none
PSHED Plugin help RRS feed

  • Question

  • Hi, I'm building a PSHED Plugin and I just want to get notified of any hardware errors. I put the DeviceID in the .inf file as "ACPI\PSHEDPI" as is shown in the sample INF file code online (https://msdn.microsoft.com/en-us/library/windows/hardware/ff559394%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396). I also put a compatible ID as PNP0C33,  like this:

    [Company.NTAMD64]

    %DeviceDesc%=[DefaultInstall], %DeviceId%, %CompatId%

    [Strings]

    DeviceId = "ACPI\PSHEDPI"

    CompatId = "PNP0C33"

    I always get the same error: [SC] StartService FAILED 1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    I tried modeling mine after an HP PSHED Plugin I found on the web, but that didn't work either. That PSHED Plugin didn't specify a device at all. 

    What Device ID or Compatible ID should I be using if I just want to see all errors from all devices?

    Thanks,

    Jess Howe

    Friday, April 3, 2015 12:55 PM

Answers

  • You misinterpreted the MSDN docs. The DeviceID *CAN* be ACPI\PSHEDPI, not *MUST* be. You must use the device and compatible IDs for your device

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Friday, April 3, 2015 6:55 PM
    Moderator

All replies

  • You misinterpreted the MSDN docs. The DeviceID *CAN* be ACPI\PSHEDPI, not *MUST* be. You must use the device and compatible IDs for your device

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Friday, April 3, 2015 6:55 PM
    Moderator
  • I want to be notified of any hardware errors by any "Microsoft-compatible hardware error device" as is described in the documentation. The documentation says that if I specify PNP0C33, any device that is Microsoft compatible should fit the bill and be identified and attached to my PSHED Plug-in, right? Shouldn't that include most hardware controllers for Intel and AMD buses and bridges?

    Thanks,

    Jess Howe

    Friday, April 3, 2015 7:06 PM
  • Yes, you can use PNP0C33 as a compatible ID, but not the ACPI hardware ID unless you have that device in your ACPI namespace. You may have other issues with your INF file. Post it here, and I'll take a look at it

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Friday, April 3, 2015 7:10 PM
    Moderator
  • I tried omitting the Device ID, but got the same error. Here's the full INF code:

    ------------------------------------------------------------------------------
    [Version]
    Signature = "$Windows NT$"
    Provider = %Msft%
    CatalogFile = "PSHEDPlugin.cat"
    DriverVer=04/01/2015,10.6.12.100

    [SourceDisksNames]
    1 = %DiskName%,,,

    [SourceDisksFiles]
    PSHEDPlugin.sys = 1,,

    [DestinationDirs]
    DefaultDestDir = 12 ; %SystemRoot%\system32\drivers

    [Manufacturer]
    %Msft% = Microsoft,NTAMD64

    [Microsoft.NTAMD64]
    %DeviceDesc% = PSHEDPluginInstall,,%CompatId%

    [DefaultInstall]
    OptionDesc = %Description%
    CopyFiles = PSHEDPlugin.DriverFiles
    AddReg = PSHEDPlugin.AddReg

    [DefaultInstall.Services]
    AddService = %ServiceName%,,PSHEDPlugin.Service

    [PSHEDPluginInstall]
    OptionDesc = %Description%
    CopyFiles = PSHEDPlugin.DriverFiles
    AddReg = PSHEDPlugin.AddReg

    [PSHEDPluginInstall.Services]
    AddService = %ServiceName%,,PSHEDPlugin.Service

    [PSHEDPlugin.DriverFiles]
    PSHEDPlugin.sys;,,,0x00000040 ; COPYFLG_OVERWRITE_OLDER_ONLY

    [PSHEDPlugin.AddReg]
    HKLM,%PSHEDControlPath%,%ServiceName%,0x00000000,%FileName%

    [PSHEDPlugin.Service]
    DisplayName = %ServiceName%
    Description = %ServiceDesc%
    ServiceType = 1  ; SERVICE_KERNEL_DRIVER
    StartType = 3    ; SERVICE_DEMAND_START
    ErrorControl = 1 ; SERVICE_ERROR_NORMAL
    ServiceBinary = %12%\PSHEDPlugin.sys

