I've wrote a simple driver that only prints "Hello World" to the debug. I used Visual Studio 2012 RC with WDK 8 in order to create an empty driver project and wrote the follwing code:
#include <NTDDK.h>
extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegistryPath)
{
pRegistryPath = pRegistryPath; //unused
DbgPrint("Hello World!");
pDriverObject->DriverUnload = NULL;
return STATUS_SUCCESS;
}
I've compiled it to win7 x64. I've read that in order to install and run this driver I need to write an .inf file, but I can't seem to manege that. I took an example .inf file from WDK 8 and changed it to match my .sys file but it ruined my virtual box win7 x64 :-). So I create a filter driver project in VS2012, took the .inf file and changed it to match my .sys file and when I installed it nothing happaned. I tried to run the new service it created with
net start MyDriver
but nothing was printed to the debug and also I don't see MyDriver in Computer->Manage->Services. I'm using DebugView to see what is printed to the debug (http://technet.microsoft.com/en-us/sysinternals/bb896647.aspx).
Of course in time I would like to write a driver that acctualy does something, but meanwhile I just want to know how to run it.
The .inf file i took from VS2012 and changed is this:
;;;
;;; MyDriver2
;;;
[Version]
Signature = "$Windows NT$"
; TODO - Change the Class and ClassGuid to match the Load Order Group value, see http://msdn.microsoft.com/en-us/windows/hardware/gg462963
; Class = "ActivityMonitor" ;This is determined by the work this filter driver does
; ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2} ;This value is determined by the Load Order Group value
Class = "ActivityMonitor"
ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}
Provider = %ManufacturerName%
DriverVer = 08/13/2012,1.0.0.0
;CatalogFile = MyDriver2.cat
[DestinationDirs]
DefaultDestDir = 12
MiniFilter.DriverFiles = 12 ;%windir%\system32\drivers
;;
;; Default install sections
;;
[DefaultInstall]
OptionDesc = %ServiceDescription%
CopyFiles = MiniFilter.DriverFiles
[DefaultInstall.Services]
AddService = %ServiceName%,,MiniFilter.Service
;;
;; Default uninstall sections
;;
[DefaultUninstall]
DelFiles = MiniFilter.DriverFiles
[DefaultUninstall.Services]
DelService = %ServiceName%,0x200 ;Ensure service is stopped before deleting
;
; Services Section
;
[MiniFilter.Service]
DisplayName = %ServiceName%
Description = %ServiceDescription%
ServiceBinary = %12%\%DriverName%.sys ;%windir%\system32\drivers\
Dependencies = "FltMgr"
ServiceType = 2 ;SERVICE_FILE_SYSTEM_DRIVER
StartType = 3 ;SERVICE_DEMAND_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
; TODO - Change the Load Order Group value, see http://connect.microsoft.com/site221/content/content.aspx?ContentID=2512
; LoadOrderGroup = "FSFilter Activity Monitor"
LoadOrderGroup = "filter"
AddReg = MiniFilter.AddRegistry
;
; Registry Modifications
;
[MiniFilter.AddRegistry]
HKR,,"DebugFlags",0x00010001 ,0x0
HKR,,"SupportedFeatures",0x00010001,0x3
HKR,"Instances","DefaultInstance",0x00000000,%DefaultInstance%
HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%
;
; Copy Files
;
[MiniFilter.DriverFiles]
%DriverName%.sys
[SourceDisksFiles]
MyDriver2.sys = 1,,
[SourceDisksNames]
1 = %DiskId1%,,,
;;
;; String Section
;;
[Strings]
; TODO - Add your manufacturer
ManufacturerName = "Template"
ServiceDescription = "MyDriver2 Mini-Filter Driver"
ServiceName = "MyDriver2"
DriverName = "MyDriver2"
DiskId1 = "MyDriver2 Device Installation Disk"
;Instances specific information.
DefaultInstance = "MyDriver2 Instance"
Instance1.Name = "MyDriver2 Instance"
; TODO - Change the altitude value, see http://connect.microsoft.com/site221/content/content.aspx?ContentID=2512
;Instance1.Altitude = "370030"
Instance.Altitude = "370030"
Instance1.Flags = 0x0 ; Allow all attachments
When I tried using wdreg.exe to install and run my driver it said "Failed locating Manufacturer section in INF file". (from http://www.jungo.com/st/support/documentation/windriver/10.3.0/wdpci_manual.mhtml/dyn_windows.html) I read a lot about .inf files (from some microsoft book and a lot of google) and I still don't know how to fix my .inf file.
If there is a simpler way to run my driver I would love to hear about it. Once I'll know how to run it, debuging the real product will be easy.
Thanks!
EDIT: I also singe the .sys file with Driver Signature Enforcement Overrider in Test Mode (http://www.ngohq.com/home.php?page=dseo).
It turned out Rohan was right. I wasn't able to find a way to see the debug print in win7 (Rohan link is for vista), so I just created a file.
#include <wdm.h>
#include <Ntstrsafe.h>
extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegistryPath)
{
UNICODE_STRING uniName;
OBJECT_ATTRIBUTES objAttr;
RtlInitUnicodeString(&uniName, L"\\SystemRoot\\example12345.txt");
InitializeObjectAttributes(&objAttr, &uniName,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL, NULL);
HANDLE handle;
NTSTATUS ntstatus;
IO_STATUS_BLOCK ioStatusBlock;
// Do not try to perform any file operations at higher IRQL levels.
// Instead, you may use a work item or a system worker thread to perform file operations.
if(KeGetCurrentIrql() != PASSIVE_LEVEL){
return STATUS_INVALID_DEVICE_STATE;
}
ntstatus = ZwCreateFile(&handle,
GENERIC_WRITE,
&objAttr, &ioStatusBlock, NULL,
FILE_ATTRIBUTE_NORMAL,
0,
FILE_OVERWRITE_IF,
FILE_SYNCHRONOUS_IO_NONALERT,
NULL, 0);
CHAR buffer[30];
size_t cb;
if(NT_SUCCESS(ntstatus)) {
ntstatus = RtlStringCbPrintfA(buffer, sizeof(buffer), "This is a test\r\n");
if(NT_SUCCESS(ntstatus)) {
ntstatus = RtlStringCbLengthA(buffer, sizeof(buffer), &cb);
if(NT_SUCCESS(ntstatus)) {
ntstatus = ZwWriteFile(handle, NULL, NULL, NULL, &ioStatusBlock, buffer, (ULONG)cb, NULL, NULL);
}
}
ZwClose(handle);
}
pRegistryPath = pRegistryPath;
pDriverObject = pDriverObject;
return STATUS_SUCCESS;
}
I used the same .inf I wrote in my question and then typed in the cmd
net start MyDriver2
and the file example12345.txt was created in C:/Windows.