KMDF Class Filter Drive INITSTARTFAILED  
Author Message
Bamboo182





PostPosted: Mon Oct 09 17:37:45 CDT 2006 Top

Drivers >> KMDF Class Filter Drive INITSTARTFAILED

Hi,

I'm working on a class filter driver but to start I have installed the
filter as a device upper filter on a device of the class that I am to
filter on (both have services installed at boot time). It works fine
as a device upper filter with the exception that in the registry key I
have noticed that it sets INITSTARTFAILED to 1 for the enum key of the
service (i.e. .../System/CurrentControlSet/Service/myService/Enum).
However the count is 1 as is the nextInstance. I thought that if the
service truly did fail that the count would be zero? The filter driver
installed correctly as it does what it is supposed to do. Furthermore,
setting a breakpoint on my driver entry results in the behavior
expected (registers my device add and everything).

It works as far as I can tell except for the INITSTARTFAILED that is
set. I have deleted the key and the next time I boot it is back again.


I think this may be a problem because when I try and have the filter be
a class filter driver, I get an INACCESSIBLE_BOOT_DEVICE (7b)

I just want to make sure this INITSTARTFAILED doesnt' have anything to
do with this... In order to make the filter a class filter I have added
to the key corresponding to the class guid in
currentcontrolset/control/classs with UpperFilters myFilt. I have also
tried putting in a CoInstallers32
wdfcoinstaller01005.dll,WdfCoInstaller since when I installed the
filter as a device filter it put those values in the device instance
key (am I missing something else?)

So I guess I really have two questions

1. Anyone know why INITSTARTFAILED would be set to 1, but yet load the
service and it function properly?

2. Anyone know if for a CLASS filter driver if there are any other
values I have to set besides the UpperFilters in the registry key for
the class?

Thanks in advance!

Windows OS154  
 
 
gabenbecca





PostPosted: Mon Oct 09 17:37:45 CDT 2006 Top

Drivers >> KMDF Class Filter Drive INITSTARTFAILED
Ok, I think I figured the init start thing. I had the service set for
boot start because from what I've read, if the driver is boot start,
the filter should be as well... At the bottom of the document linked
here explains that that is how it should be.
ttp://www.osronline.com/article.cfm?article=446

However, in windbg I noticed that WDFLDR would try and load the driver
but would fail (status 0xc0000001 or status 0xc0000034). status
0xc0000034 would be there if I did
"eb WDFLDR!WdfLdrDiags 1" It would try and query a key located at
CurrentControlSet\Wdf\Kmdf\Diagnostics. There wasn't a Diagnostics
key in Kmdf so I created it. I got less errors but still a 0xc0000034
after a query to ZwQueryValueKey. Looking at the stack and memory I
found that it was trying to find a value named DbgPrintOn. So I
created that in Diagnostics and set it to one. That got rid of the
0xC0000034.

Status 0xC0000001 NT_STATUS_UNSUCCESSFUL wasn't very helpful so I
stepped through again until I found that the real status was
NT_STATUS_IMAGE_ALREADY_LOADED but it just overwrote it with
NT_STATUS_UNSUCCESSFUL. Looking at the modules loaded I saw that my
filter driver was both loaded and unloaded. I guess it was trying to
load the filter driver but couldn't yet so it had to try again later.
That is why I would get the INITFAILEDSTART set to 1 but yet the
service would be loaded and the filter driver functional.

So I set the Start key to System Start (and demand start) and it worked
fine. One try to load => no INITFAILEDSTART.

Ok now for the second problem. Having it run as a class filter driver.
Now I am stuck. If I edit I create the value UpperFilters with my
filter driver on the class key, during boot it crashes. WDFLDR prints
out nothing but success messages. Even with all the verbose and debug
prints turned on. The error I get is

INACCESSIBLE_BOOT_DEVICE (7b)
.
.
.