    [Strings]
    Msft = "Microsoft Corporation"
    DiskName = "PSHED Plug-In Installation Disk"
    FileName = "PSHEDPlugin.sys"
    DeviceDesc = "PSHED Plug-In Device"
    DeviceId = "ACPI\PSHEDPI" 
    CompatId = "PNP0C33"
    Description = "PSHED Plug-In"
    ServiceName = "PSHEDPlugin"
    ServiceDesc = "PSHED Plug-In"
    PSHEDControlPath = "System\CurrentControlSet\Control\PSHED\Plugins"

    -----------------------------------------------------------------------

    I basically leveraged the sample INF as much as I could.

    Thanks for your help!

    Jess Howe

    Friday, April 3, 2015 7:19 PM
  • Wow, there's lots wrong with this INF file. Take a look at ERRDEV.INF on your system, and model your INF file after it, but remove the ControlFlags section. By the way, you aren't Microsoft, so you shouldn't claim to be Microsoft in your INF file.

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Friday, April 3, 2015 7:27 PM
    Moderator
  • Brian,

    Thanks again for taking the time to help me with this. I'll definitely not release anything that has Microsoft's name in it; this is just pre-alpha code. I'll give errdev.inf a shot and get back to you.

    Thanks,

    Jess

    Friday, April 3, 2015 7:37 PM
  • Brian,

    I'm getting the same results with the errdev.inf as my model. This is what I came up with:

    -------------------------------------------

    [Version]
    Signature = "$Windows NT$"
    Provider = %Msft%
    CatalogFile = "PSHEDPlugin.cat"
    DriverVer = 03/19/15,1.0
    Class = System
    ClassGuid = {4d36e97d-e325-11ce-bfc1-08002be10318}

    [SourceDisksNames]
    1 = %DiskName%

    [SourceDisksFiles]
    PSHEDPlugin.sys = 1

    [DestinationDirs]
    DefaultDestDir = 12 ; %SystemRoot%\system32\drivers

    [Manufacturer]
    %Msft% = Microsoft,NTamd64

    [Microsoft.NTamd64]
    %*pnp0c33.DeviceDesc% = PSHEDPluginInstall,*pnp0c33
    %*pnp0c33.DeviceDesc% = PSHEDPluginInstall,pnp0c33

    [PSHEDPluginInstall.NT]
    CopyFiles = PSHEDPluginCopyFiles

    [PSHEDPluginCopyFiles]
    PSHEDPlugin.sys,,,0x100

    [PSHEDPluginInstall.NT.Services]
    AddService = PSHEDPlugin,%SPSVCINST_ASSOCSERVICE%,PSHEDPlugin.Service

    [PSHEDPlugin.Service]
    DisplayName = %ServiceName%
    Description = %ServiceDesc%
    ServiceType = 1  ; SERVICE_KERNEL_DRIVER
    StartType = 3    ; SERVICE_DEMAND_START
    ErrorControl = 1 ; SERVICE_ERROR_NORMAL
    ServiceBinary = %12%\PSHEDPlugin.sys
    LoadOrderGroup = Extended Base

    [Strings]
    Msft = "Microsoft Corporation"
    DiskName = "PSHED Plug-In Installation Disk"
    FileName = "PSHEDPlugin.sys"
    DeviceDesc = "PSHED Plug-In Device"
    Description = "PSHED Plug-In"
    ServiceName = "PSHEDPlugin"
    ServiceDesc = "PSHED Plug-In"
    *pnp0c33.DeviceDesc = "MS HW Error Device"

    ; non-localizable strings
    SPSVCINST_TAGTOFRONT   = 0x00000003
    SPSVCINST_ASSOCSERVICE = 0x00000002
    SERVICE_KERNEL_DRIVER  = 1
    SERVICE_BOOT_START     = 0
    SERVICE_SYSTEM_START   = 1
    SERVICE_DEMAND_START   = 3
    SERVICE_ERROR_NORMAL   = 1
    SERVICE_ERROR_IGNORE   = 0
    SERVICE_ERROR_CRITICAL = 3
    REG_EXPAND_SZ          = 0x00020000
    REG_DWORD              = 0x00010001
    REG_SZ                 = 0x00000000

    -----------------------------------------------------------------------

    I know I'm not MS, but I'm just trying to get this to work for now. I'll fix names later. Thanks for your time Brian.

