search

SergiusTheBest / FindWDK

CMake module for building drivers with Windows Development Kit (WDK)
BSD 3-Clause "New" or "Revised" License
251 stars 53 forks source link

Can't create a service for the driver #26

Closed Kashio closed 1 year ago

Kashio commented 2 years ago

All versions are the same for both host and target Windows version: Windows 10 home 21H2 19044.1826 WDK version: 10.0.22621.0

I try to run on host:

sc.exe create driver_name type=kernel binPath=C:\Users\WDKRemoteUser\Desktop\driver_name .sys start=demand
sc.exe start driver_name

this is the output I get when I query for the service:

SERVICE_NAME: driver_name 
        TYPE               : 1  KERNEL_DRIVER
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 87  (0x57)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

Problem it doesn't happen when I try to run driver as a service if I compile a test driver with a vs solution. I tried to compare the compiler and linker options but could find something relevant that is missing that might cause this. Here's the vs solution compiled driver compiler and linker options:

/ifcOutput "x64\Debug\" /GS /W4 /wd"4748" /wd"4603" /wd"4627" /wd"4986" /wd"4987" /Gy /Zc:wchar_t- /I"x64\Debug\" /analyze:"stacksize1024" /guard:cf /Zi /Gm- /Od /Fd"x64\Debug\vc143.pdb" /FI"C:\Program Files (x86)\Windows Kits\10\Include\10.0.22621.0\shared\warning.h" /Zc:inline /fp:precise /Zp8 /D "_WIN64" /D "_AMD64_" /D "AMD64" /D "DEPRECATE_DDK_FUNCTIONS=1" /D "MSC_NOOPT" /D "_WIN32_WINNT=0x0A00" /D "WINVER=0x0A00" /D "WINNT=1" /D "NTDDI_VERSION=0xA00000C" /D "DBG=1" /errorReport:prompt /GF /WX /Zc:forScope /GR- /Gz /Oy- /Oi /FC /Fa"x64\Debug\" /nologo /Fo"x64\Debug\" /Fp"x64\Debug\driver-test.pch" /diagnostics:column 
/OUT:"C:\Users\user\Desktop\driver-test\driver-test\x64\Debug\driver-test.sys"
/MANIFEST:NO
/PROFILE
/Driver
/PDB:"C:\Users\user\Desktop\driver-test\driver-test\x64\Debug\driver-test.pdb"
"C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\km\x64\BufferOverflowFastFailK.lib"
"C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\km\x64\ntoskrnl.lib"
"C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\km\x64\hal.lib"
"C:\Program Files (x86)\Windows Kits\10\lib\10.0.22621.0\km\x64\wmilib.lib"
"C:\Program Files (x86)\Windows Kits\10\lib\wdf\kmdf\x64\1.15\WdfLdr.lib"
"C:\Program Files (x86)\Windows Kits\10\lib\wdf\kmdf\x64\1.15\WdfDriverEntry.lib"
/RELEASE
/VERSION:"10.0"
/DEBUG
/MACHINE:X64
/ENTRY:"FxDriverEntry"
/WX
/OPT:REF
/INCREMENTAL:NO
/PGD:"C:\Users\user\Desktop\driver-test\driver-test\x64\Debug\driver-test.pgd"
/SUBSYSTEM:NATIVE",10.00"
/LTCGOUT:"x64\Debug\driver-test.iobj"
/OPT:ICF
/ERRORREPORT:PROMPT
/MERGE:"_TEXT=.text;_PAGE=PAGE"
/ILK:"x64\Debug\driver-test.ilk"
/NOLOGO
/NODEFAULTLIB
/SECTION:"INIT,d"

EDIT: Actually after some playing I don't know what I did but I get this everytime I try to run the service:

Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Integrity check is disabled, test signing and debug are on, bcdedit output:

Windows Boot Manager
--------------------
...
Windows Boot Loader
-------------------
...
loadoptions             DDISABLE_INTEGRITY_CHECK
...
nointegritychecks       Yes
testsigning             Yes
...
debug                   Yes

To be clear I never signed the driver with a test signature before this problem occurred, so I don't know how I even got this?

SergiusTheBest commented 2 years ago

DISABLE_INTEGRITY_CHECK is ignored since Windows 7. You need to test sign the driver and enable testing mode or disable driver signature enforcement in the advanced boot options:

  1. Restart your computer by pressing the shift key.
  2. You will be on a blue screen asking you to “Choose an Option”.
  3. Then select “Troubleshoot” from the options.
  4. Then click on “Advanced Options”.
  5. Then click on “Startup Settings”.
  6. Then click on “Restart”.
  7. Then your Computer will start and ask you to press a number to choose the option.
  8. Please press 7 or F7 to “disable driver signature enforcement”.

It's very convenient to use a virtual machine and create a snapshot with driver signature enforcement disabled.