I have a custom windows kernel driver I have compiled. I sign it with a test cert, create the cat file from the cdf, stamp the inx into a inf file, then load it with pnputil. I then create a software device with SwDeviceCreate so the OS will pair my driver and the driver. This works fine.
The problem is if i screw up something in the compilation and get something like an error code 39 (viewable in device manager), I do not see that error. Instead the OS seems to try to fix the error by loading the previously working version of the driver. In order to see that error, I have to purge the driver and device using pnputil /d oem42.inf along with a pnputil /remove-device, then restart my PC, that seems to fix the issue. This is difficult because it means i have to restart my PC every time i run a test. I know crashing a kernel driver can cause a panic anyway and cause me to restart, but there seems to be instances where this is not the case and the OS tries to rectify the issue without me (as it probably should).
So my question is this. Is there a way to completely purge my driver without a complete restart in-between installations/tests so I can correctly break it. I know I am suppose to use another machine and remote debug kernel drivers, but i do not have access to another machine right now that can support windows 11.
I've put together a Powershell script to allow me to connect my Bluetooth headphones to my PC without having to open the Bluetooth settings page each time (based on the ones in https://github.com/stanleyguevara/win10-bluetooth-headphones, but using Get-PnPDevice and Get-PnPDeviceProperty to check whether the device is connected rather than using an environment variable to save the state).
The script works, but there's one big QoL issue. The script uses the Bluetooth command line tools here to connect/disconnect the device (in particular, it uses the btcom command). However, these commands are very slow to run, with the whole process taking around a minute total. This is true even though I am using the device's MAC address to connect, and not its friendly name (which would be even slower). This makes using the script much slower than just opening the settings panel each time (though opening the settings panel is less convenient since it requires opening and going through multiple windows).
I've seen many questions about this sort of thing (how to connect/disconnect a Bluetooth device from cmd/powershell, but everything I've seen regarding Windows tends to suggest using the Bluetooth command line tools at the link above, so they don't solve the speed issue. Other things I've found suggest disabling the Bluetooth adapter entirely, which isn't what I want to do. Others suggest using the Win+K shortcut to open up the connections sidepanel, but this doesn't really address the question of whether there's a way to do this from cmd/powershell, and is slightly less automated since you have to wait a second for the list to populate and manually navigate to the device to connect/disconnect (though at least it solves the problem of opening a bunch of windows).
Is there a way to connect/disconnect from a Bluetooth device in cmd/powershell that is faster than btcom?
I have a WEC7 powered machine and instead of the Explorer shell I have loaded the Taskman shell instead.
But the SIP (Software input panle) is behaving strange.
When I click a teck box, the SIP is shown for a few seconds and then it is hidden again.
On a WindowsCE 5.0 there are no problems.
Thomas
It may be that the SIP relies on Shell_NotifyIcon being supported and successfully called. This is the API used to include icons in the tray bar. Its implementation relies on a windows with a specific class and title so you may be able to copy the code needed from explorer and include it in your custom version of taskman.
But the best thing to do would be trying to debug the SIP using platform builder.
As far as I know the code for the virtual keyboards is available. I don't remember about the rest of the implementation but, in any case, trying to run it in debug mode may lead to some hints about the issue.
I am starting to design a DMO to run from inside a windows media player activeX control in Internet Explorer.
is there any reason why using windows named pipes from inside the DMO wouldn't work?
user permissions/privilages/ kernel mode stuff?
Thanks :)
Roey
I have not tried it but I can't think of any particular reason it could not work. However, keep in mind that starting with Vista Internet Explorer runs as a low integrity level processes so any pipe you connect to will need to have it's access control set accordingly.
I have done this from a FireBreath plugin (activex control on IE, npapi on others) and the only thing you need to keep in mind is that activex controls in IE are often running in low integrity mode, so you need to make sure you set the ACL mask on the pipe correctly. As long as you have it configured correctly, it works fine.
Just curious here: is it possible to invoke a Windows Blue Screen of Death using .net managed code under Windows XP/Vista? And if it is possible, what could the example code be?
Just for the record, this is not for any malicious purpose, I am just wondering what kind of code it would take to actually kill the operating system as specified.
The keyboard thing is probably a good option, but if you need to do it by code, continue reading...
You don't really need anything to barf, per se, all you need to do is find the KeBugCheck(Ex) function and invoke that.
http://msdn.microsoft.com/en-us/library/ms801640.aspx
http://msdn.microsoft.com/en-us/library/ms801645.aspx
For manually initiated crashes, you want to used 0xE2 (MANUALLY_INITIATED_CRASH) or 0xDEADDEAD (MANUALLY_INITIATED_CRASH1) as the bug check code. They are reserved explicitly for that use.