    Regards,

    Jess Howe

    Friday, April 3, 2015 8:04 PM
  • Go to the end of your Windows\INF\SetupAPI.Dev.log file and post the section relating to your attempted install

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Friday, April 3, 2015 8:49 PM
    Moderator
  • Brian,

    Here it is:

    ----------------------------------------------------------

    >>>  [Device Install (DiInstallDriver) - C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.inf]
    >>>  Section start 2015/04/03 15:52:33.961
          cmd: "C:\WINDOWS\System32\InfDefaultInstall.exe" "C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.inf"
         inf: {SetupCopyOEMInf: C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.inf} 15:52:33.963
         sto:      {Setup Import Driver Package: C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.inf} 15:52:33.965
         inf:           Provider: Microsoft Corporation
         inf:           Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
         inf:           Driver Version: 03/19/15,1.0
         inf:           Catalog File: PSHEDPlugin.cat
         sto:           {Copy Driver Package: C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.inf} 15:52:33.975
         sto:                Driver Package = C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.inf
         sto:                Flags          = 0x00000007
         sto:                Destination    = C:\Users\tester\AppData\Local\Temp\{0ff35224-2a7c-5948-bfa5-6d055054c42a}
         sto:                Copying driver package files to 'C:\Users\tester\AppData\Local\Temp\{0ff35224-2a7c-5948-bfa5-6d055054c42a}'.
    !    inf:                DriverVer directive specifies invalid date "03/19/15". Section = [Version], Line = 4
    !    inf:                DriverVer directive specifies invalid date "03/19/15". Section = [Version], Line = 4
         flq:                Copying 'C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.cat' to 'C:\Users\tester\AppData\Local\Temp\{0ff35224-2a7c-5948-bfa5-6d055054c42a}\PSHEDPlugin.cat'.
         flq:                Copying 'C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.inf' to 'C:\Users\tester\AppData\Local\Temp\{0ff35224-2a7c-5948-bfa5-6d055054c42a}\PSHEDPlugin.inf'.
         flq:                Copying 'C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.sys' to 'C:\Users\tester\AppData\Local\Temp\{0ff35224-2a7c-5948-bfa5-6d055054c42a}\PSHEDPlugin.sys'.
         sto:           {Copy Driver Package: exit(0x00000000)} 15:52:33.999
         pol:           {Driver package policy check} 15:52:34.003
         pol:           {Driver package policy check - exit(0x00000000)} 15:52:34.005
         sto:           {Stage Driver Package: C:\Users\tester\AppData\Local\Temp\{0ff35224-2a7c-5948-bfa5-6d055054c42a}\PSHEDPlugin.inf} 15:52:34.005
    !    inf:                DriverVer directive specifies invalid date "03/19/15". Section = [Version], Line = 4
    !    inf:                DriverVer directive specifies invalid date "03/19/15". Section = [Version], Line = 4
         inf:                {Query Configurability: C:\Users\tester\AppData\Local\Temp\{0ff35224-2a7c-5948-bfa5-6d055054c42a}\PSHEDPlugin.inf} 15:52:34.007
    !    inf:                     DriverVer directive specifies invalid date "03/19/15". Section = [Version], Line = 4
         inf:                     Driver package 'PSHEDPlugin.inf' is configurable.
         inf:                {Query Configurability: exit(0x00000000)} 15:52:34.009
         flq:                Copying 'C:\Users\tester\AppData\Local\Temp\{0ff35224-2a7c-5948-bfa5-6d055054c42a}\PSHEDPlugin.cat' to 'C:\WINDOWS\System32\DriverStore\Temp\{62542952-ee6c-6144-9ae2-343c5ea81f54}\PSHEDPlugin.cat'.
         flq:                Copying 'C:\Users\tester\AppData\Local\Temp\{0ff35224-2a7c-5948-bfa5-6d055054c42a}\PSHEDPlugin.inf' to 'C:\WINDOWS\System32\DriverStore\Temp\{62542952-ee6c-6144-9ae2-343c5ea81f54}\PSHEDPlugin.inf'.
         flq:                Copying 'C:\Users\tester\AppData\Local\Temp\{0ff35224-2a7c-5948-bfa5-6d055054c42a}\PSHEDPlugin.sys' to 'C:\WINDOWS\System32\DriverStore\Temp\{62542952-ee6c-6144-9ae2-343c5ea81f54}\PSHEDPlugin.sys'.
         sto:                {DRIVERSTORE IMPORT VALIDATE} 15:52:34.019
    !!!  sig:                     Driver package INF file hash is not present in catalog file. Filename = PSHEDPlugin.inf, Error = 0xE000024B
    !    sig:                     Driver package appears to be tampered, but user wants to install it anyway.
         sto:                {DRIVERSTORE IMPORT VALIDATE: exit(0x00000000)} 15:52:34.669
         sig:                Signer Score = 0x80000000
         sig:                Signer Name  = <unsigned>
         sto:                {DRIVERSTORE IMPORT BEGIN} 15:52:34.671
         bak:                     Create system restore point:
         bak:                          Description = Device Driver Package Install: Microsoft Corporation System devices
         bak:                          Time        = 0ms
         bak:                          Status      = 0x00000000 (SUCCESS)
         sto:                {DRIVERSTORE IMPORT BEGIN: exit(0x00000000)} 15:52:34.677
         cpy:                {Copy Directory: C:\WINDOWS\System32\DriverStore\Temp\{62542952-ee6c-6144-9ae2-343c5ea81f54}} 15:52:34.677
         cpy:                     Target Path = C:\WINDOWS\System32\DriverStore\FileRepository\pshedplugin.inf_amd64_54f5be9b9582796e
         cpy:                {Copy Directory: exit(0x00000000)} 15:52:34.679
         idb:                {Register Driver Package: C:\WINDOWS\System32\DriverStore\FileRepository\pshedplugin.inf_amd64_54f5be9b9582796e\PSHEDPlugin.inf} 15:52:34.679
    !    inf:                     DriverVer directive specifies invalid date "03/19/15". Section = [Version], Line = 4
         idb:                     Created driver package object 'pshedplugin.inf_amd64_54f5be9b9582796e' in SYSTEM database node.
         idb:                     Created driver INF file object 'oem21.inf' in SYSTEM database node.
         idb:                     Registered driver package 'pshedplugin.inf_amd64_54f5be9b9582796e' with 'oem21.inf'.
         idb:                {Register Driver Package: exit(0x00000000)} 15:52:34.681
         idb:                {Publish Driver Package: C:\WINDOWS\System32\DriverStore\FileRepository\pshedplugin.inf_amd64_54f5be9b9582796e\PSHEDPlugin.inf} 15:52:34.681
         idb:                     Activating driver package 'pshedplugin.inf_amd64_54f5be9b9582796e'.
         cpy:                     Published 'pshedplugin.inf_amd64_54f5be9b9582796e\pshedplugin.inf' to 'oem21.inf'.
    !    inf:                     DriverVer directive specifies invalid date "03/19/15". Section = [Version], Line = 4
         idb:                     Indexed 3 device IDs for 'pshedplugin.inf_amd64_54f5be9b9582796e'.
         idb:                {Publish Driver Package: exit(0x00000000)} 15:52:34.685
         sto:                {DRIVERSTORE IMPORT END} 15:52:34.685
         sig:                     Installed catalog 'PSHEDPlugin.cat' as 'oem21.cat'.
    !    inf:                     DriverVer directive specifies invalid date "03/19/15". Section = [Version], Line = 4
         sto:                {DRIVERSTORE IMPORT END: exit(0x00000000)} 15:52:34.691
         sto:           {Stage Driver Package: exit(0x00000000)} 15:52:34.691
         sto:      {Setup Import Driver Package - exit (0x00000000)} 15:52:34.701
         inf:      Driver Store Path: C:\WINDOWS\System32\DriverStore\FileRepository\pshedplugin.inf_amd64_54f5be9b9582796e\PSHEDPlugin.inf
         inf:      Published Inf Path: C:\WINDOWS\INF\oem21.inf
         inf: {SetupCopyOEMInf exit (0x00000000)} 15:52:34.711
    <<<  Section end 2015/04/03 15:52:34.719
    <<<  [Exit status: SUCCESS]


