I am trying to build a utility to export an installed printer driver from a Windows machine. All is well and good on Vista and higher, because the InfPath entry in the driver's registry key points at the INF file. However, on previous versions of Windows, this doesn't exist.
Sometimes I can find the INF file for a printer by scanning C:\Windows\Inf, but this is generally only true of drivers that are part of Windows.
What is done with the INF file after a printer driver is installed? Is it even saved? Is it realistic to reconstruct it programmatically?
It isn't saved, the INF is just used to install the driver and to give it a meaningful name
"My device driver" in the registry. There is no way to reconstruct it, but if the driver is simple enough, you may be able to rewrite an INF that will allow it to install, there is plenty of information about the format of INF files on google. I have done this before for devices that have different manufacturers but share the same chipset by changing the device ID string in the INF file.
The INF files that are in C:\Windows\Inf are just for installing the set of drivers that ship with Windows.
Related
I am developing WinPcap, a NDIS Light-Weight Filter driver. In order to capturing loopback packets, I have also made a Windows Filtering Platform (WFP) callout driver. And I have integrated these two parts together in one driver binary. But the new driver cannot run when system get restarted.
For now, I just abandoned the WFP callout INF file, and only used the NDIS filter INF to install this integrated driver (I don't know how to use two INF files for one driver binary), it can be installed with no problem and works fine (I mean I can capture loopback packets via WFP). But when the system restarted, the driver won't be loaded, and when I run "net start npf" (npf is the driver service name), it says:
C:\Windows\system32>net start npf
System error 2 has occurred.
The system cannot find the file specified.
Then I commented all WFP code and lib imports (fwpkclnt.lib and uuid.lib) in my driver, the driver runs good after restarted. So the WFP callout INF missing thing should be the cause. But I don't know how to write the INF file for this new driver.
1) How to install this driver mixed with NDIS filter and WFP callout? I know that NDIS filter uses INetCfg API to install and WFP callout can be installed by right-clicking the inf file and choosing "install" (I don't know its programmatical way). These two methods seem to be different.
2) How to write the INF file, especially the Device Setup Class? NDIS filter's class is NetService, but WFP callout's is WFPCALLOUTS. Can I specify two classes in one INF file? Or I should provide two INF files? What if I don't provide the right INF file? Like I provide the INF file with NetService class only, will the WFP callout part work?
My NDIS filter INF file is like:
[version]
Signature = "$Windows NT$"
Class = NetService
ClassGUID = {4D36E974-E325-11CE-BFC1-08002BE10318}
CatalogFile = npcap.cat
Provider = %Insecure%
DriverVer=05/15/2015,14.48.38.905
And the WFP callout is like:
[Version]
Signature = "$WINDOWS NT$"
Class = WFPCALLOUTS
ClassGuid = {57465043-616C-6C6F-7574-5F636C617373}
Provider = %LBTest%
CatalogFile = LBTest.cat
Thanks!
I have solved this problem. The answer is:
provide two INFs, one for LWF and one for WFP callout.
install the same binary twice: install the binary using WFP callout way first, then install the binary using LWF way. Uninstallation should be reversed.
The code is already working, see here: https://github.com/nmap/npcap
Based on what I read here, in order to install CF version 2 on my handheld device, I should copy over one of the cab files here:
...but which one?
The device in question is a Symbol 3090, which currently has only CF version 1.0.3316.00 (1.0 SP2) installed. The OS version of the device is 05.00.1400
The device CPU is presumably 'ARMV4I' as a similar device (Motorola 3190) says that it is equipped with such.
UPDATE
Based on what I see here when I click "this link" here:
-- OR -- If you have Windows Mobile 5 or newer on your device, click this link and save the file to the desktop of your computer.
...it seems "NETCFv2.wm.armv4i.cab" is probably the best choice.
Any refutations?
UPDATE 2
I copied the file I reckoned to be the one, and clicked it on the device, but:
What in Sam L. Clemens' illustrious memory is going on here?!?
UPDATE 3
I then copied over the other file from the link above, which was slightly different (2.12MB as opposed to 2.14MB, for one thing), and tried to run it, and got the same err msg as above.
