I was wondering - how do windows driver developers test themselves?
Lets' say I'm debugging a nasty problem in a driver I wrote. I want to be able to constantly add traces and logs, modify small parts of code, etc.
Each time I build a version of my driver and get a .sys file I want to deploy on a test-machine, and have a look at a tool like dbgview to understand what's happening.
AFAIK, in order for the modifications in code to take place, the only way is to reboot the test server.
This is awful! This means I have to wait a long time between making a minor adjustment in code and being.
Is this really the case? Is there no way of telling windows to dynamically reload my driver?
If not - how do windows driver developers work?? Do they constantly reboot their testing servers in order to see if things worked for them?
We are using virtual machines to test and debug drivers. Reverting to snapshot is much faster then rebooting and gives you always the same environment.
Also you can stop and replace your driver if it supports unloading: disable device in device manager or stop the driver using sc stop service_name.
You can also disable/enable host controller in Device Manager.
This does the trick for me:
devcon disable <driver>
devcon enable <driver>
Devcon download here: http://support.microsoft.com/kb/311272
Related
I used to use RWEverything to debug pcie and acpi related issue, to read/write registers etc.
After updating windows build (Windows11 22H2 10.0.22621.755) RWEverything stopped working, and every time I try to started error msg. it now doesn't work at all!
enter image description here
Any help is appreciated, Thanks.
Note: tried reinstalling the app, tried many version of the app. Even tried the portable version of the app no luck.
How to make RWEverything / HW work with latest Windows 11.
One more query (not sure if a separate question thread should be raised)
I tried to disable core isolation by
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios]
"HypervisorEnforcedCodeIntegrity"=dword:0000000
but unluckily, it does not work with registry change, whenever reboot system, and go to core isolation setting (memory integrity) and found it is still enabled.
one day, tried to manually disable it from setting and reboot system. it finally work.
after that, registry control also start working, with 0 to disable and with 1 to enable.
but my question is why previously my setup doe not work?
I really need a way to disable it by registry or other way instead of user manual change from GUI. any suggestions.
OS is:
Win 11 enterprise.
Build 22621.ni_release.220506
To run RW Everything 1.7 on Windows 11 you need to:
Disable "Memory Integrity" feature.
Set to zero this key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CI\Config\VulnerableDriverBlocklistEnable
My hard drive is at 100% in Task Manager.
I disabled Windows Search and Superfetch and hard drive is still at 100%.
I am using Windows 10.
Any suggestions would be helpful.
Update: Task Manager won't show what process is clogging up hard drive at 100%.
Task Manager won't show any processes that use up a lot of percentage of hard drive.
I suggest you see the processes tab and see if any process that might be using maximum read/writes in your hard drive.
Disable Indexing service that sometimes use more resources. Disable any startup process that might be using your system resources.
Windows + R -> Run Menu -> Type: msconfig and see any startup process that you can disable. Disable any program that seems suspicious.
You can try some other repair methods like:
Perform a diskcheck
Reset Virtual Memory
Disable Antivirus Software temporarily
Change the settings in Google & Skype
Fix your StorAHCI.sys driver
Update your device drivers
Win10 100% disk usage
I had the same issue on my WINDOWS 10 system and I tried a lot of things like turning off the search indexing feature of windows but nothing worked using all that. Here is what worked for me. I opened the task manager and found that there was a task with Microsoft Compatibility Telemetry (CompatTelRunner.exe). It is a Windows process that is designed to collect and send usage and performance data to Microsoft. The executable file collects and regularly sends usage and performance information to Microsoft in order to analyze the user experience and improve it. The described file also helps Microsoft to identify compatibility issues and ensure compatibility when installing the latest Windows OS version. However, Microsoft Compatibility Telemetry eats CPU by scanning computer files and check their compatibility with Windows 10 in case an update is initiated.
I simply clicked on End Task for Microsoft Compatibility Telemetry and my disk usage went from 98% to 15% within few seconds. I hope it helps others experiencing the same issue as well.
I had the same issue with windows 10 on Laptop.
I set the windows update service from automatic to manual.
Now i am always under 5%.
Click on administrative tools in control panel
Then click on Services
set windows update to manual.
Had the same problem for months. Desactivated SrTasks.exe and it started working.
However this task is clearly something important, so I think it's not recommanded to stop it.
This is probably a pretty easy question to answer for someone that is experienced with FS minifilters. I am trying to script the removal of a filter driver and device.
Some background... this driver is running on Windows 8/10 x64. The vendor that created the driver has not been helpful in fulfilling my request for a removal tool. Unfortunately their MSI uninstall is buggy and only works about half the time you run it... They want us to upgrade to their newest version that doesn't have the bug we are encountering during uninstallation. We aren't interested in continuing use of this software so a paid upgrade seems frivolous... Their only suggestion has been to reimage the computers without the software that includes the FS minifilter device... That's out of the questions because it is on 1000+ computers...
Basically, their official uninstaller does an API callback to one of their servers and verifies the machines eligibility to uninstall:
Does the MAC address of the primary network adapter exist in their
database?
Does the password you entered for uninstallation match
what is set in their database?