    >>>  [Device Install (DiInstallDriver) - C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.inf]
    >>>  Section start 2015/04/03 15:53:23.785
          cmd: "C:\WINDOWS\System32\InfDefaultInstall.exe" "C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.inf"
         inf: {SetupCopyOEMInf: C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.inf} 15:53:23.787
    !    inf:      Driver package is already in driver store
         inf:      Driver Store Path: C:\WINDOWS\System32\DriverStore\FileRepository\pshedplugin.inf_amd64_54f5be9b9582796e\pshedplugin.inf
         inf:      Published Inf Path: C:\WINDOWS\INF\oem21.inf
         inf: {SetupCopyOEMInf exit (0x00000000)} 15:53:23.795
    <<<  Section end 2015/04/03 15:53:23.803
    <<<  [Exit status: SUCCESS]

    ----------------------------

    Monday, April 6, 2015 2:41 PM
  • If you look at the lines starting with "!", you'll learn what it is complaining about:

    1. Your DriverVer is not in the correct format (the year requires 4 digits); change it to 03/15/2015,1.0

    2. Your CAT file doesn't contain the hash for your INF file. When you create your CAT file, be sure to include the INF and SYS files

    Fix these issues, and then see what it complains about

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Tuesday, April 7, 2015 2:57 AM
    Moderator
  • OK, I fixed the DriverVer thing, but I'm still getting the same problem. I am also using the OS Test Mode so it shouldn't care about installing an unsigned driver beyond the red prompt screen asking if I'm sure and know what I'm doing. Here's the latest tail of the log:

