How to "hello world" Legacy Kernel Driver
Preinstalled
|
Step
- start Visual Studio.
- Click on the FILE > NEW > Proejct. then Pop up a ‘new Project’ wizard.
- Choose the visual C++ > Windows driver > Empty WDM driver Project.
- You could see the two projects on the solution explorer, The one is your own name, and the ohter one is package project for your driver
- Select ‘Source files’ on the Solution Explorer that in the right side.
- Click Mouse right button and click ‘add’ > ‘new item’. then Pop up a ‘new file’ wizard.
- Choose the visual C++ > C++ file.
- Copy a following basis of source code, and paste it on the ‘ new c++ file’ that you have created.
helloworld.cpp
|
#include <ntddk.h>
VOID Unload(
_In_ struct _DRIVER_OBJECT *DriverObject
)
{
UNREFERENCED_PARAMETER(DriverObject);
DbgPrintEx(DPFLTR_DEFAULT_ID, 0xFFFFFFFF, "GoodBye Windows Kernel\n");
return;
}
NTSTATUS DriverEntry(
_In_ struct _DRIVER_OBJECT *DriverObject,
_In_ PUNICODE_STRING RegistryPath)
{
NTSTATUS status = STATUS_SUCCESS;
UNREFERENCED_PARAMETER(RegistryPath);
DbgPrintEx(DPFLTR_DEFAULT_ID, 0xFFFFFFFF, "Hello Windows Kernel\n");
DriverObject->DriverUnload = Unload;
return status;
}
|
- Select a build platform and a architecture, then run ‘build’
- As a result you can see the driver file that named end with .sys in ther subfolder of your project’s location.
- Remeber file’s full path or copy it to root folder.
- For the test, first , you register driver as a service simply.
Resigist a driver as a service.
|
sc create helloworlddriver binpath=D:\helloworld.sys type=kernel
|
- Run debugview app to see kernel messages from your driver by a ‘DbgPrintEx’.
(Turn on the capture kernel function.) - Start and stop your own driver.
Start a driver service.
|
sc start helloworlddriver
|
Stop a a driver service.
|
sc stop helloworlddriver
|
- Now, Confirm it worked well on the debugview.
- Finally, ungister the your driver.
Unresigist a driver
|
sc delete helloworlddriver
|
If you have a build error , try to insert code 'extern c {}'
ReplyDelete