none
How do I stop driver from being blocked? RRS feed

  • Question

  • I've written a C program in Windows that uses some precompiled files from WinDivert (http://reqrypt.org/windivert.html). My program uses a .dll from WinDivert and some of the functions in the .dll install the WinDivert.sys driver. There are also a few more files from WinDivert that are a part of this (a .lib, a .inf, and another .dll).

    The problem is that on one of my computers (Windows 8.1 64 bit), everything works perfectly. But, when I try to use the program on my laptop (Windows 8.1 64), my friend's laptop (Windows 7 64), or another Windows 7 64 desktop, something blocks the installation of the driver. I'm unsure what is blocking it or how to stop it from being blocked because on all computers:

    +I'm running on an admin profile

    +Running the program in admin command prompt

    +Tried disabling firewall, anti virus, etc (although it runs fine with these on for the computer that works)

    +As far as I can tell, all my security settings are the same

    +Visual C++ redistributables are installed

    +Note: the driver does have a valid signature.

    Why does the driver install perfectly on one computer, but not on the other three? What could be issue?

    Tuesday, March 4, 2014 12:41 AM

All replies

  • Look at C:\Windows\INF\Setupapi.dev.log

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting.

    Tuesday, March 4, 2014 1:57 AM
    Moderator
  • Brian, thanks for the reply. I will check it out.
    Tuesday, March 4, 2014 4:27 PM
  • Brian, what should I be looking for in the log? I don't see anything about WinDivert.
    Tuesday, March 4, 2014 8:06 PM
  • Post the section of the log where your driver is being installed

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting.

    Wednesday, March 5, 2014 6:24 AM
    Moderator
  • This is the latest entry in the log. I'm not sure if this is the right entry (cntrl+f searched for WinDivert and it returned no results in the log).

    [Boot Session: 2014/03/02 02:59:32.496]

    >>>  [Device Install (DiShowUpdateDevice) - SWD\MSDAS\{CE958E9A-424F-4C88-86F4-11314821E75A}]
    >>>  Section start 2014/03/03 19:55:44.159
          cmd: "C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
         dvi: {DIF_UPDATEDRIVER_UI} 19:55:44.159
         dvi:      No class installer for 'Generic software device'
         dvi:      No CoInstallers found
         dvi:      Default installer: Enter 19:55:44.159
         dvi:      Default installer: Exit
         dvi: {DIF_UPDATEDRIVER_UI - exit(0xe000020e)} 19:55:44.159
         ndv: {Update Driver Software Wizard for SWD\MSDAS\{CE958E9A-424F-4C88-86F4-11314821E75A}}
         ndv: {Update Driver Software Wizard exit(000004c7)}
    <<<  Section end 2014/03/03 19:55:59.613
    <<<  [Exit status: FAILURE(0x000004c7)]

    Wednesday, March 5, 2014 6:32 AM
  • The error code 0x000004c7 is ERROR_CANCELLED: The operation was cancelled by the user.

    Post your INF file

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Wednesday, March 5, 2014 6:49 AM
    Moderator
  • This is the INF file from WinDivert:

    [Version]
    Signature="$WINDOWS NT$"

    [windivert.NT.Wdf]
    KmdfService = windivert, windivert_WdfSection

    [windivert_WdfSection]
    KmdfLibraryVersion = 1.9

    Wednesday, March 5, 2014 7:01 AM
  • Is the WDF 1.9 coinstaller DLL in the same directory as the driver files and INF?

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Wednesday, March 5, 2014 7:11 AM
    Moderator
  • Yes, there is a file named WdfCoInstaller01009.dll in the same folder.
    Wednesday, March 5, 2014 7:18 AM