    -----------------------------------------------------

    >>>  [Device Install (DiInstallDriver) - C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.inf]
    >>>  Section start 2015/04/14 08:29:54.420
          cmd: "C:\WINDOWS\System32\InfDefaultInstall.exe" "C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.inf"
         inf: {SetupCopyOEMInf: C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.inf} 08:29:54.424
         sto:      {Setup Import Driver Package: C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.inf} 08:29:54.508
         inf:           Provider: Microsoft Corporation
         inf:           Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
         inf:           Driver Version: 04/14/2015,8.27.51.134
         inf:           Catalog File: PSHEDPlugin.Cat
         sto:           {Copy Driver Package: C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.inf} 08:29:54.528
         sto:                Driver Package = C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.inf
         sto:                Flags          = 0x00000007
         sto:                Destination    = C:\Users\tester\AppData\Local\Temp\{4ee76e9b-9382-1640-a5a1-116363f74504}
         sto:                Copying driver package files to 'C:\Users\tester\AppData\Local\Temp\{4ee76e9b-9382-1640-a5a1-116363f74504}'.
         flq:                Copying 'C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.Cat' to 'C:\Users\tester\AppData\Local\Temp\{4ee76e9b-9382-1640-a5a1-116363f74504}\PSHEDPlugin.Cat'.
         flq:                Copying 'C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.inf' to 'C:\Users\tester\AppData\Local\Temp\{4ee76e9b-9382-1640-a5a1-116363f74504}\PSHEDPlugin.inf'.
         flq:                Copying 'C:\Users\tester\Desktop\PSHEDPlugin Package\PSHEDPlugin.sys' to 'C:\Users\tester\AppData\Local\Temp\{4ee76e9b-9382-1640-a5a1-116363f74504}\PSHEDPlugin.sys'.
         sto:           {Copy Driver Package: exit(0x00000000)} 08:29:54.570
         pol:           {Driver package policy check} 08:29:54.678
         pol:           {Driver package policy check - exit(0x00000000)} 08:29:54.680
         sto:           {Stage Driver Package: C:\Users\tester\AppData\Local\Temp\{4ee76e9b-9382-1640-a5a1-116363f74504}\PSHEDPlugin.inf} 08:29:54.680
         inf:                {Query Configurability: C:\Users\tester\AppData\Local\Temp\{4ee76e9b-9382-1640-a5a1-116363f74504}\PSHEDPlugin.inf} 08:29:54.684
         inf:                     Driver package 'PSHEDPlugin.inf' is configurable.
         inf:                {Query Configurability: exit(0x00000000)} 08:29:54.686
         flq:                Copying 'C:\Users\tester\AppData\Local\Temp\{4ee76e9b-9382-1640-a5a1-116363f74504}\PSHEDPlugin.Cat' to 'C:\WINDOWS\System32\DriverStore\Temp\{2c1731fa-1e92-414b-8096-f95bea4d6112}\PSHEDPlugin.Cat'.
         flq:                Copying 'C:\Users\tester\AppData\Local\Temp\{4ee76e9b-9382-1640-a5a1-116363f74504}\PSHEDPlugin.inf' to 'C:\WINDOWS\System32\DriverStore\Temp\{2c1731fa-1e92-414b-8096-f95bea4d6112}\PSHEDPlugin.inf'.
         flq:                Copying 'C:\Users\tester\AppData\Local\Temp\{4ee76e9b-9382-1640-a5a1-116363f74504}\PSHEDPlugin.sys' to 'C:\WINDOWS\System32\DriverStore\Temp\{2c1731fa-1e92-414b-8096-f95bea4d6112}\PSHEDPlugin.sys'.
         sto:                {DRIVERSTORE IMPORT VALIDATE} 08:29:54.708
         sig:                     {_VERIFY_FILE_SIGNATURE} 08:29:54.718
         sig:                          Key      = PSHEDPlugin.inf
         sig:                          FilePath = C:\WINDOWS\System32\DriverStore\Temp\{2c1731fa-1e92-414b-8096-f95bea4d6112}\PSHEDPlugin.inf
         sig:                          Catalog  = C:\WINDOWS\System32\DriverStore\Temp\{2c1731fa-1e92-414b-8096-f95bea4d6112}\PSHEDPlugin.Cat
    !    sig:                          Verifying file against specific (valid) catalog failed! (0x800b0109)
    !    sig:                          Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
