Writing Kernel Mode DLLs with Unload

I followed the example
http://www.osronline.com/article.cfm?id=171

Plus added
NTSTATUS
DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{
UNREFERENCED_PARAMETER(RegistryPath);
DriverObject->DriverUnload = Unload;
return STATUS_SUCCESS;
}

VOID Unload(
In struct _DRIVER_OBJECT *DriverObject
)
{
UNREFERENCED_PARAMETER(DriverObject);
return;
}

Export driver works, but after I unload my main driver, export driver stays loaded, no calls to Unload.

I am sure there are no pending refs to the export driver, what is missing to make sure
the export driver unloads when no longer needed?

thanks,

xxxxx@yahoo.com wrote:

I followed the example
http://www.osronline.com/article.cfm?id=171

Export driver works, but after I unload my main driver, export driver stays loaded, no calls to Unload.

I am sure there are no pending refs to the export driver, what is missing to make sure
the export driver unloads when no longer needed?

RTFM:
https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/creating-export-drivers

DriverEntry is not called for an export driver.  You have to include and
export DllInitialize and DllUnload entry points to trigger the reference
counting.

Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Thanks

Should I keep the extension as dll instead of sys?
Does it make any difference?

It shouldn’t make a different, but typically export drivers have a .sys extension

-----Original Message-----
From: xxxxx@lists.osr.com On Behalf Of xxxxx@yahoo.com
Sent: Monday, September 10, 2018 5:15 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Writing Kernel Mode DLLs with Unload

Thanks

Should I keep the extension as dll instead of sys?
Does it make any difference?


NTDEV is sponsored by OSR

Visit the list online at: https:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at https:

To unsubscribe, visit the List Server section of OSR Online at https:</https:></https:></https:>

It makes no difference whatsoever except to programs like windows explorer that try to ?categorize? files based on the extension. To the core OS, a file is what it is based on what you use it for

Sent from Mailhttps: for Windows 10

________________________________
From: xxxxx@lists.osr.com on behalf of xxxxx@microsoft.com
Sent: Tuesday, September 11, 2018 2:06:18 AM
To: Windows System Software Devs Interest List
Subject: RE: RE:[ntdev] Writing Kernel Mode DLLs with Unload

It shouldn’t make a different, but typically export drivers have a .sys extension

-----Original Message-----
From: xxxxx@lists.osr.com On Behalf Of xxxxx@yahoo.com
Sent: Monday, September 10, 2018 5:15 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Writing Kernel Mode DLLs with Unload

Thanks

Should I keep the extension as dll instead of sys?
Does it make any difference?


NTDEV is sponsored by OSR

Visit the list online at: https:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at https:

To unsubscribe, visit the List Server section of OSR Online at https:


NTDEV is sponsored by OSR

Visit the list online at: http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:></http:></https:></https:></https:></https:>