UPDATE 4
Trying to install from the last link, I see:
UPDATE 5
Actually, it turns out that what I might really need is to install CF version 1 after a cold boot of the device...but I don't know if version 1 of CF is still available. That's the only version the existing .exe will run on, but my PC only has cab files for versions 2 and 3.5...???
UPDATE 6
In the most recent version of the .exe (builds and compiles, but won't run on either device), it has three, count 'em three mscorlibs in its References area; the versions are:
1.0.5000.0
2.0.0.0
3.5.0.0
They all have the same public key token (the same as shown in the screen shot)
The only other multi-reference is System, which has both version 2 and 3.5
AND, below System.Xml, there are three coredll.dlls, albeit spelled differently:
coredll.dll
CoreDll.dll
CoreDll.DLL
(no info for any of them...???)
UPDATE 7
I copied NETCFv2.wce4.ARMV4.cab to the 3090.
I 2-clicked it on the device, but got this:
And so, I retreated (selected "No").
Thus continue unabated the travails of an accidental handheld developer.
UPDATE 8
The project is set to Framework Version == v2.0, Platform == Windows CE, Target Device == Windows Mobile 6 Classic Emulator (one of the few emulator choices I have), and the output shows that it is ARMV4i that is being deployed:
Deploying '%CSIDL_PROGRAM_FILES%\Microsoft SQL Server Compact Edition\v3.5\Devices\wce500\ARMV4i
\sqlce.ppc.wce5.armv4i.CAB'
Deploying '%CSIDL_PROGRAM_FILES%\Microsoft SQL Server Compact Edition\v3.5\Devices\wce500\ARMV4i
\sqlce.repl.ppc.wce5.armv4i.CAB'
Deploying '%CSIDL_PROGRAM_FILES%\Microsoft SQL Server Compact Edition\v3.5\Devices\wce500\ARMV4i
\sqlce.dev.enu.ppc.wce5.armv4i.CAB'
Deploying 'C:\Program Files (x86)\Motorola EMDK for .NET\v2.8\SDK\Smart Devices\wce500\armv4i\symbol.all.arm.cab'
And when I run the .exe in the emulator, it fails with, "Error - An unexpected error has occurred in Platypus.exe
Select Quit and restart this program, or select Details for more information.
This application requires a newer version of the MS .NET Compact Framework than the version installed on this device."
Selecting the "Details" button augments the mental anguish with, "TypeLoadException
This application requires a newer version of the MS .NET Compact Framework than the version installed on this device."
Assuming your are using the WinCE 4.2 version of the 3090 (it comes in 4.2 and 5.0), you should proceed with the install using NETCFv2.wce4.ARMV4.cab. "The program is not compatible..." message is a warning only, and not a very smart one. There is even a way to edit the cab to remove that warning if you wanted to, though my memory fails me on the exact way to do it. I've had to do it to allow a silent install before (otherwise the nag screen gets in your way).
First you need to figure out what version of CE you are running. You can find this by going to System Properties. Also while you are in System Properties note what processor you are running ( arm, mips ...). If you are running windows ce 4.2 or higher you will pick a cab file out of the wce400 folder. If you are running windows CE 5.0 or higher you will pick a cab file out of the wce500 folder. Note you can't install .net 2.0 on windows ce 4.1 or lower, according to Microsoft documentation, however, I have noticed that the minimum version setting on the cab files is 4.0, so you might be able to hack it.
Like I said before on also the System Properties page is the type of processor you are using. From that select the appropriate sub-folder in either wce400 or wce500. In most of the folders for each processor there should be only one cab file. If there is more than one cab file see if the file name contains wm for windows mobile, wce for windows ce, or ppc for pocket PC and pick the one most appropriate for you.
You can also take the guess work out of this whole process by creating an ini file with the fallowing text and using ceappmgn.exe to pick and install the right cab file for you.
