Making Windows legacy driver non-stoppable programmatically
up vote
0
down vote
favorite
I am working on WinDRBD: https://github.com/LINBIT/windrbd
This driver is stoppable (so sc stop windrbd works). However at some points (when there are DRBD devices configured) I want to prevent the user from stopping the driver.
The driver is linked with
/DRIVER /SUBSYSTEM:WINDOWS /NODEFAULTLIB /ENTRY:DriverEntry
and AddDevice is not set (while DriverUnload is set and does the right thing (TM)).
What I am looking for is some kernel API call which sets and resets the STOPPABLE flag of the driver. I tried to reference the root device / driver object (via ObReferenceObjectByPointer()) which does not prevent the driver from being stopped. I also tried to have an open file handle to the root device object (which prevents the driver from being unloaded, it gets stuck in STOP_PENDING), but then the root device object cannot be opened any more (which is needed to bring the remaining resources down).
Is there a way to control the STOPPABLE flag programmatically? Thanks and best wishes, Johannes
windows kernel driver drbd
asked Nov 19 at 17:10
Johannes Thoma
593514
add a comment |
up vote
0
down vote
favorite
I am working on WinDRBD: https://github.com/LINBIT/windrbd
This driver is stoppable (so sc stop windrbd works). However at some points (when there are DRBD devices configured) I want to prevent the user from stopping the driver.
The driver is linked with
/DRIVER /SUBSYSTEM:WINDOWS /NODEFAULTLIB /ENTRY:DriverEntry
and AddDevice is not set (while DriverUnload is set and does the right thing (TM)).
What I am looking for is some kernel API call which sets and resets the STOPPABLE flag of the driver. I tried to reference the root device / driver object (via ObReferenceObjectByPointer()) which does not prevent the driver from being stopped. I also tried to have an open file handle to the root device object (which prevents the driver from being unloaded, it gets stuck in STOP_PENDING), but then the root device object cannot be opened any more (which is needed to bring the remaining resources down).
Is there a way to control the STOPPABLE flag programmatically? Thanks and best wishes, Johannes
windows kernel driver drbd
asked Nov 19 at 17:10
Johannes Thoma
593514
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I am working on WinDRBD: https://github.com/LINBIT/windrbd
This driver is stoppable (so sc stop windrbd works). However at some points (when there are DRBD devices configured) I want to prevent the user from stopping the driver.
The driver is linked with
/DRIVER /SUBSYSTEM:WINDOWS /NODEFAULTLIB /ENTRY:DriverEntry
and AddDevice is not set (while DriverUnload is set and does the right thing (TM)).
What I am looking for is some kernel API call which sets and resets the STOPPABLE flag of the driver. I tried to reference the root device / driver object (via ObReferenceObjectByPointer()) which does not prevent the driver from being stopped. I also tried to have an open file handle to the root device object (which prevents the driver from being unloaded, it gets stuck in STOP_PENDING), but then the root device object cannot be opened any more (which is needed to bring the remaining resources down).
Is there a way to control the STOPPABLE flag programmatically? Thanks and best wishes, Johannes
windows kernel driver drbd
asked Nov 19 at 17:10
Johannes Thoma
593514
I am working on WinDRBD: https://github.com/LINBIT/windrbd
This driver is stoppable (so sc stop windrbd works). However at some points (when there are DRBD devices configured) I want to prevent the user from stopping the driver.
The driver is linked with
/DRIVER /SUBSYSTEM:WINDOWS /NODEFAULTLIB /ENTRY:DriverEntry
and AddDevice is not set (while DriverUnload is set and does the right thing (TM)).
What I am looking for is some kernel API call which sets and resets the STOPPABLE flag of the driver. I tried to reference the root device / driver object (via ObReferenceObjectByPointer()) which does not prevent the driver from being stopped. I also tried to have an open file handle to the root device object (which prevents the driver from being unloaded, it gets stuck in STOP_PENDING), but then the root device object cannot be opened any more (which is needed to bring the remaining resources down).
Is there a way to control the STOPPABLE flag programmatically? Thanks and best wishes, Johannes
windows kernel driver drbd
windows kernel driver drbd
asked Nov 19 at 17:10
Johannes Thoma
593514
asked Nov 19 at 17:10
Johannes Thoma
593514
asked Nov 19 at 17:10
Johannes Thoma
593514
asked Nov 19 at 17:10
Johannes Thoma
593514
asked Nov 19 at 17:10
Johannes Thoma
593514
593514
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
1
down vote
accepted
After some experiments, I found that the setting the AddDevice member of the DriverExtension of the driver object (which is a parameter to the DriverEntry
function) to a non-NULL value prevents the driver from being unloaded. Setting
this member back to NULL allows the user to unload the driver via sc stop again.
