3
votes

I've wrote a simple driver that only prints "Hello World" to the debug. I used Visual Studio 2012 RC with WDK 8 in order to create an empty driver project and wrote the follwing code:

#include <NTDDK.h>

extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegistryPath) 
{
    pRegistryPath = pRegistryPath; //unused
    DbgPrint("Hello World!");
    pDriverObject->DriverUnload = NULL;
    return STATUS_SUCCESS;
}

I've compiled it to win7 x64. I've read that in order to install and run this driver I need to write an .inf file, but I can't seem to manege that. I took an example .inf file from WDK 8 and changed it to match my .sys file but it ruined my virtual box win7 x64 :-). So I create a filter driver project in VS2012, took the .inf file and changed it to match my .sys file and when I installed it nothing happaned. I tried to run the new service it created with

net start MyDriver

but nothing was printed to the debug and also I don't see MyDriver in Computer->Manage->Services. I'm using DebugView to see what is printed to the debug (http://technet.microsoft.com/en-us/sysinternals/bb896647.aspx).

Of course in time I would like to write a driver that acctualy does something, but meanwhile I just want to know how to run it.

The .inf file i took from VS2012 and changed is this:

;;;
;;; MyDriver2
;;;

[Version]
Signature   = "$Windows NT$"
; TODO - Change the Class and ClassGuid to match the Load Order Group value, see http://msdn.microsoft.com/en-us/windows/hardware/gg462963
; Class       = "ActivityMonitor"                         ;This is determined by the work this filter driver does
; ClassGuid   = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}    ;This value is determined by the Load Order Group value
Class = "ActivityMonitor" 
ClassGuid = {b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}
Provider    = %ManufacturerName%
DriverVer   = 08/13/2012,1.0.0.0
;CatalogFile = MyDriver2.cat

[DestinationDirs]
DefaultDestDir          = 12
MiniFilter.DriverFiles  = 12            ;%windir%\system32\drivers

;;
;; Default install sections
;;

[DefaultInstall]
OptionDesc          = %ServiceDescription%
CopyFiles           = MiniFilter.DriverFiles

[DefaultInstall.Services]
AddService          = %ServiceName%,,MiniFilter.Service

;;
;; Default uninstall sections
;;

[DefaultUninstall]
DelFiles   = MiniFilter.DriverFiles

[DefaultUninstall.Services]
DelService = %ServiceName%,0x200      ;Ensure service is stopped before deleting

;
; Services Section
;

[MiniFilter.Service]
DisplayName      = %ServiceName%
Description      = %ServiceDescription%
ServiceBinary    = %12%\%DriverName%.sys        ;%windir%\system32\drivers\
Dependencies     = "FltMgr"
ServiceType      = 2                            ;SERVICE_FILE_SYSTEM_DRIVER
StartType        = 3                            ;SERVICE_DEMAND_START
ErrorControl     = 1                            ;SERVICE_ERROR_NORMAL
; TODO - Change the Load Order Group value, see http://connect.microsoft.com/site221/content/content.aspx?ContentID=2512
; LoadOrderGroup = "FSFilter Activity Monitor"
LoadOrderGroup   = "filter"
AddReg           = MiniFilter.AddRegistry

;
; Registry Modifications
;

[MiniFilter.AddRegistry]
HKR,,"DebugFlags",0x00010001 ,0x0
HKR,,"SupportedFeatures",0x00010001,0x3
HKR,"Instances","DefaultInstance",0x00000000,%DefaultInstance%
HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%

;
; Copy Files
;

[MiniFilter.DriverFiles]
%DriverName%.sys

[SourceDisksFiles]
MyDriver2.sys = 1,,

[SourceDisksNames]
1 = %DiskId1%,,,

;;
;; String Section
;;

[Strings]
; TODO - Add your manufacturer
ManufacturerName        = "Template"
ServiceDescription      = "MyDriver2 Mini-Filter Driver"
ServiceName             = "MyDriver2"
DriverName              = "MyDriver2"
DiskId1                 = "MyDriver2 Device Installation Disk"

;Instances specific information.
DefaultInstance         = "MyDriver2 Instance"
Instance1.Name          = "MyDriver2 Instance"
; TODO - Change the altitude value, see http://connect.microsoft.com/site221/content/content.aspx?ContentID=2512
;Instance1.Altitude      = "370030"
Instance.Altitude       = "370030"
Instance1.Flags         = 0x0              ; Allow all attachments

When I tried using wdreg.exe to install and run my driver it said "Failed locating Manufacturer section in INF file". (from http://www.jungo.com/st/support/documentation/windriver/10.3.0/wdpci_manual.mhtml/dyn_windows.html) I read a lot about .inf files (from some microsoft book and a lot of google) and I still don't know how to fix my .inf file.

If there is a simpler way to run my driver I would love to hear about it. Once I'll know how to run it, debuging the real product will be easy.

Thanks!

EDIT: I also singe the .sys file with Driver Signature Enforcement Overrider in Test Mode (http://www.ngohq.com/home.php?page=dseo).

2

2 Answers

4
votes

It turned out Rohan was right. I wasn't able to find a way to see the debug print in win7 (Rohan link is for vista), so I just created a file.

#include <wdm.h>
#include <Ntstrsafe.h>

extern "C" NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject, IN PUNICODE_STRING pRegistryPath) 
{
    UNICODE_STRING     uniName;
    OBJECT_ATTRIBUTES  objAttr;

    RtlInitUnicodeString(&uniName, L"\\SystemRoot\\example12345.txt");
    InitializeObjectAttributes(&objAttr, &uniName,
                               OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
                               NULL, NULL);

    HANDLE   handle;
    NTSTATUS ntstatus;
    IO_STATUS_BLOCK    ioStatusBlock;

    // Do not try to perform any file operations at higher IRQL levels.
    // Instead, you may use a work item or a system worker thread to perform file operations.

    if(KeGetCurrentIrql() != PASSIVE_LEVEL){
        return STATUS_INVALID_DEVICE_STATE; 
    }

    ntstatus = ZwCreateFile(&handle,
                            GENERIC_WRITE,
                            &objAttr, &ioStatusBlock, NULL,
                            FILE_ATTRIBUTE_NORMAL,
                            0,
                            FILE_OVERWRITE_IF, 
                            FILE_SYNCHRONOUS_IO_NONALERT,
                            NULL, 0);


    CHAR     buffer[30];
    size_t  cb;

    if(NT_SUCCESS(ntstatus)) {
        ntstatus = RtlStringCbPrintfA(buffer, sizeof(buffer), "This is a test\r\n");
        if(NT_SUCCESS(ntstatus)) {
            ntstatus = RtlStringCbLengthA(buffer, sizeof(buffer), &cb);
            if(NT_SUCCESS(ntstatus)) {
                ntstatus = ZwWriteFile(handle, NULL, NULL, NULL, &ioStatusBlock, buffer, (ULONG)cb, NULL, NULL);
            }
        }
        ZwClose(handle);
    }


    pRegistryPath = pRegistryPath;
    pDriverObject = pDriverObject;

    return STATUS_SUCCESS;
}

I used the same .inf I wrote in my question and then typed in the cmd

net start MyDriver2

and the file example12345.txt was created in C:/Windows.

2
votes

When you load/start the driver its loaded and functional in the kernel, so most likely your driver is loaded. But the DbgPrint message that you may not be seeing is because post Vista the debug messages logged with DbgPrint get filtered and not shown in the output.

Your can refer this to enable showing DbgPrint messages. Getting DbgPrint Output To Appear In Vista and Later

Another way is to use DbgPrintEx with appropriate Component and level.