DEFAULT_BUCKET_ID: DRIVER_FAULT

BUGCHECK_STR: 0x7B

LAST_CONTROL_TRANSFER: from 8053225b to 804e3592

STACK_TEXT:
f7aaa090 8053225b 00000003 f7aaa3ec 00000000
nt!RtlpBreakWithStatusInstruction
f7aaa0dc 80532d2e 00000003 00000000 80088000
nt!KiBugCheckDebugBreak+0x19
f7aaa4bc 8053331e 0000007b f7aaa528 c0000034 nt!KeBugCheck2+0x574
f7aaa4dc 806b85d3 0000007b f7aaa528 c0000034 nt!KeBugCheckEx+0x1b
f7aaa644 806a7dc1 80088000 00000000 80088000
nt!IopMarkBootPartition+0x113
f7aaa694 8069e45b 80088000 f7aaa6b0 00034000
nt!IopInitializeBootDrivers+0x4ba
f7aaa83c 8069f7f8 80088000 00000000 837cb548 nt!IoInitSystem+0x712
f7aaadac 8057be15 80088000 00000000 00000000
nt!Phase1Initialization+0x9b5
f7aaaddc 804fa4da 8069f086 80088000 00000000
nt!PspSystemThreadStartup+0x34
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16

I know Microsoft is trying to encourage us to use KMDF so hopefully
they can chime in. I accidentally posted with my non-work email but I
hear if I post with my ni.com email I might get a better response :-)

 
 
Eliyas





PostPosted: Tue Oct 10 10:53:43 CDT 2006 Top

Drivers >> KMDF Class Filter Drive INITSTARTFAILED What is the start type of Wdf01000 service on your system? Make sure it's
set to zero if your KMDF driver is part of boot start device.

-Eliyas



>
> Ok, I think I figured the init start thing. I had the service set for
> boot start because from what I've read, if the driver is boot start,
> the filter should be as well... At the bottom of the document linked
> here explains that that is how it should be.
> ttp://www.osronline.com/article.cfm?article=446
>
> However, in windbg I noticed that WDFLDR would try and load the driver
> but would fail (status 0xc0000001 or status 0xc0000034). status
> 0xc0000034 would be there if I did
> "eb WDFLDR!WdfLdrDiags 1" It would try and query a key located at
> CurrentControlSet\Wdf\Kmdf\Diagnostics. There wasn't a Diagnostics
> key in Kmdf so I created it. I got less errors but still a 0xc0000034
> after a query to ZwQueryValueKey. Looking at the stack and memory I
> found that it was trying to find a value named DbgPrintOn. So I
> created that in Diagnostics and set it to one. That got rid of the
> 0xC0000034.
>
> Status 0xC0000001 NT_STATUS_UNSUCCESSFUL wasn't very helpful so I
> stepped through again until I found that the real status was
> NT_STATUS_IMAGE_ALREADY_LOADED but it just overwrote it with
> NT_STATUS_UNSUCCESSFUL. Looking at the modules loaded I saw that my
> filter driver was both loaded and unloaded. I guess it was trying to
> load the filter driver but couldn't yet so it had to try again later.
> That is why I would get the INITFAILEDSTART set to 1 but yet the
> service would be loaded and the filter driver functional.
>
> So I set the Start key to System Start (and demand start) and it worked
> fine. One try to load => no INITFAILEDSTART.
>
> Ok now for the second problem. Having it run as a class filter driver.
> Now I am stuck. If I edit I create the value UpperFilters with my
> filter driver on the class key, during boot it crashes. WDFLDR prints
> out nothing but success messages. Even with all the verbose and debug
> prints turned on. The error I get is
>
> INACCESSIBLE_BOOT_DEVICE (7b)
> .
> .
> .
>
>
> DEFAULT_BUCKET_ID: DRIVER_FAULT
>
> BUGCHECK_STR: 0x7B
>
> LAST_CONTROL_TRANSFER: from 8053225b to 804e3592
>
> STACK_TEXT:
> f7aaa090 8053225b 00000003 f7aaa3ec 00000000
> nt!RtlpBreakWithStatusInstruction
> f7aaa0dc 80532d2e 00000003 00000000 80088000
> nt!KiBugCheckDebugBreak+0x19
> f7aaa4bc 8053331e 0000007b f7aaa528 c0000034 nt!KeBugCheck2+0x574
> f7aaa4dc 806b85d3 0000007b f7aaa528 c0000034 nt!KeBugCheckEx+0x1b
> f7aaa644 806a7dc1 80088000 00000000 80088000
> nt!IopMarkBootPartition+0x113
> f7aaa694 8069e45b 80088000 f7aaa6b0 00034000
> nt!IopInitializeBootDrivers+0x4ba
> f7aaa83c 8069f7f8 80088000 00000000 837cb548 nt!IoInitSystem+0x712
> f7aaadac 8057be15 80088000 00000000 00000000
> nt!Phase1Initialization+0x9b5
> f7aaaddc 804fa4da 8069f086 80088000 00000000
> nt!PspSystemThreadStartup+0x34
> 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
>
> I know Microsoft is trying to encourage us to use KMDF so hopefully
> they can chime in. I accidentally posted with my non-work email but I
> hear if I post with my ni.com email I might get a better response :-)
>