So to prevent the driver from being unloaded, do
theDriverObject->DriverExtension->AddDevice = theAddDeviceFunction;
to make it unloadable again, do
theDriverObject->DriverExtension->AddDevice = NULL;
(where theAddDeviceFunction might be a function that just returns an error value as in:
NTSTATUS theAddDeviceFunction(
PDRIVER_OBJECT DriverObject,
PDEVICE_OBJECT PhysicalDeviceObject)
{
return STATUS_NO_SUCH_DEVICE;
}
)
Note that by doing so the value of the STOPPABLE flag printed by a sc query becomes meaningless .. it might say NOT STOPPABLE when the
driver can be unloaded and vice versa.
answered Nov 22 at 16:04
Johannes Thoma
593514
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
After some experiments, I found that the setting the AddDevice member of the DriverExtension of the driver object (which is a parameter to the DriverEntry
function) to a non-NULL value prevents the driver from being unloaded. Setting
this member back to NULL allows the user to unload the driver via sc stop again.
So to prevent the driver from being unloaded, do
theDriverObject->DriverExtension->AddDevice = theAddDeviceFunction;
to make it unloadable again, do
theDriverObject->DriverExtension->AddDevice = NULL;
(where theAddDeviceFunction might be a function that just returns an error value as in:
NTSTATUS theAddDeviceFunction(
PDRIVER_OBJECT DriverObject,
PDEVICE_OBJECT PhysicalDeviceObject)
{
return STATUS_NO_SUCH_DEVICE;
}
)
Note that by doing so the value of the STOPPABLE flag printed by a sc query becomes meaningless .. it might say NOT STOPPABLE when the
driver can be unloaded and vice versa.
answered Nov 22 at 16:04
Johannes Thoma
593514
add a comment |
up vote
1
down vote
accepted
After some experiments, I found that the setting the AddDevice member of the DriverExtension of the driver object (which is a parameter to the DriverEntry
function) to a non-NULL value prevents the driver from being unloaded. Setting
this member back to NULL allows the user to unload the driver via sc stop again.
So to prevent the driver from being unloaded, do
theDriverObject->DriverExtension->AddDevice = theAddDeviceFunction;
to make it unloadable again, do
theDriverObject->DriverExtension->AddDevice = NULL;
(where theAddDeviceFunction might be a function that just returns an error value as in:
NTSTATUS theAddDeviceFunction(
PDRIVER_OBJECT DriverObject,
PDEVICE_OBJECT PhysicalDeviceObject)
{
return STATUS_NO_SUCH_DEVICE;
}
)
Note that by doing so the value of the STOPPABLE flag printed by a sc query becomes meaningless .. it might say NOT STOPPABLE when the
driver can be unloaded and vice versa.
answered Nov 22 at 16:04
Johannes Thoma
593514
add a comment |
up vote
1
down vote
accepted
up vote
1
down vote
accepted
After some experiments, I found that the setting the AddDevice member of the DriverExtension of the driver object (which is a parameter to the DriverEntry
function) to a non-NULL value prevents the driver from being unloaded. Setting
this member back to NULL allows the user to unload the driver via sc stop again.
So to prevent the driver from being unloaded, do
theDriverObject->DriverExtension->AddDevice = theAddDeviceFunction;
to make it unloadable again, do
theDriverObject->DriverExtension->AddDevice = NULL;
(where theAddDeviceFunction might be a function that just returns an error value as in:
NTSTATUS theAddDeviceFunction(
PDRIVER_OBJECT DriverObject,
PDEVICE_OBJECT PhysicalDeviceObject)
{
return STATUS_NO_SUCH_DEVICE;
}
)
Note that by doing so the value of the STOPPABLE flag printed by a sc query becomes meaningless .. it might say NOT STOPPABLE when the
driver can be unloaded and vice versa.
answered Nov 22 at 16:04
Johannes Thoma
593514
After some experiments, I found that the setting the AddDevice member of the DriverExtension of the driver object (which is a parameter to the DriverEntry
function) to a non-NULL value prevents the driver from being unloaded. Setting
this member back to NULL allows the user to unload the driver via sc stop again.
So to prevent the driver from being unloaded, do
theDriverObject->DriverExtension->AddDevice = theAddDeviceFunction;
to make it unloadable again, do
theDriverObject->DriverExtension->AddDevice = NULL;
(where theAddDeviceFunction might be a function that just returns an error value as in:
NTSTATUS theAddDeviceFunction(
PDRIVER_OBJECT DriverObject,
PDEVICE_OBJECT PhysicalDeviceObject)
{
return STATUS_NO_SUCH_DEVICE;
}
)
Note that by doing so the value of the STOPPABLE flag printed by a sc query becomes meaningless .. it might say NOT STOPPABLE when the
driver can be unloaded and vice versa.
answered Nov 22 at 16:04
Johannes Thoma
593514
answered Nov 22 at 16:04
Johannes Thoma
593514
answered Nov 22 at 16:04
Johannes Thoma
593514
answered Nov 22 at 16:04
Johannes Thoma
593514
593514
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53379576%2fmaking-windows-legacy-driver-non-stoppable-programmatically%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
