailK.lib"
"C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\km\x64\ntoskrnl.lib"
"C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\km\x64\hal.lib"
"C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\km\x64\wmilib.lib"
"C:\Program Files (x86)\Windows Kits\10\lib\wdf\kmdf\x64\1.15\WdfLdr.lib"
"C:\Program Files (x86)\Windows Kits\10\lib\wdf\kmdf\x64\1.15\WdfDriverEntry.lib"
/RELEASE
/VERSION:"10.0"
/DEBUG
/MACHINE:X64
/ENTRY:"FxDriverEntry"
/WX
/OPT:REF
/INCREMENTAL:NO
/PGD:"C:\Users\user\Desktop\driver-test\driver-test\x64\Debug\driver-test.pgd"
/SUBSYSTEM:NATIVE",10.00"
/LTCGOUT:"x64\Debug\driver-test.iobj"
/OPT:ICF
/ERRORREPORT:PROMPT
/MERGE:"_TEXT=.text;_PAGE=PAGE"
/ILK:"x64\Debug\driver-test.ilk"
/NOLOGO
/NODEFAULTLIB
/SECTION:"INIT,d"
EDIT: Actually after some playing I don't know what I did but I get this everytime I try to run the service:
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Integrity check is disabled, test signing and debug are on, bcdedit output:
Windows Boot Manager
--------------------
...
Windows Boot Loader
-------------------
...
loadoptions DDISABLE_INTEGRITY_CHECK
...
nointegritychecks Yes
testsigning Yes
...
debug Yes
To be clear I never signed the driver with a test signature before this problem occurred, so I don't know how I even got this?
DISABLE_INTEGRITY_CHECK is ignored since Windows 7. You need to test sign the driver and enable testing mode or disable driver signature enforcement in the advanced boot options:
- Restart your computer by pressing the shift key.
- You will be on a blue screen asking you to “Choose an Option”.
- Then select “Troubleshoot” from the options.
- Then click on “Advanced Options”.
- Then click on “Startup Settings”.
- Then click on “Restart”.
- Then your Computer will start and ask you to press a number to choose the option.
- Please press 7 or F7 to “disable driver signature enforcement”.
It's very convenient to use a virtual machine and create a snapshot with driver signature enforcement disabled.