 
 
Gabe





PostPosted: Tue Oct 10 13:27:30 CDT 2006 Top

Drivers >> KMDF Class Filter Drive INITSTARTFAILED Thanks for replying Eliyas.

It is also at zero



> What is the start type of Wdf01000 service on your system? Make sure it's
> set to zero if your KMDF driver is part of boot start device.
>
> -Eliyas
>


> >
> > Ok, I think I figured the init start thing. I had the service set for
> > boot start because from what I've read, if the driver is boot start,
> > the filter should be as well... At the bottom of the document linked
> > here explains that that is how it should be.
> > ttp://www.osronline.com/article.cfm?article=446
> >
> > However, in windbg I noticed that WDFLDR would try and load the driver
> > but would fail (status 0xc0000001 or status 0xc0000034). status
> > 0xc0000034 would be there if I did
> > "eb WDFLDR!WdfLdrDiags 1" It would try and query a key located at
> > CurrentControlSet\Wdf\Kmdf\Diagnostics. There wasn't a Diagnostics
> > key in Kmdf so I created it. I got less errors but still a 0xc0000034
> > after a query to ZwQueryValueKey. Looking at the stack and memory I
> > found that it was trying to find a value named DbgPrintOn. So I
> > created that in Diagnostics and set it to one. That got rid of the
> > 0xC0000034.
> >
> > Status 0xC0000001 NT_STATUS_UNSUCCESSFUL wasn't very helpful so I
> > stepped through again until I found that the real status was
> > NT_STATUS_IMAGE_ALREADY_LOADED but it just overwrote it with
> > NT_STATUS_UNSUCCESSFUL. Looking at the modules loaded I saw that my
> > filter driver was both loaded and unloaded. I guess it was trying to
> > load the filter driver but couldn't yet so it had to try again later.
> > That is why I would get the INITFAILEDSTART set to 1 but yet the
> > service would be loaded and the filter driver functional.
> >
> > So I set the Start key to System Start (and demand start) and it worked
> > fine. One try to load => no INITFAILEDSTART.
> >
> > Ok now for the second problem. Having it run as a class filter driver.
> > Now I am stuck. If I edit I create the value UpperFilters with my
> > filter driver on the class key, during boot it crashes. WDFLDR prints
> > out nothing but success messages. Even with all the verbose and debug
> > prints turned on. The error I get is
> >
> > INACCESSIBLE_BOOT_DEVICE (7b)
> > .
> > .
> > .
> >
> >
> > DEFAULT_BUCKET_ID: DRIVER_FAULT
> >
> > BUGCHECK_STR: 0x7B
> >
> > LAST_CONTROL_TRANSFER: from 8053225b to 804e3592
> >
> > STACK_TEXT:
> > f7aaa090 8053225b 00000003 f7aaa3ec 00000000
> > nt!RtlpBreakWithStatusInstruction
> > f7aaa0dc 80532d2e 00000003 00000000 80088000
> > nt!KiBugCheckDebugBreak+0x19
> > f7aaa4bc 8053331e 0000007b f7aaa528 c0000034 nt!KeBugCheck2+0x574
> > f7aaa4dc 806b85d3 0000007b f7aaa528 c0000034 nt!KeBugCheckEx+0x1b
> > f7aaa644 806a7dc1 80088000 00000000 80088000
> > nt!IopMarkBootPartition+0x113
> > f7aaa694 8069e45b 80088000 f7aaa6b0 00034000
> > nt!IopInitializeBootDrivers+0x4ba
> > f7aaa83c 8069f7f8 80088000 00000000 837cb548 nt!IoInitSystem+0x712
> > f7aaadac 8057be15 80088000 00000000 00000000
> > nt!Phase1Initialization+0x9b5
> > f7aaaddc 804fa4da 8069f086 80088000 00000000
> > nt!PspSystemThreadStartup+0x34
> > 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
> >
> > I know Microsoft is trying to encourage us to use KMDF so hopefully
> > they can chime in. I accidentally posted with my non-work email but I
> > hear if I post with my ni.com email I might get a better response :-)
> >

