對於驅動程式的安裝工具,司徒目前使用NuMega公司製作的EzDriverInstaller,將main.sys和main.inf放在同一個目錄並執行EzDriverInstaller,選擇File => Open...(開啟main.inf檔案),接著按Add New Device就可以在DbgView上面看到輸出訊息
Device Manager
Device Object
參考資訊:
https://wasm.in/
http://four-f.narod.ru/
https://github.com/steward-fu/ddk
main.cpp
#define VDW_MAIN
#define DRIVER_FUNCTION_PNP
#define DRIVER_FUNCTION_UNLOAD
#define DRIVER_FUNCTION_ADD_DEVICE
#include <vdw.h>
class MyDevice : public KPnpDevice
{
SAFE_DESTRUCTORS
public:
MyDevice(PDEVICE_OBJECT pPhyDevice);
DEVMEMBER_DISPATCHERS
NTSTATUS OnRemoveDevice(KIrp pIrp) const;
NTSTATUS DefaultPnp(KIrp pIrp);
NTSTATUS DefaultPower(KIrp pIrp);
protected:
KPnpLowerDevice m_pMyDevice;
};
class MyDriver : public KDriver
{
SAFE_DESTRUCTORS
public:
NTSTATUS DriverEntry(PUNICODE_STRING pMyRegistry);
NTSTATUS AddDevice(PDEVICE_OBJECT pPhyDevice);
VOID Unload(void);
};
MyDevice::MyDevice(PDEVICE_OBJECT pPhyDevice) : KPnpDevice(pPhyDevice, L"MyDriver", FILE_DEVICE_UNKNOWN)
{
m_pMyDevice.Initialize(this, pPhyDevice);
SetLowerDevice(&m_pMyDevice);
SetPnpPolicy();
}
NTSTATUS MyDevice::OnRemoveDevice(KIrp pIrp) const
{
return STATUS_SUCCESS;
}
NTSTATUS MyDevice::DefaultPnp(KIrp pIrp)
{
pIrp.ForceReuseOfCurrentStackLocationInCalldown();
return m_pMyDevice.PnpCall(this, pIrp);
}
NTSTATUS MyDevice::DefaultPower(KIrp pIrp)
{
return STATUS_SUCCESS;
}
KDebugOnlyTrace T("");
DECLARE_DRIVER_CLASS(MyDriver, NULL)
NTSTATUS MyDriver::DriverEntry(PUNICODE_STRING pMyRegistry)
{
T << "Hello, world!";
return STATUS_SUCCESS;
}
NTSTATUS MyDriver::AddDevice(PDEVICE_OBJECT pPhyDevice)
{
MyDevice *t = new (NonPagedPool) MyDevice(pPhyDevice);
return STATUS_SUCCESS;
}
VOID MyDriver::Unload(void)
{
KDriver::Unload();
}
main.inf
[Version] Signature=$CHICAGO$ Class=Unknown Provider=%MFGNAME% DriverVer=8/21/2019,1.0.0.0 [Manufacturer] %MFGNAME%=DeviceList [DeviceList] %DESCRIPTION%=DriverInstall, *MyDriver [DestinationDirs] DefaultDestDir=10,System32\Drivers [SourceDisksFiles] main.sys=1,,, [SourceDisksNames] 1=%INSTDISK%,,, [DriverInstall.NT] CopyFiles=DriverCopyFiles [DriverCopyFiles] main.sys,,,2 [DriverInstall.NT.Services] AddService=FILEIO,2,DriverService [DriverService] ServiceType=1 StartType=3 ErrorControl=1 ServiceBinary=%10%\system32\drivers\main.sys [DriverInstall.NT.HW] AddReg=DriverHwAddReg [DriverHwAddReg] HKR,,SampleInfo,,"" [DriverInstall] AddReg=DriverAddReg CopyFiles=DriverCopyFiles [DriverAddReg] HKR,,DevLoader,,*ntkern HKR,,NTMPDriver,,main.sys [DriverInstall.HW] AddReg=DriverHwAddReg [Strings] MFGNAME="MyDriver" INSTDISK="MyDriver Disc" DESCRIPTION="MyDriver"
編譯
"c:\winddk\bin\x86\cl.exe" -nologo -I"c:\winddk\inc\wxp" -I"c:\winddk\inc\ddk\wxp" -I"c:\winddk\inc\ddk\wdm\wxp" -I"c:\winddk\inc\crt" -I"c:\numega\DriverWorks\include" -I"c:\numega\DriverWorks\source" -D_X86_ -DNTVERSION='WDM' -DDBG=1 /c /Zel /Gz main.cpp "c:\winddk\bin\x86\link.exe" -INCREMENTAL:NO -debug:FULL -debugtype:cv -driver -base:0x10000 -entry:DriverEntry@8 -subsystem:native,5.01 "c:\winddk\lib\wxp\i386\wdm.lib" "c:\winddk\lib\wxp\i386\ntoskrnl.lib" "c:\winddk\lib\wxp\i386\csq.lib" "c:\numega\DriverWorks\lib\i386\checked\vdw_wdm.lib" -out:main.sys main.obj
在開始安裝驅動程式之前,需要先下載除錯工具,讓驅動程式的Debug訊息可以顯示在除錯工具上面,目前最佳的Debug輸出訊息工具是DbgView,該公司目前已經被Microsoft併購,所以可以從Microsoft網站下載,下載完後執行DbgView並將Capture => Capture Kernel選項打勾,接著重啟DbgView
對於驅動程式的安裝工具,司徒目前使用NuMega公司製作的EzDriverInstaller,將main.sys和main.inf放在同一個目錄並執行EzDriverInstaller,選擇File => Open...(開啟main.inf檔案),接著按Add New Device就可以在DbgView上面看到輸出訊息
Device Manager
Device Object