x64 Driver Unload not working (Filter Driver)
PostPosted:Sat Jan 10, 2015 9:25 am
Hi,
I am trying to get my driver working however although everything appears to be ok the target driver does not unload, although everything initiates in windbg. The target driver is loaded/spawned when a target program is run, the driver exports to temp and uses sc to load, it has a certificate.
I test sign my driver and install it to system32 via the below inf and then load it with "net start protect". My driver is loaded before the target driver loads therefore should block loading but this doesn't happen, when i "sc query target" it is still running, the target driver doesnt seem to have an unload function as its NON_STOPPABLE, NON_PAUSABLE however this shouldn't cause problems i don't think.
Please can you review the code and provide any feedback. Test machine Win 7 x64 SP1.
Thanks.
I am trying to get my driver working however although everything appears to be ok the target driver does not unload, although everything initiates in windbg. The target driver is loaded/spawned when a target program is run, the driver exports to temp and uses sc to load, it has a certificate.
I test sign my driver and install it to system32 via the below inf and then load it with "net start protect". My driver is loaded before the target driver loads therefore should block loading but this doesn't happen, when i "sc query target" it is still running, the target driver doesnt seem to have an unload function as its NON_STOPPABLE, NON_PAUSABLE however this shouldn't cause problems i don't think.
Please can you review the code and provide any feedback. Test machine Win 7 x64 SP1.
Thanks.