 
 
gabenbecca





PostPosted: Tue Oct 10 15:59:42 CDT 2006 Top

Drivers >> KMDF Class Filter Drive INITSTARTFAILED Are there any boot order issues with trying to do a class filter on
System? I think I am gett getting the INACCESSIBLE_BOOT_DEVICE because
the filter driver fails to load due to a dependency on Wdf01000.sys

WDFLDR!DllInitialize:
f75e0372 8bff mov edi,edi
kd> g
WdfLdr: DllInitialize - OsVersion(5.1)
Breakpoint 1 hit
nipciflt!FxDriverEntry:
f7ad3708 8bff mov edi,edi
kd> g
WdfLdr: GetVersionRegistryHandle - Component path
\Registry\Machine\System\CurrentControlSet\Control\Wdf\Kmdf\KmdfLibrary\Versions
WdfLdr: GetVersionServicePath - GetVersionServicePath
(\Registry\Machine\System\CurrentControlSet\Services\Wdf01000)
WdfLdr: ReferenceVersion - ERROR: FindModuleByServiceName
(\Registry\Machine\System\CurrentControlSet\Services\Wdf01000) failed
with Status 0xc0000001
WdfLdr: ReferenceVersion - ERROR: Failed with Status 0xc0000001
WdfLdr: WdfVersionBind - ERROR: ReferenceVersion failed with Status
0xc0000001
WdfLdr: WdfVersionBind - Returning with Status 0xc0000001
WdfLdr: WdfLdrDiagnosticsValueByNameAsULONG - Value 0x1
WdfLdr: WdfLdrDiagnosticsValueByNameAsULONG - Status 0x0
WdfLdr: GetVersionImageName - Version Image Name "Wdf01000.sys"
WdfLdr: WdfRegisterLibrary - Module(837B4198)

However, if I don't put set the UpperFilters in the class key the
driver loads just fine...

WdfLdr: DllInitialize - OsVersion(5.1)
WdfLdr: WdfLdrDiagnosticsValueByNameAsULONG - Value 0x1
WdfLdr: WdfLdrDiagnosticsValueByNameAsULONG - Status 0x0
WdfLdr: GetVersionImageName - Version Image Name "Wdf01000.sys"
WdfLdr: WdfRegisterLibrary - Module(837CCFB0)
Breakpoint 1 hit
nipciflt!FxDriverEntry:
f7ad3708 8bff mov edi,edi
kd> g
WdfLdr: GetVersionRegistryHandle - Component path
\Registry\Machine\System\CurrentControlSet\Control\Wdf\Kmdf\KmdfLibrary\Versions
WdfLdr: GetVersionServicePath - GetVersionServicePath
(\Registry\Machine\System\CurrentControlSet\Services\Wdf01000)
WdfLdr: GetClientImageName - Client Image Name: nipciflt.sys
WdfLdr: LinkClientToLibrary - Client Image Name: nipciflt.sys
WdfLdr: WdfVersionBind - Returning with Status 0x0

So it seems that the there is a dependency on Wdf01000.sys. Is there
a recommended way to set this? It seems that setting UpperFilter in
the class key changed when it tried to load the filter driver.
Hopefully I am looking in the right direction; NT_STATUS_UNSUCCESSFUL
is not very informative...

Thanks Gabe,