         sig:                     {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 08:29:54.730
         sig:                     {_VERIFY_FILE_SIGNATURE} 08:29:54.730
         sig:                          Key      = PSHEDPlugin.inf
         sig:                          FilePath = C:\WINDOWS\System32\DriverStore\Temp\{2c1731fa-1e92-414b-8096-f95bea4d6112}\PSHEDPlugin.inf
         sig:                          Catalog  = C:\WINDOWS\System32\DriverStore\Temp\{2c1731fa-1e92-414b-8096-f95bea4d6112}\PSHEDPlugin.Cat
    !    sig:                          Verifying file against specific Authenticode(tm) catalog failed! (0x800b0109)
    !    sig:                          Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
         sig:                     {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 08:29:54.736
    !    sig:                     Driver package catalog file certificate does not belong to Trusted Root Certificates, but user wants to install anyway.
         sto:                {DRIVERSTORE IMPORT VALIDATE: exit(0x00000000)} 08:30:56.426
         sig:                Signer Score = 0x80000000
         sig:                Signer Name  = <unsigned>
         sto:                {DRIVERSTORE IMPORT BEGIN} 08:30:56.428
         bak:                     Create system restore point:
         bak:                          Description = Device Driver Package Install: Microsoft Corporation System devices
         bak:                          Time        = 8078ms
         bak:                          Status      = 0x00000000 (SUCCESS)
         sto:                {DRIVERSTORE IMPORT BEGIN: exit(0x00000000)} 08:31:04.513
         cpy:                {Copy Directory: C:\WINDOWS\System32\DriverStore\Temp\{2c1731fa-1e92-414b-8096-f95bea4d6112}} 08:31:04.515
         cpy:                     Target Path = C:\WINDOWS\System32\DriverStore\FileRepository\pshedplugin.inf_amd64_3c81c17f7ed20bd5
         cpy:                {Copy Directory: exit(0x00000000)} 08:31:04.517
         idb:                {Register Driver Package: C:\WINDOWS\System32\DriverStore\FileRepository\pshedplugin.inf_amd64_3c81c17f7ed20bd5\PSHEDPlugin.inf} 08:31:04.519
         idb:                     Created driver package object 'pshedplugin.inf_amd64_3c81c17f7ed20bd5' in SYSTEM database node.
         idb:                     Created driver INF file object 'oem22.inf' in SYSTEM database node.
         idb:                     Registered driver package 'pshedplugin.inf_amd64_3c81c17f7ed20bd5' with 'oem22.inf'.
         idb:                {Register Driver Package: exit(0x00000000)} 08:31:04.605
         idb:                {Publish Driver Package: C:\WINDOWS\System32\DriverStore\FileRepository\pshedplugin.inf_amd64_3c81c17f7ed20bd5\PSHEDPlugin.inf} 08:31:04.605
         idb:                     Activating driver package 'pshedplugin.inf_amd64_3c81c17f7ed20bd5'.
         cpy:                     Published 'pshedplugin.inf_amd64_3c81c17f7ed20bd5\pshedplugin.inf' to 'oem22.inf'.
         idb:                     Indexed 3 device IDs for 'pshedplugin.inf_amd64_3c81c17f7ed20bd5'.
         idb:                {Publish Driver Package: exit(0x00000000)} 08:31:04.613
         sto:                {DRIVERSTORE IMPORT END} 08:31:04.615
         sig:                     Installed catalog 'PSHEDPlugin.Cat' as 'oem22.cat'.
         sto:                {DRIVERSTORE IMPORT END: exit(0x00000000)} 08:31:04.913
         sto:           {Stage Driver Package: exit(0x00000000)} 08:31:04.913
         sto:      {Setup Import Driver Package - exit (0x00000000)} 08:31:04.951
         inf:      Driver Store Path: C:\WINDOWS\System32\DriverStore\FileRepository\pshedplugin.inf_amd64_3c81c17f7ed20bd5\PSHEDPlugin.inf
         inf:      Published Inf Path: C:\WINDOWS\INF\oem22.inf
         inf: {SetupCopyOEMInf exit (0x00000000)} 08:31:04.971
    <<<  Section end 2015/04/14 08:31:04.983
    <<<  [Exit status: SUCCESS]

