Windows - Helloworld Driver

03 Apr, 21
Tags:
68
0
Hello World

One question we often get asked is how to get started with kernel mode programming. This article is designed to help set you up for kernel mode programming on Windows. This requires that you are running Windows OS

Noob

 

 

 

 

  • Install WinDDK 7.1
WinDDK Installation screen

Write a simple driver, makefile, sources file as follows:

(The three files can be downloaded in a zip)

driver.c

//***************************************************************************************
// Hello World Driver
// This driver prints "Hello World" to a kernel debugger.  
//
// Aug 2003 - DriverEntry (www.DriverEntry.com)
//***************************************************************************************

//#######################################################################################
// I N C L U D E S
//#######################################################################################

#include <ntddk.h>

//#######################################################################################
// P R O T O T Y P E S
//#######################################################################################

NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath );

// Allow the DriverEntry routine to be discarded once initialization is completed
#pragma alloc_text ( INIT, DriverEntry )
    
//***************************************************************************************
// NAME:        DriverUnload
//
// DESCRIPTION: This routine is our dynamic unload entry point.
//					
// PARAMETERS:  DriverObject    IN  Address of our DRIVER_OBJECT
//
// IRQL:        IRQL_PASSIVE_LEVEL
//
// RETURNS:     None
//***************************************************************************************
VOID DriverUnload( IN PDRIVER_OBJECT DriverObject )
{
    // Unloading - no resources to free so just return.
    DbgPrint( "Hello World Unloading...\n");
    return;
}

//***************************************************************************************
// NAME:        DriverEntry
// 
// DESCRIPTION: Registers the unload routine and calls GetSystemRootPath.
// 					
// PARAMETERS:  DriverObject	IN		
//                  Address of the DRIVER_OBJECT created by NT for this driver
//              RegistryPath	IN		
//                  UNICODE_STRING which represents this drivers KEY in the Registry	
// 
// IRQL:        IRQL_PASSIVE_LEVEL
// 
// RETURNS:     STATUS_SUCCESS
//***************************************************************************************
NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath )
{
    DbgPrint( "\n"
              "www.DriverEntry.com\n"
              "-------------------\n"
              "System Root Path Driver\n"
              "Compiled %s %s\n\n",
              __DATE__, 
              __TIME__ );

    DriverObject->DriverUnload	= DriverUnload;

    //	Hello World
    DbgPrint( "Hello World\n" );
    return STATUS_SUCCESS;
}

makefile

#
# DO NOT EDIT THIS FILE!!!  Edit .\sources. if you want to add a new source
# file to this component.  This file merely indirects to the real make file
# that is shared by all the components of NT OS/2
#
!INCLUDE $(NTMAKEENV)\makefile.def

sources

TARGETNAME=driver
TARGETPATH=obj
TARGETTYPE=DRIVER

SOURCES=driver.c

Build the driver

Assuming the WinDDK was installed in the default location of C:\WinDDK\7600.16385.1 open a command prompt and run

C:\WinDDK\7600.16385.1\bin\setenv C:\WinDDK\7600.16385.1

This will setup the environment variables for building. Then in the directory containing the driver.c and other files run the command

build -cZw

This will make some directories. The output driver.sys file will in a directory called something like .obj\?\objfre-win7_x86\i386 

To build in different modes use the options in the setenv command.