[CEAppManager]
Version = 1.0
Component = NETCF
[NETCF]
Description = .NET Compact Framework v2.0
CabFiles=wce400\armv4\NETCFv2.ppc.armv4.cab,wce400\armv4\NETCFv2.wce4.ARMV4.cab,wce400\mipsii\NETCFv2.wce4.MIPSII.cab,wce400\mipsiv\NETCFv2.wce4.MIPSIV.cab,wce400\sh4\NETCFv2.wce4.sh4.cab,wce400\x86\NETCFv2.wce4.x86.cab,wce500\armv4i\NETCFv2.wm.armv4i.cab,wce500\mipsii\NETCFv2.wce5.mipsii.cab,wce500\mipsiv\NETCFv2.wce5.mipsiv.cab,wce500\sh4\NETCFv2.wce5.sh4.cab,wce500\armv4i\NETCFv2.wce5.armv4i.cab
how to get harddrive serial number(not the volume # wich change at each reinstall of windows) in C or asm, without wmi (cause wmi required admin right). Any clue would be helpfull cause right now i found nothing on web in C without wmi, in dayss of searching... Thank you.
EDIT : For windows system
Please try my open source tool, DiskId32, which also has the source code at http://www.winsim.com/diskid32/diskid32.html . I only have an Win32 version at this time. Maybe some day I will add a Win64 version.
Hard drive serial number and other information about the harddrive like firmware version, etc. can only be obtained using SMART as far as I know and that requires special ioctls to the the block device node (/dev/sda or /dev/sdb) which is usually not available to a regular user.
I know there is a tool called smartctl which does exactly this:
sudo smartctl -i /dev/sda
Similar tools exist (hdparm, lshw, etc.) as well.
As far as trying to figure it out this info without being a privileged user, it might be possible only if it is exposed via /proc or /sys which I highly doubt is being done in the current SATA block device drivers.
I'm new in kernel mode world. I've tried to write a simple "hello world" driver in a Windows 7 virtual machine, I'm using WDK 7600.16385.1 -> x86 Free Build Environment for compilation, when it does, the generated driver is a .sys file extension, so I'd like to know if is possible to set up the compiler to generate an .exe file, so thereby a user can run it by double-clicking the executable.
I thought that perhaps, when I install some driver and the "setup" is a .exe file, in fact it isn't really the driver, it is a program that installs the driver (in .sys extension) on your computer, so the .exe file is just the installer and not the driver itself. But I am not sure if this is true.
If you could give me some information about generating a driver for Windoes, I'll be eternally grateful!
Thanks in advance!
The .exe files you're looking at are, indeed, installers. There are a number of tools available for creating installers; NSIS is one of the more popular options.
.exe marks executable files for Windows user mode. The format of user mode and kernel mode "executables" differs a lot. In particular, there is no such thing as user running the kernel executible. Kernel drivers aren't directly accessible to user mode; communication is allowed only via OS-defined interfaces, i.e. user-mode component must perform a dedicated OS call which will be routed to the kernel component by the OS. There are many more differences between kernel and user modes but this particular one explains why running kernel driver by user isn't possible (and shouldn't be).
As for your second question, yes, these .exe files are installers.
I have a Program.exe that I need to intercept. That specific program uses CreateFile & ReadFile, however I need to intercept ReadFile function.
I thought about writing my own File System Filter MiniDriver.
I found this link by Googling: http://msdn.microsoft.com/en-us/library/ff551862(v=vs.85)
It seems that is the correct way to do this. However last time I did any driver development, I remember that >= VISTA did not allow drivers to be installed easily. You needed to acquire "Signed" priviledge from Microsoft(you had to pay).
My question is that, can I create Simple File System Filter Driver for my USB stick and intercept any readings from ReadFile()? All I want to do is to allow ReadFile by a specific process.
1) I need this legally
2) I need to avoid unsigned drivers, so the driver would always work.
Will one minifilter driver work for every OS starting from XP?!
Prohibit of loading unsigned drivers is exist only on x64 versions of windows >= vista
On x64 versions you can
1) Switch to test mode to turm off this restriction
2) Add test sertificate as root to certificate storage
But if you want distribute this driver you must bay certificate.
Yes, minifilter is the preferred way for this. You can intercept system calls/IRPs and allow-deny any of them depending upon your criteria.
Also, same driver code can be used for multiple OSes, however you need to build for specific Os.
WDK 7 can be used to build drivers from XP to Windows 7.
Also, as izlesa suggested, you need to sign for x64 windows higher than vista.