Search
 
 

Display results as :
 


Rechercher Advanced Search

Latest topics
» ~=?{The future is here, TastyExploit officially open to the public}?=~
Tue Mar 02, 2010 11:00 pm by Dami

» My first aa script
Tue Mar 02, 2010 7:00 am by wafflemaster

» the real story behind Maverin
Tue Mar 02, 2010 1:33 am by SoundOfDeat

» Random spam
Mon Mar 01, 2010 11:52 pm by Danny1994

» [Request] EMS v56 Exe
Mon Mar 01, 2010 12:39 am by Dami

» [Blacklist] NX-Trading Blacklist.
Mon Mar 01, 2010 12:38 am by Danny1994

» I have a question regarding the meso farmer
Sat Feb 27, 2010 10:30 pm by Dami

» What are you listening to now?
Sat Feb 27, 2010 7:57 pm by Noname111111

» Video(s) Of The Day
Sat Feb 27, 2010 7:37 pm by Noname111111

Navigation
 Portal
 Index
 Memberlist
 Profile
 FAQ
 Search
Affiliates
free forum
 



[C++]Beginner Driver Programming

Go down

[C++]Beginner Driver Programming

Post by Dami on Fri Oct 30, 2009 5:26 am

By noz3001

Haha, finally time to write another blog. I’ve been having too much fun messing around in kernel mode and getting random BSOD’s because I messed something up.

Anyway, this blog will teach you the very basics of writing kernel mode drivers for windows 2000 / XP.

Note: Kernel-Mode Drivers will NOT work on Windows Vista because of it’s security!

//=====================
// Writing a driver for windows
//=====================

* Tools Needed:

Windows Driver Development Kit: Download

Driver Tools: Download
A Text Editor (For writing the source code)
Medium level C knowledge

* Win DDK

Before you start creating drivers you will need to understand the DDK - What it is and how to use it.
By now I hope you have already installed the DDK and have it ready for use.

The Driver Development Kit coontains all the header files needed to compile your kernel driver and it also compiles your source. For example: In a normal Windows Usermode application you would be a custom to including windows.h as a header file. In kernel mode this is replaced by ntddk.h. The kernel mode “version” of windows.h.

ntddk.h is where most kernel mode API are declared.

Later, after you learn the skeleton of a driver source, I will explain how to compile a driver with the DDK.

* The Source

Now I am going to show you how a basic driver should look. Think of this as the drivr version of the “hello world” program. Infact, I think we should make our driver print hello world!

Now, as I stated in the DDK explanation, the header file ntddk.h MUST be included at the top of your source:

Code:

#include "ntddk.h"

If you have already programmed for the console in C / C++, i’ll assume that you know about the int main() function. Well the driver equivalent to that is DriverEntry:

Code:
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath);

Treat this exaclty as you would int main(). But as you can see, DriverEntry is type NTSTATUS which means it will return NTSTATUS. So in the body of DriverEntry we will put:

Code:
return STATUS_SUCCESS;

And this will tell the Operating system that the function succeeded.

Here is an example of what your driver source should look like at the moment:
Code:
#include “ntddk.h”

NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING theRegistryPath )
{

return STATUS_SUCCESS;
}

It might seem too simple to be a kernel mode driver but this will compile and can be loaded successfully.

* DbgPrint(”Noz3001″);

If you have written C / C++ programs in the past, you might have found yourself in a situation where you need to print information to the screen for debugging or other purposes. If you use C, you will probably be familiar with using the printf() function to print information.
There is an equivalent function in kernel mode. It takes the same paramaters and is just as easy to call! The only problem is that viewing the output is not as simple as using printf. This function is DbgPrint();.

We are going to make our driver print “hello world” when it’s run by using DbgPrint. An example of doing so is shown below:

Code:
DbgPrint("Hello World!");

If you place this code in the DriverEntry function, the driver will print our string when it is run. The only problem is that we have nothing to view the string with! Don’t worry, thats why I made you download the “driver tools” at the beginning og this article. Extract them to your computer using WinRAR and open the file called “Dbgview”.

It should look like this:


This program catches all the strings “DbgPrinted” and display them to you! This is how you are going to view your hello world string later on.

Now add your DbgPrint() code to your source. My source looks like this:

Code:
#include “ntddk.h

”NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING theRegistryPath )
{


DbgPrint(”Hello World!”);


DriverObject->DriverUnload; // Unload the driver.
return STATUS_SUCCESS;

}

Note the line DriverObject->DriverUnload; // Unload the driver. You always need to unload your driver so the user doesn’t have to restart to unload it!

* Compiling your first Driver

This is the fun part!! Getting to use the DDK!!
Firsly, I hope you have created your source file on the same drive as you installed the DDK! If not, copy it over.


Note: Make sure the folder / source name have NO spaces in them!


There are two more small files you need to create before the DDK will compile your source. SOURCES and MAKEFILE.

Both have NO file extension and MAKEFILE is always the same.


MAKEFILE
!INCLUDE $(NTMAKEENV)\makefile.def


SOURCES
TARGETNAME=Noz3001_Driver


TARGETPATH=Release


TARGETTYPE=DRIVER


SOURCES=DriverMain.c


In SOURCES, TARGETNAME is the filename of the compiled driver. TARGETPATH is the folder where the driver will be put. TARGETTYPE is pretty self-explanatory and SOURCES is your source file.

Ok now we can open the DDK compiler. Click Start->Development Kits and look for “Windows XP Free Build Environment”
once here type “cd..” and press enter until the current directory cant get any lower. Eg “C:/>”.

Now type CD again and after it put the full path to the folder where your 3 files are. Now type “build” (without the ” ’s) and press enter. You should see something like this:

Note: If you get any errors, review your source and try to find what you did wrong.

If your DDK screen looks like mine, CONGRATULATIONS! You just created your first Kernel-Mode driver!
But wait, thats not all! You still have to make sure it works.

Make sure you still have DbgView open so ou can see the result of your DbgPrint. Now it’s time o use the other program i included in my “driver tools” file, “INSTDRV”. This program can load your driver for you! It saves you a lot of time when you are still testing your driver so keep it handy!

Once opened it will look like this:


Now enter the full path to your driver in the pathname text box and click install. Once the status says “Operation successful”, click the start button to start your driver.

Now go back to DbgView. If your driver has worked you will see something like this:


WELL DONE!! You just created a working kernel mode driver AND used a kernel mode function!

I think you should give yourself a pat on the back!
avatar
Dami
Dragon
Dragon

Posts : 1414
Join date : 2009-08-10
Age : 28
Location : Finland

Back to top Go down

Re: [C++]Beginner Driver Programming

Post by wafflemaster on Tue Nov 03, 2009 3:57 pm

This is a very good and interesting guide. Is there a second part to this?

wafflemaster
V.I.P
V.I.P

Posts : 123
Join date : 2009-10-27

Back to top Go down

Re: [C++]Beginner Driver Programming

Post by Dami on Tue Nov 03, 2009 4:25 pm

Nah, not by noz3001.
avatar
Dami
Dragon
Dragon

Posts : 1414
Join date : 2009-08-10
Age : 28
Location : Finland

Back to top Go down

Re: [C++]Beginner Driver Programming

Post by Sponsored content


Sponsored content


Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum