I wrote an NDIS 6.20 Miniport driver that has worked well for several years on Windows 7 and 2012. Recently I tried to install it on Windows 2012 R2. It installed successfully, but it hangs Device Manager when I try to disable it. Log output shows that Windows 2012 calls my driver’s MiniportHalt and Unload callbacks. Unfortunately, 2012 R2 calls MiniportHalt which returns normally, and then never calls Unload. At that point, it is possible to kill DeviceManager, but the machine will not reboot normally. It requires a hardware reset.
I read online where Windows might not call DriverUnload if there was an outstanding IRP or DeviceObject reference. I commented out most of the code in my driver to test this theory. At this point, my driver has very little active code left. Now it only does the following:
- Call NdisMRegisterMiniportDriver
- Allocate memory for adapter instance and add to global list
- Call NdisMSetMiniportAttributes to set registration and general attributes
- Fail every SendNetBufferLists request
- In MiniportHalt, remove adapter instance from global list and free memory
- If DriverUnload is called, then call NdisMDeregisterMiniportDriver
Unfortunately, step 6 does not occur on 2012 R2.
I applied all important Windows updates to the 2012 R2 machine. I didn’t see any relevant changes between NDIS 6.20 and 6.30, but I changed the version numbers on my driver anyway. I switched build tools from WDK 8.1 to WDK 10. None of these steps fixed the problem.
I did find these warnings in the setupapi.dev.log file, but it did install and it’s not clear how this is related to hanging on disable:
sto: {DRIVERSTORE IMPORT VALIDATE} 13:27:41.131
sig: {_VERIFY_FILE_SIGNATURE} 13:27:41.147
sig: Key = mydriver.inf
sig: FilePath = C:\Windows\System32\DriverStore\Temp{721af17b-01ef-2b4e-999b-ef20a569320a}\mydriver.inf
sig: Catalog = C:\Windows\System32\DriverStore\Temp{721af17b-01ef-2b4e-999b-ef20a569320a}\mydriver.cat
! sig: Verifying file against specific (valid) catalog failed! (0x800b0109)
! sig: Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
sig: {_VERIFY_FILE_SIGNATURE exit(0x800b0109)} 13:27:41.209
sig: {_VERIFY_FILE_SIGNATURE} 13:27:41.209
sig: Key = mydriver.inf
sig: FilePath = C:\Windows\System32\DriverStore\Temp{721af17b-01ef-2b4e-999b-ef20a569320a}\mydriver.inf
sig: Catalog = C:\Windows\System32\DriverStore\Temp{721af17b-01ef-2b4e-999b-ef20a569320a}\mydriver.cat
sig: Success: File is signed in Authenticode™ catalog.
sig: Error 0xe0000242: The publisher of an Authenticode™ signed catalog has not yet been established as trusted.
sig: {_VERIFY_FILE_SIGNATURE exit(0xe0000242)} 13:27:41.209
! sig: Driver package signer is unknown, but user trusts signer.
sto: {DRIVERSTORE IMPORT VALIDATE: exit(0x00000000)} 13:27:44.069
sig: Signer Score = 0x0F000000
I created a user-mode dump file of Device Manager once it hung. The top of the call stack is:
ntdll!NtDeviceIoControlFile+0xa C/C++/ASM
KERNELBASE!DeviceIoControl+0x121 C/C++/ASM
kernel32!DeviceIoControlImplementation+0x80 C/C++/ASM
cfgmgr32!Local_CM_Disable_DevNode+0xb8 C/C++/ASM
cfgmgr32!CM_Disable_DevNode+0xbf C/C++/ASM
cfgmgr32!CM_Disable_DevNode_Ex+0x5c C/C++/ASM
devobj!DevObjChangeState+0x4f6 C/C++/ASM
setupapi!SetupDiChangeState+0x872 C/C++/ASM
setupapi!_SetupDiCallClassInstaller+0x101b C/C++/ASM
setupapi!SetupDiCallClassInstaller+0x59 C/C++/ASM
devmgr!CDevice::EnableDisableDevice+0x1d7 C/C++/ASM
devmgr!CResultView::MenuCommand+0x1b9 C/C++/ASM
devmgr!CFolder::MenuCommand+0xbe C/C++/ASM
devmgr!CComponent::Command+0xa4 C/C++/ASM
mmcndmgr!IExtendContextMenuWrapper::Command+0xd2 C/C++/ASM
mmcndmgr!CMenuItem::ScExecute+0x236 C/C++/ASM
mmcndmgr!CContextMenu::ExecuteMenuItem+0x8e C/C++/ASM
So, it looks like Device Manager is waiting on an IOCTL request. I’m not sure exactly what that request might be, or why it would be different in 2012 vs 2012 R2.
At this point, I am out of ideas of where to look and what to try. Does anyone have any suggestions?
Thank you very much in advance.