If you are eligible, it runs an MSI uninstallation and disables the FS filter, removes the driver file, service files, configuration, and restarts... The bug that is keeping us from doing a normal bulk removal (their way) is that the MSI freezes during the removal process (after checking eligibility) and requires us to restart a client computer up to 3 times to finish the uninstall.
I have been able to successfully remove the software and device/driver by externally mounting the Windows file system and manually removing the driver file under System32/Drivers and also removing all of the actual program files/services. I have not been able to do this booted onto the same partition where the minifilter is loaded. The minifilter driver that is running is protecting those program files, a registry key, and the actual .sys file under System32...
I've done some basic reverse engineering of their MSI... They are using custom actions to perform the removal... First step is the removal of the service, second step is the removal of the minifilter. Both actions are done via an executable that is packaged in the MSI... I've extracted that and attempted to use it by running the same commands that they do during the MSI... I haven't had any luck. The minifilter just doesn't want to die.
They have some other custom actions that are loaded via DLL. Initial investigation makes me think its all of their custom uninstall eligibility craziness.
It looks like their minifilter doesn't have an unload routine built in. Using FLTMC I get this error attempting to detach and/or unload:
0x801f0010 Do not detach the filter from the volume at this time.
0x801f0014 Do not detach the filter from the volume at this time.
Does anyone know of a good way to unload a minifilter that is throwing those errors?
Try to kick out FltMgr.sys of the kernel by:
Renaming %SystemRoot%\sytem32\drivers\FltMgr.sys
Or changing HKLM\SYSTEM\CurrentControlSet\Services\FltMgr\Type to 0x4 (Disabled)
Reboot
Minifilters can't work without Filter Manager.
If you are desperate enough, look into Windows PE, available as part of the Windows Assessment and Deployment Kit.
A Windows PE image can be remotely installed onto a machine's hard disk and configured to perform whatever task you need done and then automatically reboot back into the original operating system. Doing it this way gives you the same access as externally mounting the infected file system, but can be automated. I've used this approach in the past to automate offline maintenance tasks on several hundred machines (e.g., changing a registry setting that Symantec Endpoint Protection was "protecting") and while getting it working is fiddly, once it is working it works well.
My email address is in my profile, you're welcome to contact me if you decide on this approach and have questions about implementing it.
Alternatively, depending on your jurisdiction and circumstances, you might want to consider threatening the vendor with a lawsuit if they refuse to provide a proper solution. They broke your computers, it should be their job to fix it. From the sounds of it, they wouldn't even need to do any work, just let you have the upgraded version for a few weeks free of charge.
I have an application for Windows XP. This application is deployed with the hardware. The application is the only application that ever runs on these machines. These machines are never connected to the internet. I'm interested in instant-on (or quick-on) options that bypass the Windows XP startup for these machines.
This is similar to Windows XP "hibernation", but not exactly. With hibernation, the memory state is only read from disk once - the very next time the system is turned on. I want a memory state permanently stored to disk, so the system always starts from that same spot every time, regardless of how it was shut down. How can I achieve this?
Sounds like you're looking for the Hibernate Once, Resume Many feature of Windows Embedded.
If you like "hibernation", you may use VMWare.
Install a ArchLinux and VMWare on the host machines.
Prepare your Windows XP as the guest OS.
Customize startup process of the host, let it run VMWare and restore Windows to the snapshot.
Hmmm, the short answer is "not easily!", but one way could be to try playing around with replacing the windows shell with your own application / script that launches your own custom interface / state instead of Explorer as the default. Basically it's done using this reg key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell
Info on this actually seems to be reasonably scarce after doing a quick Google search, but this link below provides a little more detail:
http://www.trap17.com/index.php/how-change-windows-xp-shell_t20367.html
I think if you do a Google Groups search on "Windows XP shell replacement" you might get some more informative results.
You could try installing TweakUI on them, and having them autologin. Once you do that, just add your application to the Start Up menu (or in the registry, under:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Jeff Atwood has a post on this very thing.
We are trying to automate a build of one of our products which includes a step where it packages some things with WISE. At one point WISE pops up a window with a progress bar on it to show how it is doing. If one is connected to the machine with remote desktop the build works fine but if one is not connected the build stalls until you reconnect at which point the window opens and the build progresses. Does anybody know of a work around for this? Some way of tricking windows into believing that there is a desktop session connected?
Sorry for yet another guess - but I had a problem with a wise installer locking up. It was because WISE had installed a "font" and so broadcast a "system config changed" message. My DELL had a Dell utility running on it that had a message queue it wasn't reading from so the broadcast locked up the installer. WISE made a new version for me that did an async broadcast instead to fix the problem. It's possible that there's an app on your system that doesn't bother reading its msg queue when there is no desktop.
Finally the answer: check you have the latest patches for your WISE installer. In particular, look for patches that fix lock-ups related to the windowing system.
What version are you using? Looking at the feature set, it looks like their "std" version might be limited. Perhaps unattended installs require the Pro version?
That's just a guess....
Regardless, I wonder whether you could simply code up an auto-run task for the box that calls
CreateDesktop to pretend there's an interactive login?
I found a CreateDesktop example
that's about desktop switching, and an example about unattended installs -- you might be able to use one of them as a starting point to "fake out" WISE :)
It might be worth a try...