I have several drivers for windows such as minifilter and driver for work with network. All drivers communiate with a special application and i need disable that drivers activity when a special application is not working (for example, this application may be killed using task manager). How i can do this properly?
For communication between special program and drivers i use IRP, but can't think how disable activity in this case because when program killed by task manager i can't send IRP to shutdown drivers
Related
I want to know the difference between application started directly on the machine and the application started using remote desktop connection.
Whether both the application are same or will have different privileges.
For example, i had an opengl based application which take higher version of opengl 3 or 4 when started directly on the machine. But when i start the same application from remote desktop connection, it takes only base opengl version 1.1.
One more observation is:
We have a service application which will launch a graphics (OGRE based) application based on request. Request is set from client using web-socket communication.
When we start this service directly in a server, it works fine. But when this service is started from a RDP connection, the graphics application is crashing when user sends request after RDP connection is closed.
IT works if I keep the RDP connection on.
It may loose the graphics driver when you are logged in through RDP.
If you look in the launch the Ogre 'setup' dialog when RDP is enabled it will not list the graphics card - but a different 'RDP driver'.
Also - when you log on\off it might 'reset' the device (since the RDP graphics driver is enabled\disabled) causing your window get loose the device, and then crash.
One way to get around all this - is to use a VNC (for example tightvnc), this does not cause the issues that standard RDP does, since it does not use the RDP graphics drivers and such.
I need to Disable/Enable a loaded device driver because the device "at times" when connected fails to load properly.
This device is controlled by the user and is POWERED AND UN-POWERED very frequently.
The program which needs to use the driver DETECTS a failure and needs to Disable/Enable which ALWAYS corrects the issue.
But using the SetupAPI methods causes the executable to require ADMIN rights (Windows 7 and Windows 10).
I'm not sure if I need to use "other" coding methods or if SIGNING the executable will remove the "requirement" to run as administrator?
Any ideas would be greatly appreciated.
The problem is that is any used can unload a driver, they'd be able to interfere with other users. Drivers are a shared resource.
"Signing" the executable makes a few warnings less scary but doesn't affect security.
I'm using Python/NumbaPro to use my CUDA complient GPU on a windows box. I use Cygwin as shell and from within a cygwin console it has no problems finding my CUDA device. I test with the simple command
numbapro.check_cuda()
But when I'm connection to the box over OpenSSH (as part of my Cygwin setup), I get the following error:
numba.cuda.cudadrv.error.CudaSupportError: Error at driver init:
Call to cuInit results in CUDA_ERROR_NO_DEVICE:
How to fix this?
The primary cause of this is Windows service session 0 isolation. When you run any application via a service which runs in session 0 (so sshd, or windows remote desktop, for example), the machines native display driver is unavailable. For CUDA applications, this means that you are get a no device available error at runtime because the sshd you use to login is running as a service and there is no available CUDA driver.
The are a few workarounds:
Run the sshd as a process rather than a service.
If you have a compatible GPU, use the TCC driver rather than the GPU display driver.
On the secondary problem, the Python runtime error you are seeing comes from the multiprocessing module. From this question it appears that the root cause is probably the NUMBER_OF_PROCESSORS environment variable not being set. You can use one of the workarounds in that thread to get around that problem
Once my embedded device is connected to USB port of my PC, it should trigger an exe as an event. How can I achieve this??
Should I create a service to keep monitoring the USB connector bus or is there any default API's available in Windows to achieve this??
thanks.
A simple exe which is started on connect is not possible. But you can write a service or user mode application which listens for device arrival events. WM_DEVICECHANGE is sent to all (registered) applications with a device interface guid which represents which device is plugged in. You can then use this id with the setupapi to see if its your device.
On receiving that event, you can then start your executable.
Depending on your version of Windows it might be possible with a workaround using a AutoRun.inf file in the root folder of a USB drive. For security reasons this is by default turned off, and in Windows 7 not allowed at all.
To achieve the same effect in a more robust way, you need to create a service that monitors whether your device is connected or not (e.g. iTunesHelper that monitors for connected Apple devices).
The easiest solution is probably a trivial UMDF driver. That's basically a small COM component called when your device is connected.
What would be the simplest way for an application I'm writing to block all Internet access on a Windows machine?
More details:
Windows: XP or higher
Application: A basic Win32 app written in C/C++.
Blocking: It needs to be able to block and unblock at will, ideally in a way that the user can't easily reverse. (By, say, right clicking on a network connection icon in the system tray.) Also, ideally, I'd like the method it uses to allow access to be restored should the user restart Windows or reset the machine, though I'd also be willing to have the app auto launch with Windows and unblock access upon startup if the machine was reset while in a blocked state.
Internet access: Primarily, I'd like to block conventional browsers from hitting conventional http/https sites. Secondarily, it would be nice to block IM clients and client-side social networking apps. It would also be nice, but not required, to still allow local networking for file sharing, etc. (Note that only the first requirement is absolute.)
Final notes: This is not meant to be a security utility, nor will its relationship to the user be adversarial (as, for example, with a parental control utility) so it's not important for it to use a scheme that can't be worked around by a determined user. (Consider that I intend for a reboot or reset to clear the blocking. This means that any workaround a user might discover that would take more effort than this is okay.)
Thanks!
p.s. I suspect that the Windows Firewall API won't work for me because this needs to work for users that haven't enabled the firewall or don't have admin privileges, but I'll be thrilled if I'm corrected on this.
It sounds like you're intending to run applications that you don't want to access the internet. Perhaps you could run them inside a virtual machine such as VirtualBox with networking disabled.
You could do it with a Winsock SPI. The Windows SDK has a sample (under Samples\netds\winsock\lsp) which implements what is called a layered service provider which allows you to hook all the user mode functions provided by Winsock and reject/modify the calls to block network access or redirect traffic to different locations. All installed winsock applications will be affected, so in your code you could have policys for what applications can go out and the like and disabled/enable on the fly. Now a determined person could find ways around this but it would be a pain.
That said this isn't trivial to do but the sample should get you most of the way there.
You cannot effectively or practically write your tool with only a user mode application.
What you need to write is a network I/O stack filter driver. This done by writing a Windows Driver. This is different from a Windows Win32 application. Drivers run in kernel mode and applications run in user mode.
On Windows Vista and later, the kernel mode Network Programming Interface (NPI) is designed for this. This is the same API that Windows Firewalls use. These are sometimes called the Winsock kernel (WSK) APIs.
In effect, you are writing a network firewall (more or less)
here are some links
Introduction to Winsock Kernel (WSK)
Windows Core Networking Blog
The Network Programming Interface Docs on MSDN
Note, your will likely need at least two components
Your driver
A Graphical application that a person can use to control your tool
If you want to do any monitoring, you will likely need a user mode service that collects data from your driver. This works better than trying to do this in the driver. In general, you should do the minimal amount of work in the driver.
A few notes:
You need to be very conscious of security when writing this kind of software. This is very much non trivial. Software that is network facing has the highest security requirements.
Be cognizant of performance.
Your driver and/or service must be aware of the context of a calling application. This is also a security boundary. For example, an application not running as administrator should not be able to control your driver.
take a look at firewall sourcecodes