========================[ Driver coding tutorial intro ]======================== Let's talk about kernel and drivers ----------------------------------- Author: Holy_Father / When you see the shadow, think about the light that causes it / Version: 1.0 english Birthday: 27.08.2005 Home: http://www.hxdef.org, http://hxdef.net.ru, http://hxdef.czweb.org, http://rootkit.host.sk =====[ 1. Contents ]============================================================ 1. Contents 2. Introduction 3. References 4. Building your driver and loader =====[ 2. Introduction ]======================================================== Welcome. Let's talk about drivers and kernel for a while. For lots it is a mystery but don't be afraid. I've prepared just another driver coding tutorial for you. This is intro readme with very few information not related to the coding itself. The most important thing in this paper for you is probably third section References where you find some links (working on this paper birthday). This tutorial require some very basic knowledge that can be gained by reading tutorials in References section. Very few information about compiling the source code for newbies can be found in fourth section. This tutorial will teach you step by step to code simple application protector. Unlike other tutorials this one contains only commented source code and nothing else except this intro file. We start from very basic driver that does nothing at all but working. Every part contain hookX.cpp which is the main driver file where DriverEntry() - that is how common drivers entry point is called - is written. If there is some general idea of that tutorial part then it is written as a comment in this main file. All published files are for educational purposes only and can't be used for commercial purposes without authors permission. =====[ 3. References ]========================================================== Here are some good papers/books/links for the driver coding newbies: Driver Development - tutorial by Toby Opferman Part 1: Introduction to Drivers http://www.codeproject.com/system/driverdev.asp Part 2: Introduction to Implementing IOCTLs http://www.codeproject.com/system/driverdev2.asp Part 3: Introduction to driver contexts http://www.codeproject.com/win32/driverdev3.asp Part 4: Introduction to device stacks http://www.codeproject.com/system/driverdev4asp.asp Part 5: Introduction to the Transport Device Interface http://www.codeproject.com/system/driverdev5asp.asp This is simple the must read for every newbie. At least first four parts can be are understood with just basic knowledge and Toby made great work with this series. If you are not familiar with basics like IRP, IRQL or driver IO you should read this one before you start reading my code. A simple demo for WDM Driver development - quick tutorial by mjtsai - can be found at http://www.codeproject.com/system/WDM_Driver_development.asp. This one is also good to read but you may be confused if you're not familiar with basic facts. Basic class from rootkit.com - http://rootkit.com/project.php?id=7 is a pack of samle sources by Greg Hoglund. There are also other projects on rootkit.com you might be interested in - like He4Hook or FU rootkits that use drivers. Programming the Microsoft Windows Driver Model by Walter Oney published by Microsoft Press. This is very nice book with examples for coding WDM. Inside Microsoft Windows 2000 by David A. Solomon and Mark E. Russinovich published by Microsoft Press. Very good introduction to Microsoft Windows NT architecture and Windows 2000 functionality. http://www.google.com - the source of everything. DebugView is always needed, check http://www.sysinternals.com for download. =====[ 4. Building your driver and loader ]===================================== Read this section only if you don't know what to do to compile the sources. To build drivers from any part of this tutorial this should work: - install Microsoft Visual studio 6 or later - install Windows DDK (XPDDK SP1 is recommended) - run Free Build Environment console - change directory to tutorial_path\hookX\build - run b.bat - you should have hookX.sys in tutorial_path\hookX To compile driver loader this should work - download and install MinGW (http://mingw.org/) - go to tutorial_path\load - change MINGW path in Makefile - type make Contact your local guru if any of previous steps failed. ===================================[ End ]======================================