How to debug a Windows kernel driver properly? - c

I'm trying to set up the environment of Windows VM for debugging a kernel driver.
I created a sample of kernel driver in Visual Studio 2017. File->New Project->Kernel Mode Driver (basic project; just for testing - autogenerated trace macro, required procedures, etc.) and want to test it on the target machine.
There are my steps (target machine):
Install Windows 10 to a virtual machine (VirtualBox);
Turn on Test mode and set BCDEdit as local;
Install WDK;
Download OSR Loader;
Copy files after a building to a VM (C:\DriverTest\TestKernelDriver2\; .cer, .inf, .pdb, .sys);
Create traces folder; C:\DriverTest\TestKernelDriver2\traces\
Install the cerificate - TestKernelDriver2.sys; (Sign mode: Test Sign)
Run OSR Driver Loader, choose the driver, press Register service (Success).
Run tracelog with params (GUID was generated by templates; no via Tools->Create GUID) - success:
tracelog -start TestKernelDriver2 -guid #0f4fbb98-1569-495b-88d1-f654b1e2d68e -f C:\DriverTest\TestKernelDriver2\traces\trace.etl -flag 2 -level 0xFFFF
Check C:\DriverTest\TestKernelDriver2\traces\trace.etl; (exist - 64KB size)
OSR Driver Loader: press Start Service (fail). Error message: The specified procedure could not be found.
Stop tracelog - success:
tracelog -stop TestKernelDriver2
Open Event Viewer. Windows logs->System. The last error:
The TestKernelDriver2 service failed to start due to the following error:
The specified procedure could not be found.
Details:
EventData
param1 TestKernelDriver2
param2 %%127
54006500730074004B00650072006E0065006C0044007200690076006500720032000000
Open C:\DriverTest\TestKernelDriver2\traces\trace.etl via Event Viewer and don't see any logs.
How can I find out what is procedure was missed?
I tried to investigate it via Dependency Walker and revealed that some .sys files are missed (WppRecorder.sys, WdfLdr.sys, msrpc.sys, EXT-MS-WIN-###.DLL). These filed are located in C:\Windows\System32\drivers. I copied the files to C:\Windows\System32 and Dependency Walker calmed down. What about EXT-MS-WIN-*.DLL - I read in this topic that these files can be missed.
Thanks to #magicandre1981. I installed my driver via PnPUtil. But now, I see it in the list of pnputil /enum-drivers command.
But when I run the following commands in WinDbg, I don't see my driver in the list:
!load wdfkd.dll
!wdfkd.wdfldr
I'm trying to make steps of Session 1 from this Microsoft ttutoriall.

I found the solution via tracefmt generator and TraceView application.
Step 0: Generate tmf file by command:
tracefmt С:\TestDriver\TestKernelDriver2\TestKernelDriver2.etl -i С:\TestDriver\TestKernelDriver2\TestKernelDriver2.sys -r С:\TestDriver\TestKernelDriver2\TestKernelDriver2 -p С:\TestDriver\TestKernelDriver2\tmfs -o С:\TestDriver\TestKernelDriver2\TestKernelDriver2.txt -v
Step 1: Create Session in TraceView:
File -> Create New Session. Fill Manually Entered Control GUID. (0f4fbb98-1569-495b-88d1-f654b1e2d68e)
Step 2: Choose Source of WPP Format Information (Set TMF Search Path option) and fill path: C:\DriverTest\TestKernelDriver2\tmfs
Step 3: Next, fill Log Session Name and Real-Time Display is checked. Finish.

