FA+
Shop
Adventures in Removing Faulty Virtual Devices from Windows
14 years ago
General
Get ready for a super technical journal entry that I felt like posting in order to help me remember what I learned about the Windows registry and Device Manager today. For those technical enough to be interested, here it is:
I had to do some Windows registry exploration recently, because I was trying to destroy some faulty RRNetCap Miniport virtual network adapters that were installed with TuneBite and weren't removed when it was uninstalled. They were showing up in the Device with little yellow exclamation marks and error Code 19, which basically states that the driver information in the registry was corrupted.
Anyway, I learned that the devices that are displayed in the Windows Device Manager are found under the HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Enum directory in the registry.
The exact path to their key within this directory is given under the Device Instance Path property under the Details tab of the Device Properties Dialog from the Device Manager.
The other important property under the Details tab is the Driver Key, which describes a path to a key within the HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Class directory in the registry.
All network adapter driver keys in particular happen to be in the sub-directory {4D36E972-E325-11CE-BFC1-08002BE10318} within the above directory.
And within each network adapter driver key there is a Characteristics value that is binary flags, the 0x20 flag determines whether or not the user can uninstall the adapter, as explained here:
http://www.osronline.com/ddkx/netwo.....stall_4q5j.htm
However, that flag wasn't the problem. The problem was that the faulty network adapters had Driver Keys that were empty, which was why they couldn't be completely uninstalled and removed from the Device Manager's list.
Before risking any negative repercussions of directly removing the culprit devices from the registry, I decided to give the GUI one more chance through the Windows 7 Troubleshooting tool in the Control Panel, using the instructions found here:
http://windows.microsoft.com/en-us/.....troubleshooter
I used the Configure a device option to force Windows to attempt to reinstall the drivers, and it finally changed them to Unknown Devices in the Device Manager, which I was then able to completely uninstall through the Device Manager.
I went back and checked the registry and the culprit device folders had been removed from the HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Enum and HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Class directories in the registry.
If I had used that troubleshooting tool from the get-go, I would have solved my problems without as much grief, but I also wouldn't have learned so many new things about how the Windows registry works. However, I have yet to figure out how device's instances keys and/or driver keys in the registry point to their actual driver files in C:/Windows/System32/drivers directory. Maybe I should do some research on how to make virtual devices.
I had to do some Windows registry exploration recently, because I was trying to destroy some faulty RRNetCap Miniport virtual network adapters that were installed with TuneBite and weren't removed when it was uninstalled. They were showing up in the Device with little yellow exclamation marks and error Code 19, which basically states that the driver information in the registry was corrupted.
Anyway, I learned that the devices that are displayed in the Windows Device Manager are found under the HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Enum directory in the registry.
The exact path to their key within this directory is given under the Device Instance Path property under the Details tab of the Device Properties Dialog from the Device Manager.
The other important property under the Details tab is the Driver Key, which describes a path to a key within the HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Class directory in the registry.
All network adapter driver keys in particular happen to be in the sub-directory {4D36E972-E325-11CE-BFC1-08002BE10318} within the above directory.
And within each network adapter driver key there is a Characteristics value that is binary flags, the 0x20 flag determines whether or not the user can uninstall the adapter, as explained here:
http://www.osronline.com/ddkx/netwo.....stall_4q5j.htm
However, that flag wasn't the problem. The problem was that the faulty network adapters had Driver Keys that were empty, which was why they couldn't be completely uninstalled and removed from the Device Manager's list.
Before risking any negative repercussions of directly removing the culprit devices from the registry, I decided to give the GUI one more chance through the Windows 7 Troubleshooting tool in the Control Panel, using the instructions found here:
http://windows.microsoft.com/en-us/.....troubleshooter
I used the Configure a device option to force Windows to attempt to reinstall the drivers, and it finally changed them to Unknown Devices in the Device Manager, which I was then able to completely uninstall through the Device Manager.
I went back and checked the registry and the culprit device folders had been removed from the HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Enum and HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Class directories in the registry.
If I had used that troubleshooting tool from the get-go, I would have solved my problems without as much grief, but I also wouldn't have learned so many new things about how the Windows registry works. However, I have yet to figure out how device's instances keys and/or driver keys in the registry point to their actual driver files in C:/Windows/System32/drivers directory. Maybe I should do some research on how to make virtual devices.
