Win 8.1 DeviceIoControl fail in SendDriverCommand() (3.1.6)
-
- Posts: 12
- Joined: Tue Feb 04, 2014 8:10 pm
Win 8.1 DeviceIoControl fail in SendDriverCommand() (3.1.6)
I'm seeing a failure in my 64bit Win8.1 Injection Service.
In the particular failure case, the service is attempting to inject a 32-bit dll into a process and appears to have the correct dll name, path, etc. The code gets as far as calling DeviceIoControl in SendDriverCommand but fails with GetLastError code of 0x1f (31) which appears to translate to something like: "a device attached to the system is not functioning." The 64-bit .sys file is present and correct and as far as I know is being installed correctly and without errors (all of this works on earlier versions of windows). Annoyingly, Microsoft seems to have removed the capability to inspect non-plug and play drivers from Device Manager in Win 8.1
Any insight appreciated.
Pete
In the particular failure case, the service is attempting to inject a 32-bit dll into a process and appears to have the correct dll name, path, etc. The code gets as far as calling DeviceIoControl in SendDriverCommand but fails with GetLastError code of 0x1f (31) which appears to translate to something like: "a device attached to the system is not functioning." The 64-bit .sys file is present and correct and as far as I know is being installed correctly and without errors (all of this works on earlier versions of windows). Annoyingly, Microsoft seems to have removed the capability to inspect non-plug and play drivers from Device Manager in Win 8.1
Any insight appreciated.
Pete
Re: Win 8.1 DeviceIoControl fail in SendDriverCommand() (3.1
My best guess would be that the driver didn't start for whatever reason, maybe a signature problem of some sort. Please try one of the demo projects:
http://madshi.net/HookProcessCreation.zip
http://madshi.net/PrintMonitor.zip
Do these run and work ok on your machine? If so, try to recreate the driver of the demo project with your own certificate and check if the demo still works correctly. If it does not, something is wrong with your signing process.
http://madshi.net/HookProcessCreation.zip
http://madshi.net/PrintMonitor.zip
Do these run and work ok on your machine? If so, try to recreate the driver of the demo project with your own certificate and check if the demo still works correctly. If it does not, something is wrong with your signing process.
-
- Posts: 12
- Joined: Tue Feb 04, 2014 8:10 pm
Re: Win 8.1 DeviceIoControl fail in SendDriverCommand() (3.1
OK, thanks for the info. I'll give the demos a try. BTW, does Win8.1 impose any known new/different signing requirements?
Re: Win 8.1 DeviceIoControl fail in SendDriverCommand() (3.1
Not for normal processes. Some of the key system processes/services refuse to accept dlls which are not signed with a custom Microsoft certificate in Windows 8.1, though...
-
- Posts: 12
- Joined: Tue Feb 04, 2014 8:10 pm
Re: Win 8.1 DeviceIoControl fail in SendDriverCommand() (3.1
The HookProcessCreate example works fine in my Win8.1 environment.
I realized I had not updated my build environment with the 3.1.6 renameme64.sys - I was still using the old (3.1.2) instance. So, I rebuilt my 64-bit dll and created and signed my sys file using the correct one. Unfortunately I'm now seeing an error when I attempt to load the driver using my ControlInjectionDriver app. This fails in StartInjectionDriver() on the call to QueryServiceStatus() which gives a last error of 193 which is "ERROR_BAD_EXE_FORMAT - not a valid Win32 Application." Not sure what 32-bit item it's looking for but the app is 64-bit and the .sys is 64-bit. Probably something silly I did in the build. I'm guessing if I can get past this issue, the use of the correct .sys file will fix my prior problem.
I realized I had not updated my build environment with the 3.1.6 renameme64.sys - I was still using the old (3.1.2) instance. So, I rebuilt my 64-bit dll and created and signed my sys file using the correct one. Unfortunately I'm now seeing an error when I attempt to load the driver using my ControlInjectionDriver app. This fails in StartInjectionDriver() on the call to QueryServiceStatus() which gives a last error of 193 which is "ERROR_BAD_EXE_FORMAT - not a valid Win32 Application." Not sure what 32-bit item it's looking for but the app is 64-bit and the .sys is 64-bit. Probably something silly I did in the build. I'm guessing if I can get past this issue, the use of the correct .sys file will fix my prior problem.
Re: Win 8.1 DeviceIoControl fail in SendDriverCommand() (3.1
Yeah, the 3.1.2 driver doesn't work in win 8.1. Not sure where the ERROR_BAD_EXE_FORMAT problem comes from. Sounds weird, haven't seen this yet. I guess you would get that when trying to use a 64bit exe in a 32bit OS, but your OS is 64bit, right?
-
- Posts: 12
- Joined: Tue Feb 04, 2014 8:10 pm
Re: Win 8.1 DeviceIoControl fail in SendDriverCommand() (3.1
Yes, definitely a 64-bit instance of Windows 8.1.
I'm in the process of rebuilding, making sure everything points to 3.1.6 and will try again in a bit and report back.
Thanks.
I'm in the process of rebuilding, making sure everything points to 3.1.6 and will try again in a bit and report back.
Thanks.
-
- Posts: 12
- Joined: Tue Feb 04, 2014 8:10 pm
Re: Win 8.1 DeviceIoControl fail in SendDriverCommand() (3.1
Rebuilding with the correct driver (the one with the version resource) fixed my issues. Our confiDriver.sh script depends on having that driver present so we can update the version info. So I can confirm that 3.1.6 fixes the initial problem we observed when using Win 8.1.
Thanks for the support.
Thanks for the support.