locked
Callout Driver Requires Reboot When Uninstalled RRS feed

  • Question

  • Hi!

    I have a WFP callout driver that loads at system start. Here's my DDInstall.Services section:

    DisplayName      = %ServiceName%
    Description      = %ServiceDesc%
    ServiceBinary    = %12%\driver.sys
    ServiceType      = 1  ;SERVICE_KERNEL_DRIVER
    StartType        = 1  ;SERVICE_SYSTEM_START
    ErrorControl     = 1  ;SERVICE_ERROR_NORMAL
    LoadOrderGroup   = NDIS
    Dependencies     = TCPIP ;Load immediately after TCPIP.sys

    I'm not setting StartType to SERVICE_BOOT_START (0) since I saw occasions where I was prompted when I installed the driver. Setting StartType to 1 avoids that, although I need to manually start the service (net start x) after the install.

    The problem is that when I uninstall the driver by following the steps described in http://msdn.microsoft.com/en-us/library/windows/hardware/ff554945(v=vs.85).aspx, a message box always is displayed that says a reboot is required. I saw the same behavior with StartType = 0, so I don't believe that my DDInstall.Service section has anything to with this.

    I see this on Windows 7 Ultimate 32-bit, although I haven't tried this on Windows 8 yet.

    Is there a way to avoid a reboot when uninstalling the callout driver?

    Thanks!

    Saturday, February 23, 2013 2:41 AM

All replies

  • Hi,

    Have you unregistered your callouts before unloading?

    From the FwpsCalloutRegister0() documentation "A callout driver unregisters a callout from the filter engine by calling either the FwpsCalloutUnregisterById0 function or the FwpsCalloutUnregisterByKey0 function. A callout driver cannot be unloaded until all of the callouts that were previously registered with the filter engine have been successfully unregistered."

    BR, Antti

    Tuesday, February 26, 2013 6:59 AM
  • Yes, the callouts and filters are all unregistered, and I confirmed that my DriverUnload() function is called. Yet, I still get prompted for a reboot.
    Wednesday, February 27, 2013 12:26 AM
  • This is not really callout specific, as the issue is with your .inf.  Have you looked at the sample Inf provided in the WFPSampler sample (http://code.msdn.microsoft.com/Windows-Filtering-Platform-27553baa#content)?  Can you post the rest of your inf?  esp. the Uninstall sections.

    Thanks,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------


    Wednesday, February 27, 2013 7:53 PM
    Moderator
  • I did look at the .inx from the sample. The only thing that seems different is the StartType, which I set to 1. Also, since my callout does not require registry data, there is no AddReg/DelReg data.

    Also, is class = WFPCALLOUTS and the ClassGuid setting supported on Vista on up?

    Here's my INF which is edited to rename proprietary settings/strings:

    [Version]
    signature    = "$Windows NT$"
    Class  = WFPCALLOUTS
    ClassGuid = {57465043-616C-6C6F-7574-5F636C617373}
    Provider        = %MyProvider%
    CatalogFile =
    DriverVer    =   01/21/2013, 1.0.0.1  ; major.minor.rev.build #

    [DestinationDirs]
    DefaultDestDir  = 12
    MyDriver.DriverFiles = 12  ;%windir%\system32\drivers

    ;
    ; Default install sections
    ;
    [DefaultInstall]
    OptionDesc          = %MyDriverServiceDesc%
    CopyFiles           = MyDriver.DriverFiles

    [DefaultInstall.Services]
    AddService          = %MyDriverServiceName%,,MyDriver.Service

    ;
    ; Default uninstall sections
    ;
    [DefaultUninstall]
    DelFiles   = MyDriver.DriverFiles

    [DefaultUninstall.Services]
    DelService = %MyDriverServiceName%, 0x200 ;SPSVCINST_STOPSERVICE

    ;
    ; Services Section
    ;
    [MyDriver.Service]
    DisplayName      = %MyDriverServiceName%
    Description      = %MyDriverServiceDesc%
    ServiceBinary    = %12%\MyDriver.sys
    ServiceType      = 1  ;SERVICE_KERNEL_DRIVER
    StartType        = 1  ;SERVICE_SYSTEM_START
    ErrorControl     = 1  ;SERVICE_ERROR_NORMAL
    LoadOrderGroup   = NDIS
    Dependencies     = TCPIP ;Load immediately after TCPIP.sys

    ;
    ; Copy Files
    ;
    [MyDriver.DriverFiles]
    MyDriver.sys,,,0x00000040   ; COPYFLG_OVERWRITE_OLDER_ONLY

    ;
    ; String Section
    ;
    [Strings]
    MyProvider        = "My Provider, Inc."
    MyDrvServiceDesc  = "My WFP Callout Driver"
    MyDrvServiceName  = "MyDriver"
    MyDrvRegistry     = "system\currentcontrolset\services\MyDriver"

    Wednesday, February 27, 2013 8:28 PM
  • The Class and class GUIDs are meant for PNP devices.  What's been entered in the sampler doesn't serve much of a purpose other than a form of documentation (indicating that the filterdriver is a WFP callout).

    Everything in the .inf seems fine, which leads me to believe that something still has a reference on your driver when you try to uninstall.  The system detects this, and forces a reboot to get rid of the reference.

    Are you sure you have freed all WFP objects that your driver creates? engineHandles, enum Handles, registered callouts, etc.

    Hope this helps,


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Friday, March 1, 2013 10:39 PM
    Moderator
  • Yes. Like I said earlier, "the callouts and filters are all unregistered, and I confirmed that my DriverUnload() function is called. Yet, I still get prompted for a reboot." If the driver still held resources, I would expect the DriverUnload function would not be called.

    What's interesting is if I set StartType to 3 (SERVICE_DEMAND_START), I don't get the reboot required prompt when I uninstall.

    WRT your point about Class and class GUIDs, chkinf fails the INF if these directives aren't there in the Version section. So, we do need to add them.

    Saturday, March 2, 2013 12:01 AM