Prev: Simple hack to get $3000 to your home
Next: Windows operating System on uni-processor Vs Multi-processor syste
From: Thomas F. Divine on 12 Aug 2010 08:53 Good sleuthing, Pavel. I'll remember that one. Thomas "Pavel A." <pavel_a(a)12fastmail34.fm> wrote in message news:245DE109-1B84-4D14-A4EF-F238309848F9(a)microsoft.com... > Catched the culprit: Logitech USB camera driver LVUSBsta.sys. > It changed the security for built-in class Unknown ("Other devices") so > that only Local system can access it. > No idea why they did this. > Since my driver is in Unknown class, it was affected. > > I've deleted the Unknown class from registry, rebooted and noticed that > somebody created it again. > The rest was simple, thanks to Sysinternals procmon: I've set it to log > registry writes on the class key during boot, > restarted again and the Logitech driver was catched with red hands. > > The fix was to specify security for my device in the INF, so it won't > inherit it from the (hacked) class. > Back to basics, every day :( > > Regards, > -- pa > > > > "Thomas F. Divine" <tdivineATpcausaDOTcom> wrote in message > news:3820CC08-A9F8-4618-938D-1C527E4A7461(a)microsoft.com... >> Maybe there is confusion between Win32 error codes (WinError.h) and NT >> status codes (NTStatus.h). >> >> Perhaps pending is correct in this case because of some delay... >> >> Thos >> >> >> "Pavel A." <pavel_a(a)12fastmail34.fm> wrote in message >> news:A7E43CB5-B631-4C1C-B73A-E9F22DEC099E(a)microsoft.com... >>> "Thomas F. Divine" <tdivineATpcausaDOTcom> wrote in message >>> news:2EE65CA0-4985-4813-8AAE-89FF9E86CA1B(a)microsoft.com... >>>> Looks OK to me. >>> >>> For me too... and it even works on many machines... >>> >>>> Have you tried fetching DeviceInfoData first? Don't know how it could >>>> make any difference, but... >>> >>> Thanks, Thomas, will try. >>> By the way, when I looked for the GetLastError symbolic name, >>> 103 is ERROR_NO_MORE_ITEMS, but it is also STATUS_PENDING >>> as NTSTATUS... does this make any sense? >>> >>> Thanks. >>> -- pa >>> >>>> Thomas F. Divine >>>> >>>> >>>> "Pavel A." <pavel_a(a)12fastmail34.fm> wrote in message >>>> news:26A52F8D-7AC2-42F5-B313-BFFBFF343E9F(a)microsoft.com... >>>>> I have a strange problem with the "classic" device interface >>>>> enumeration code (see below). >>>>> It works on all WinXP machines we tried it on, except one. >>>>> Unfortunately that is a customer's machine so I can't hack it freely, >>>>> need some concrete ideas to act upon. >>>>> >>>>> In short, I call SetupDiGetClassDevs(&MY_GUID,... >>>>> DIGCF_INTERFACEDEVICE) >>>>> to get devices with my interface. There is exactly one such device, >>>>> created by my driver. This call returns success. >>>>> Then I call SetupDiEnumDeviceInterfaces again for my interface GUID - >>>>> and it fails with GetLastError=ERROR_NO_MORE_ITEMS ??? >>>>> I know that the driver successfully enabled this interface, it >>>>> shows up in the registry, with correct reference count and so on. >>>>> >>>>> What can be wrong here? Why SetupDiEnumDeviceInterfaces can fail? >>>>> This machine is loaded with lots of various software, but generally >>>>> behaves well. >>>>> >>>>> The function below is in a DLL, loaded by a console app, both compiled >>>>> wih VC2005 . >>>>> >>>>> Regards, >>>>> Pavel >>>>> >>>>> ---------- code ------- >>>>> #include <windows.h> >>>>> #include <stdio.h> >>>>> #include <initguid.h> >>>>> #include <setupapi.h> >>>>> #pragma comment(lib, "setupapi") >>>>> >>>>> #define _MAX_DEVINTERFACE_NAME_CCH 512 >>>>> >>>>> int openDriver( HANDLE *hnd ) >>>>> { >>>>> // Get list of devices with our class GUID: >>>>> HDEVINFO classDevs = SetupDiGetClassDevs( &MY_GUID, >>>>> NULL, NULL, DIGCF_PRESENT | DIGCF_DEVICEINTERFACE ); >>>>> >>>>> if ( (INVALID_HANDLE_VALUE == classDevs) || (NULL == classDevs) ) >>>>> { >>>>> dprintWarn("No supported devices found\n"); >>>>> return -1; >>>>> } >>>>> >>>>> SP_DEVICE_INTERFACE_DATA ifdata; >>>>> ifdata.cbSize = sizeof(ifdata); >>>>> if( !SetupDiEnumDeviceInterfaces(classDevs, NULL, &MY_GUID, 0, >>>>> &ifdata) ) >>>>> { >>>>> //<<< HERE IT FAILS GetLastError=ERROR_NO_MORE_ITEMS >>>>> dprintWarn("OpenDriver: No supported devices found\n"); >>>>> SetupDiDestroyDeviceInfoList(classDevs); >>>>> return -2; >>>>> } >>>>> >>>>> // Get the name for CreateFile >>>>> .............................. >>>>> } >>>>> >>> >>> |