Related

KNIME Command Line Execution - ClassNotFoundException

I'd like to schedule a KNIME workflow. The workflow does its job very good as long as I start it from the KNIME GUI application. When I execute the same workflow via command line, java complains that com.microsoft.sqlserver.jdbc.SQLServerDriver
could not be found (ClassNotFoundException).
I invoke it via:
"D:\Progamme\KNIME\knime.exe" -nosplash -application -consoleLog org.knime.product.KNIME_BATCH_APPLICATION -preferences="absolutepathto\preferences.epf" -workflowDir="absolutepathto\workflow"
Since the error message signals missing content in the java CLASSPATH I also tried to add the parameters
-vmargs -classpath .;"absolutepathto/sqljdbc42.jar"
But still I earn a java slap, pointing to the same error...
I also tried to run the command from within the knime.exe's directory and I also tried to add the JAR file to Preferences -> Java -> Build Path -> Classpath Variable / User Libraries (referenced via the -preference argument). But that had no effect.
Did anybody face the same problems? Maybe with other third party JARs?
It is all about a Database connector that is configured like this:
Does the integrated security maybe force a misleading error?
System spec: KNIME 3.2.2 on Windows Server 2008 R2
Update - extract from preferences file
/configuration/org.eclipse.core.net/org.eclipse.core.net.hasMigrated=true
/configuration/org.eclipse.ui.ide/MAX_RECENT_WORKSPACES=10
/configuration/org.eclipse.ui.ide/RECENT_WORKSPACES=<list of some workspaces>
/configuration/org.eclipse.ui.ide/RECENT_WORKSPACES_PROTOCOL=3
/configuration/org.eclipse.ui.ide/SHOW_RECENT_WORKSPACES=false
/configuration/org.eclipse.ui.ide/SHOW_WORKSPACE_SELECTION_DIALOG=true
Is there maybe a problem due to the fact that it is a shared KNIME instance among several users and the command line execution does not know which workspace has to be chosen? Is the workspace somehow needed and why?
Partial Solution:
I finally managed it but I don't know exactly why it works now. What I did was to load a fresh portable version of KNIME and ran the same commands only changing the executable path to the new portable version. Before that I started the portable version once to set the workspace directory and register the database driver in preferences dialog and .ini file, nothing else, same configuration so far as the shared KNIME instance. What I am really wondering abpout is that from now on the commands are also working with the shared KNIME instance. I really don't know what caused the change that let KNIME find the driver class.
Info
Because I encountered a few more problems within shared environment in KNIME command line mode, that led to undeterministic execution results, I wrote a little .NET library. This gives me more flexibility/control over the workflow execution (which returncodes and error messages occured and so on). You can find it here if you're interested: KnimeNet
I took a very minimal approach:
cd "C:\Program Files\KNIME"
.\knime -nosplash -noexit -consoleLog -reset -application org.knime.product.KNIME_BATCH_APPLICATION -workflowFile="D:\Work\Knime Workflows\Output\CMD_Test.knwf" -preferences="D:\Work\Knime Workflows\Output\CMD_Test.epf"

Mesosphere installation PermissionError:/genconf/config.yaml

I got a Mesosphere-EE, and install on fedora 23 server (kernel 4.4)with:
$bash dcos_generate_config.ee.sh --web –v
then output:
Running mesosphere/dcos-genconf docker with BUILD_DIR set to/home/mesos-ee/genconf
Usage of loopback devices is strongly discouraged for production use.Either use `--storage-opt dm.thinpooldev` or use `--storage-opt
dm.no_warn_on_loop_devices=true` to suppress this warning.
07:53:46:: Logger set to DEBUG
07:53:46:: ====> Starting DCOS installer in web mode
07:53:46:: DCOS Installer v1
07:53:46:: Starting server ('0.0.0.0', 9000)
Then I start firefox though vnc, the vnc is on root. then:
07:53:57:: Root page requested. 07:53:57:: Serving/usr/local/lib/python3.4/site-packages/dcos_installer/templates/index.html
07:53:58:: Request for configuration type made.
07:53:58::Configuration file not found, /genconf/config.yaml. Writing new onewith all defaults.
07:53:58:: Error handling request
PermissionError: [Errno 13] Permission denied: '/genconf/config.yaml'
But I already have a genconf/config.yaml, it look like:
bootstrap_url: http://<bootstrap_public_ip>:<your_port>
cluster_name: '<cluster-name>'
exhibitor_storage_backend: zookeeper
exhibitor_zk_hosts: <host1>:2181,<host2>:2181,<host3>:2181
exhibitor_zk_path: /dcos
master_discovery: static
master_list:
- <master-private-ip-1>
- <master-private-ip-2>
- <master-private-ip-3>
superuser_username: <username>
superuser_password_hash: <hashed-password>
resolvers:
- 8.8.8.8
- 8.8.4.4
I do not know what’s going on. If you have any idear, please let me know, thank you very much!
Disable Selinux!
Configure SELINUX=disabled in the /etc/selinux/config file and then reboot!
Be ensure the selinux is disabled by the command getenforce.
$ getenforce
Disabled
zhe.
Correctly installing the enterprise edition depends on the correct system prerequisites. Anyway I suppose you're still on the bootstrap node so I will give you some path to succed in your current task.
Run the script as root or as a user issuing sudo dcos_generate_config.ee.sh
The script will also generate the config file automatically; if you want to use your own configuration file then create a folder named genconf and put it inside before running the script. You should changes the values inside <> with your specific configuration. If you need more help for your specific case send me an email to infofs2 at gmail.com

How to setup the proxy info in yypkg for sherpa.exe when installing Win-builds Project

I am trying to install the latest GCC compiler on windows 7 by using "Win-builds Project". Since the company I am working for has proxy. When I run the command win-install.bat. I got an error:
http://win-builds.org/1.3.0/packages/windows_64/package_list.el:
2014-02-21 11:39:44 ERROR 407: Proxy Authentication Required.
In the batch file, I found code:
yypkg -init
yypkg -config -setpreds host=%_YY_ARCH%-w64-mingw32
yypkg -config -setpreds target=%_YY_ARCH%-w64-mingw32
sherpa -set-mirror http://win-builds.org/1.3.0/packages/windows_%_YY_BITS%
I think the yypkg.exe does the initialization work and configs sherpa and let sherpa.exe to download and install files.
My question is how can config yypkg my username and password? I did google search, but I cannot find any info about yypkg nor how to config sherpa.
[enter code here][1]Proxy set up can be done via command line
How can I set a proxy server for gem?
set http_proxy=http://your_proxy:your_port
set http_proxy=http://username:password#your_proxy:your_port
set https_proxy=https://your_proxy:your_port
set https_proxy=https://username:password#your_proxy:your_port
These command snippets need to be entered on 'cmd.exe', and before running the wget, to download files manually via portable wget as described on page:
http://win-builds.org/doku.php/download_and_installation_from_windows
few IMPORTANT Pointers, after the packages have been downloaded manually, and running the 'yypkg-1.5.0.exe'
At first the Application UI is unresponsive, DO NOT CLOSE IT
After some time, change mirror dialog appears where you would need to type/paste the Local folders location(this is the folder where files were downloaded manually)
Local folder path needs to be similar to the following where 'package_list.el.tar.xz' file resides.
file:///C:/usr/MinGW/1.5.0/packages/windows_64
after that all works fine

Getiing error message 'Failed Installing JBAS50SVC' whle running service.bat file in Windows 7

I need to run Jboss 7 as service.
Followed these steps :-
Copied my Jboss to C:\Program Files <86>
Downloaded Jboss-native-2.0.10-windows-x64-ssl and copied the contenst of bin catalog to %JBOSS_HOME%/bin
Changes done on service.bat as per link instructions
https://community.jboss.org/message/724488
Changed my dir location to my Jboss bin
and given command service.bat install
C:\Program Files \jboss7>bin>service.bat install
Failed installing JBAS50SVC
Access is Denied.
Service JBoss Application Server 7.1.1 installed.
I'm not able to rectify this problem .
It appears to be windows access issue.
Try the following:
Does the windows ID you are using have Administrator privileges? If no, get a Admin ID else if Yes, proceed to step 2.
Try to do the same but in some other drive (not c: )
UPDATE #1 : OP says he can not see the output of service.bat file
Follow the following steps
Open start menu
Search for "cmd"
Right click "cmd" and run as Administrator
type in following command
cd C:\Program Files \jboss7\bin
Type service.bat and observe the output
On a 2008 Windows Server this occurs because you're not running the command line as an administrator. Those of us who have spent considerable amounts of time on 2003 server, and others before that, keep forgetting that your logged in ADMIN level account does NOT get passed to the command line automatically like with previous versions of Windows.
With any additional errors, past this one, I would keep going back to the service.bat file and looking at the path statements, throughout that file, to ensure that they are all correct to reach what is correct for your installation.
Also, don't forget to create a log folder under standalone (unless you're doing a domain install). Failure to do that will also cause issues as well.
yoda

How to install Crystal Reports for .Net 3.5 Winforms application

We have a VB.Net Winforms (x86) application that uses the freely redistributable version of Crystal Reports. Although the application works fine on my test machine, when installing on a client's machine and trying to print a report from the application, the error: The system cannot find the file specified. File name: 'CrystalDecisions.CrystalReports.Engine ... is displayed.
The inno-setup includes the CR redistributable "CRRedist2008_x86.msi" which was installed by the client during the installation. (We also tried running the "CRRedist2008_x64.msi" but received an "unsupported processor type" error).
I have read about Merge Modules that are prerequisites for .NET 1/2 (VS 2002/2005), but cannot find any useful information related to .NET 3.5 and am wondering if these files are still required and how to package and deploy them if they are in fact needed.
Any guidance on how to resolve this installation issue is much appreciated.
Edit
The Inno-Setup contains the following command that checks to see if CR is installed and if not the MSI is launched from the final setup form:
[Run]
Filename: "{app}\CRRedist2008_x86.msi"; Description: "Crystal Reports"; Flags: nowait postinstall skipifsilent; Check: EnsureCrystalReports105Installed();
The problem is that you are not actually executing the MSI file. You can see this by running your installer with /LOG and reviewing the resulting log file.
This is because MSI files cannot be directly executed -- they're data files, not programs.
To resolve this, you need to run msiexec instead, passing the MSI file as a parameter; eg.
[Run]
Filename: {sys}\msiexec.exe; Parameters: "/i ""{app}\CRRedist2008_x86.msi"""; ...
You should review the command line parameters accepted by msiexec and properties accepted by the MSI file to see if you want to do something different, eg. running the install silently instead of interactively.
Also, running it as postinstall is fine if this component is optional for your application and it can gracefully handle it not being installed. If this is not the case then you should treat it as a prerequisite instead and always install it via PrepareToInstall.

Resources