Service doesn't start

[halsten]

Really nice, I have tried compiling it as well as the compiled binary and the service always fails at FltRegisterFilter() running on Win 7 SP1 x86. The log file is created with that error and a "Bye" string. Any ideas?

[tandasat]

Thank you for your interest and reporting the issue. Let me check and get back to you with in a few days.

[halsten]

Sure thing. Thank you for the speedy reply too.

[tandasat]

Can you tell me how you loaded the driver? Did you use a DrvLoader with -F option as readme explains? Since the driver is a minifilter, it cannot be loaded if you use only the sc command.

[halsten]

I didn't use the tool, but I wrote an INF file. And I have 3 altitudes for it. I choose "348000" for the undelete, "348999" for monitoring and the last one was "348444". As I remember the altitudes differs in the nature of the mini filter. I could be wrong.

[halsten]

I think it would have been better also if you provided the INF file as its just a good practice.

[halsten]

I also tried using only 1 altitude and it was the same issue, but I highly doubt its because of that.

[tandasat]

Providing an INF file sounds logical and makes sense to me since not many of people want to get an extra tool to install another random tool.

Could you try a DrvLoader? If it does not work, the issue will be a priority. If it works, I will add an INF file by the time of the next release as a 'nice to do' thing.

[halsten]

Sure thing, give me 5 minutes.

[halsten]

Okay, your compiled version works well with DrvLoad. Seems odd cause the INF file I used was pre-generated from Visual Studio.

The source when compiled (no modification whatsoever) seems to fail to even load. Would there by any chances you made from the compiled and the source?

[halsten]

So to sum it up:

Binary version with DrvLoad -> Works Binary version with INF -> Didn't work Source code with DrvLoad -> Didn't work Source code with INF -> Didn't work

[tandasat]

Thank you for through tests. That sounds odd to me too.

Although source code versions are not tested as careful as released versions are, it is definitely not desirable that source versions do not work. I will take some time to see what's wrong within a few days and try to fix it (and I will add an INF as well).

Again, thank you for reporting this.

[halsten]

Not at all, thank you for sharing and please keep adding more filters, I have enjoyed this one a lot.

[tandasat]

This issue is going to be addressed with #3 or after VS2015 released (July 20).

[halsten]

Are you saying this problem is due to compilation on VS2013? If so, I don't think it could be the reason. Unless you have a valid reason on why it fails on the previously explained API. I think its not a compiler issue and probably a code issue.

[tandasat]

No, I am not. At this time, I do not know why it is failing but do not believe that It is a compiler related issue. It is more like an issue caused by a lack of an installation package in this project.

I am going to align the project with 'a valid mini filter driver package' using auto-generated files including an INF file by VS2015, and am going to allow users to load it using the INF file. That should address this issue.

[halsten]

I doubt its the INF, but lets see if this can solve it anyway.

[halsten]

I really verified it with a manually written INF and an auto-generated INF.

[tandasat]

Do you want to try the fix? https://github.com/tandasat/Scavenger/releases/tag/v1.2.1

You should be able to compile it with both VS2013 and 2015RC without modification and install a compiled driver using an INF file under a "Scavenger Package" folder.

I tested it on Win7 x86 and Win8,1 x64 with the following commands:

%SystemRoot%\System32\InfDefaultInstall.exe "C:\Users\user\Desktop\Scavenger Package\Scavenger.inf" sc start Scavenger .. check if DebugView is showing logs ... sc stop Scavenger

Some modifications were made to remove ScopedResource to compile it with 2015. Other than that, it is pretty much the same as HEAD.

[halsten]

It loads at least and the service runs, but there is no log and no activity in the Scavenger folder.

EDIT: 1:22 PM 14/7/2015 My bad, I made the mistake of not updating the source files, I now see that you have removed the RAII wrapper, thank you very much for doing that. It was rather a pain for my eyes. Works fine. If you can do the same for RemoteWriteMonitor, that'd be appreciated.

[tandasat]

Thank you for updating a comment and checking again. I was thinking about how I could troubleshoot that. Yes, I am going to remove ScopedResourece from RemoteWriteMonitor as well as this project as it does not compile.

I am going to update this project's repository soon and make comment here for checking and closing this issue once it is done.

[halsten]

Also another request if you don't mind. Can you please stick to the Windows Driver Framework standards? Like using the proper type definitions instead of "auto" and actually having a "C" instead of a "CPP" source file. A lot of unnecessary externs and and the alloc_pragma text sections should just be grouped together in one place? I think this is standard and avoid confusion and makes it also simple to read.

[tandasat]

Hi, I have updated release binaries and the repository. Can you test if you are able to install and use the driver with an INF file (or a batch file using the INF file)? https://github.com/tandasat/Scavenger/tree/1.3

[tandasat]

Regarding with the requests above, I am not going to work on them at this time because none of my projects is meant to be an implementation reference with that quality of formality. I agree your points that sticking with the standard makes read and contribute code easier for majority of people, but I am not quite interested in those factors that much. I hope you understand that.

However, feel free to file separate issues for them if you still wish to change those non-standard styles. If the same request is made by many other people, I would prioritize it.