Tagged: NDISRD setup uninstall usage
August 8, 2019 at 10:10 am #11038demoddieParticipant
I’ve created separate Wix 3.x setup (SetupWinPkFilter.msi) for install/uninstall NDISRD LWF on Win7 / Win10 with custom actions due to your help’s entry ‘installation of winpkfilter 3.0’. This works fine.
The NDISRD LWF driver is used by a NAT routing service. Problem is now that an uninstall of SetupWinPkFilter.msi is also succesfully performed without an error when the NAT routing service is still running, i.e. the NDISRD LWF driver is ‘removed under the NAT router’s back’. The NAT router service is non functional. Is there a simple measure to check at SetupWinPkFilter-UNINSTALL action if NDISRD LWF driver is in use by any user application or service? Some experiments with Sysinternals tools HANDLE, PROCEXPLORER or WinObj did not give me useful infos.August 12, 2019 at 2:46 pm #11039
Hmm, interesting question and I’m afraid I don’t have a quick answer. Inspecting all active processes for the open driver handle does not look a good idea. However, I think such functionality could be added to the driver itself, an example store the driver opened handles counter in the registry.
Still, I’m not sure that this type of functionality is really needed though, normally you should tie your NAT application with custom driver build. In this situation your NAT application always knows if it uses the driver or not while no other application are aware about the custom driver build therefore can’t use the driver.August 16, 2019 at 12:22 pm #11041demoddieParticipant
For the first release I want to avoid the custom driver build due to costs for the code signing certificate. My actual solution: I use a named semaphore in Global-Namespace in CNdisApi class. If the semaphore does not exist it is created in CNdisApi constructor with high initial count, otherwise it is opened. The semaphore counter is decremented whenever the driver has been successfully loaded by CreateFile and is incremented when the driver handle is closed in CNdisApi destructor. So I can check with a custom action in setup before uninstall if the named semaphore does exist or not. So I can inhibt uninstall of ndisrd.sys when in use by my NAT service. The challenge was creating the security attribute of the semaphore for the different users (service account, admin etc.) and use of Global-Namespace.
For series production it makes sense to use a custom driver build of WinPkFilter driver but I like the possibility to use different setups for the NAT service app and the NDIS filter driver for service purposes.August 18, 2019 at 8:19 am #11042
Well, yes, this is an option. However, it won’t protect if any other applications using standard winpkfilter build are running.
By the way we can sign your custom build with our code-signing certificate. Some of the customers prefer this option not only because of certificate costs but mostly because a relatively complex driver signing process.August 18, 2019 at 8:29 am #11044
- You must be logged in to reply to this topic.