Null device R.I.P.

July 13th, 2009 | by admin |

Yes, like in the Unix world, in windows you do have a device similar to /dev/null, with the same purpose.

It is critical for some applications to work, specially the ones ported from Unix environments. For instance, the remote desktop software NoMachine’s Nxclient, will complain and stop working if the null device is gone. Some viruses and trojans can make that happen.

The driver shows up under “Non-Plug-play Drivers” in the device manager. It’s a hidden device by default, or gone if there’s a problem.

To restore it, we must the following:

  1. Check for the existence of the file null.sys (the driver file) in %systemroot%\system32\drivers. The file may already be there, but it can be a fake/corrupted version. If we’re sure the file is correct (checking it’s properties), we may skip to step 4; otherwise we should continue to 2, just to make sure.
  2. Go to the command line (navigate through start/run, write cmd and press <enter>), cd to the i386 folder (installation), either on our installation drive or windows instalattion CD/DVD. 
  3. The file we need from the i386 folder is called NULL.SY_. In the windows installation context, the underscores means that the files are compressed, so we need to use the expand utility in the same folder. Do a expand null.sy_ %systemroot%\system32\drivers\null.sys .
  4. The file is in place, but that doesn’t mean that the driver is already working. Windows needs to know, through its registry, that it has a newly installed driver file and activate (in this case) the corresponding windows service. This is done by correcting relevant registry entries and reactivating the driver/driver service through rebooting.
  5. In detail, we must first add the correct permission, for the operation described in the previous step. Navigate through start/run, write regedit and press enter. The registry editor pops up. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root key. We right click over it, and select Permissions. Add the Full Control permission to Everyone. Every user now has permission to add registry entries to this key. For security reasons, we should undone this step at the end.
  6. Download this registry file, and install it (by clicking it). Windows asks for a confirmation. Answer affirmatively.
  7. Reboot. If everything goes well, we should notice a new hidden device (NULL device) under the non-plug and play devices (as I pointed out before they’re hidden by default), in device manager. We should now undone step 5.

Tags: , , , ,

Post a Comment