However, finding the function may prove to be a bit tricky. The Windows DDK may help (check Ntddk.h) - I don't have it available at the moment, and I can't seem to find decisive info right now - I think it's in ntoskrnl.exe or ntkrnlpa.exe, but I'm not sure, and don't currently have the tools to verify it.
You might find it easier to just write a simple C++ app or something that calls the function, and then just running that.
Mind you, I'm assuming that Windows doesn't block you from accessing the function from user-space (.NET might have some special provisions). I have not tested it myself.
I do not know if it really works and I am sure you need Admin rights, but you could set the CrashOnCtrlScroll Registry Key and then use a SendKeys to send CTRL+Scroll Lock+Scroll Lock.
But I believe that this HAS to come from the Keyboard Driver, so I guess a simple SendKeys is not good enough and you would either need to somehow hook into the Keyboard Driver (sounds really messy) or check of that CrashDump has an API that can be called with P/Invoke.
http://support.microsoft.com/kb/244139
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters
Name: CrashOnCtrlScroll
Data Type: REG_DWORD
Value: 1
Restart
I would have to say no. You'd have to p/invoke and interact with a driver or other code that lives in kernel space. .NET code lives far removed from this area, although there has been some talk about managed drivers in future versions of Windows. Just wait a few more years and you can crash away just like our unmanaged friends.
As far as I know a real BSOD requires failure in kernel mode code. Vista still has BSOD's but they're less frequent because the new driver model has less drivers in kernel mode. Any user-mode failures will just result in your application being killed.
You can't run managed code in kernel mode. So if you want to BSOD you need to use PInvoke. But even this is quite difficult. You need to do some really fancy PInvokes to get something in kernel mode to barf.
But among the thousands of SO users there is probably someone who has done this :-)
You could use OSR Online's tool that triggers a kernel crash. I've never tried it myself but I imagine you could just run it via the standard .net Process class:
http://www.osronline.com/article.cfm?article=153
I once managed to generate a BSOD on Windows XP using System.Net.Sockets in .NET 1.1 irresponsibly. I could repeat it fairly regularly, but unfortunately that was a couple of years ago and I don't remember exactly how I triggered it, or have the source code around anymore.
Try live videoinput using directshow in directx8 or directx9, most of the calls go to kernel mode video drivers. I succeded in lots of blue screens when running a callback procedure from live videocaptureing source, particulary if your callback takes a long time, can halt the entire Kernel driver.
It's possible for managed code to cause a bugcheck when it has access to faulty kernel drivers. However, it would be the kernel driver that directly causes the BSOD (for example, uffe's DirectShow BSODs, Terence Lewis's socket BSODs, or BSODs seen when using BitTorrent with certain network adapters).
Direct user-mode access to privileged low-level resources may cause a bugcheck (for example, scribbling on Device\PhysicalMemory, if it doesn't corrupt your hard disk first; Vista doesn't allow user-mode access to physical memory).
If you just want a dump file, Mendelt's suggestion of using WinDbg is a much better idea than exploiting a bug in a kernel driver. Unfortunately, the .dump command is not supported for local kernel debugging, so you would need a second PC connected over serial or 1394, or a VM connected over a virtual serial port. LiveKd may be a single-PC option, if you don't need the state of the memory dump to be completely self-consistent.
This one doesn't need any kernel-mode drivers, just a SeDebugPrivilege. You can set your process critical by NtSetInformationProcess, or RtlSetProcessIsCritical and just kill your process. You will see same bugcheck code as you kill csrss.exe, because you set same "critical" flag on your process.
Unfortunately, I know how to do this as a .NET service on our server was causing a blue screen. (Note: Windows Server 2008 R2, not XP/Vista).
I could hardly believe a .NET program was the culprit, but it was. Furthermore, I've just replicated the BSOD in a virtual machine.
The offending code, causes a 0x00000f4:
string name = string.Empty; // This is the cause of the problem, should check for IsNullOrWhiteSpace
foreach (Process process in Process.GetProcesses().Where(p => p.ProcessName.StartsWith(name, StringComparison.OrdinalIgnoreCase)))
{
Check.Logging.Write("FindAndKillProcess THIS SHOULD BLUE SCREEN " + process.ProcessName);
process.Kill();
r = true;
}
If anyone's wondering why I'd want to replicate the blue screen, it's nothing malicious. I've modified our logging class to take an argument telling it to write direct to disk as the actions prior to the BSOD weren't appearing in the log despite .Flush() being called. I replicated the server crash to test the logging change. The VM duly crashed but the logging worked.
EDIT: Killing csrss.exe appears to be what causes the blue screen. As per comments, this is likely happening in kernel code.
I found that if you run taskkill /F /IM svchost.exe as an Administrator, it tries to kill just about every service host at once.