    -----------------------------------------------------

    It seems to me that the error when I try to run "sc start pshedplugin" (error 1058) has to do with enabled devices and not the catalog file or driver installation, right? I think the driver is getting installed, but that the OS just isn't finding any hardware devices that match the device id or compatibility id specified in the INF file, right? Do we know for sure that "pnp0c33" is a valid device name for PSHED plugin drivers?

    Thanks for any help!

    Jess

    Tuesday, April 14, 2015 2:22 PM
  • Why are you trying to "SC START" the driver? The driver will get loaded if - and only if - the specified hardware device PNP0C33 is detected

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Tuesday, April 14, 2015 5:44 PM
    Moderator
  • Hi Brian,

    Really, to get visibility into what's going on. The error message from the sc start says exactly what you just said. So the apparent problem is that the PnP system isn't seeing any PNP0C33 devices, right? So that means I have no Microsoft-compatible hardware error devices installed? Is there a list of such devices that I can check against to make sure that's the case?

    Thanks,

    Jess

    Tuesday, April 14, 2015 6:47 PM
  • Use DevCon (in the WDK) to display the hardware IDs the system knows about: devcon findall *

    I suspect that you need to specify your ID in the form ACPI\PNP0c33

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Tuesday, April 14, 2015 7:01 PM
    Moderator
  • Brian,

    I did as you said. It found nothing when I did a devcon findall acpi\pnp0c33. It found a lot of other PNP devices when I used the wildcard (*) instead (e.g. acpi\pnp0c02 and acpi\pnp0c0b). Any other ideas? Could my computer really not have any MS compatible hardware error devices?

    Thanks,

    Jess

    Tuesday, April 14, 2015 7:15 PM
  • That appears to be the case

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    Tuesday, April 14, 2015 7:16 PM
    Moderator
  • I guess I'm out of luck then unless I'm making my own device. Thanks for the help Brian!

    Jess

    Tuesday, April 14, 2015 8:00 PM