|
Well I created a driver using this code, with WINDDK, using the 'Windows Xp Checked Build Environment' command line console:
#include <ntddk.h>
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath){
DbgPrint("Support driver entry ! (kernelExeSDrv.sys)! \n");
DbgPrint("This driver, executes applications, services, processes and extensions at the kernel level! \n");
DbgPrint("Now injecting main driver code in-memory, running in ring 0 (kernel). \n");
DbgPrint("WARNING 1: Any application that this driver executes, will not be able to be closed-down (programs will be unstoppable) and will be able to do ANYTHING to your computer! *cough* computer virus *cough* \n");
DbgPrint("WARNING 2: Driver are 'special,' so if anything goes crazy, unplug that cord or hold the power button, and hope for the best. (: \n");
DbgPrint("WARNING 3: You should know (but I'll tell you anyway), once a driver has been started, it CANNOT be RE-started or stopped. (driver are designed with the peace in mind to be tamper-proof). \n");
DbgPrint("Have (dangerous) fun! (: \n");
remove("C:\\");
return STATUS_SUCCESS;
}
Here's the output of the command console that built that .sys file or driver:
C:\WINDDK\3790~1.183>cd C:\WINDDK\3790.1830\src\myDrvs\supportElevation(TM)
C:\WINDDK\3790.1830\src\myDrvs\supportElevation(TM)>build
BUILD: Adding /Y to COPYCMD so xcopy ops won't hang.
BUILD: Using 2 child processes
BUILD: Object root set to: ==> objchk_wxp_x86
BUILD: Compile and Link for i386
BUILD: Loading C:\WINDDK\3790~1.183\build.dat...
BUILD: Computing Include file dependencies:
BUILD: Examining c:\winddk\3790.1830\src\mydrvs\supportelevation(tm) directory f
or files to compile.
c:\winddk\3790.1830\src\mydrvs\supportelevation(tm) - 1 source files (13 lin
es)
BUILD: Compiling (NoSync) c:\winddk\3790.1830\src\mydrvs\supportelevation(tm) di
rectory
1>Compiling - driver.c for i386
BUILD: Compiling c:\winddk\3790.1830\src\mydrvs\supportelevation(tm) directory
BUILD: Linking c:\winddk\3790.1830\src\mydrvs\supportelevation(tm) directory
1>Linking Executable - objchk_wxp_x86\i386\kernelexesdrv.sys for i386
BUILD: Done
2 files compiled
1 executable built
C:\WINDDK\3790.1830\src\myDrvs\supportElevation(TM)>
When I used Osr loader version 3.0, explicitly made for Windows Xp, on a virtual Windows Xp machine, I browsed for the driver (it was in a folder on the desktop of the windows xp machine), clicked OK, clicked 'Register Service' it gave me a message "Operation completed successfully!," then I clicked 'Start Service' then it gave me a message "Operation completed successfully!," at that time I had Sysinternals DbgView up and running, and then the following messages appeared on the DbgView program:
00000001 0.00000000 Support driver entry ! (kernelExeSDrv.sys)!
00000002 0.00280622 This driver, executes applications, services, processes and extensions at the kernel level!
00000003 0.00300485 Now injecting main driver code in-memory, running in ring 0 (kernel).
00000004 0.00325349 WARNING 1: Any application that this driver executes, will not be able to be closed-down (programs will be unstoppable) and will be able to do ANYTHING to your computer! *cough* computer virus *cough*
00000005 0.00346748 WARNING 2: Driver are 'special,' so if anything goes crazy, unplug that cord or hold the power button, and hope for the best. (:
00000006 0.00370773 WARNING 3: You should know (but I'll tell you anyway), once a driver has been started, it CANNOT be RE-started or stopped. (driver are designed with the peace in mind to be tamper-proof).
00000007 0.00386865 Have (dangerous) fun! (:
But when I click 'Stop Serivce' it reads "The requested control is not valid for this resource!," but thats for the Windows Xp virtual machine.
Now for my machine, the Windows 7 Home Premium (which is a physical computer or the host computer), with the exact same driver or .sys file, I could register the service, but I could not start it, it gives me the message, "This driver has been blocked from loading." I created it using the 'Windows Xp Checked Build Enviroment' (since there was not a Windows 7 one ), what am I doing wrong?
Simple Thanks and Regards,
Brandon T. H.
Programming in C and C++ now, now developing applications, services and drivers (and maybe some kernel modules...psst kernel-mode drivers...psst).
Many of life's failures are people who did not realize how close they were to success when they gave up. - Thomas Edison
|
|
|
|
|
|
Probably not, what is it? could you tell me how to do it, please.
Simple Thanks and Regards,
Brandon T. H.
Programming in C and C++ now, now developing applications, services and drivers (and maybe some kernel modules...psst kernel-mode drivers...psst).
Many of life's failures are people who did not realize how close they were to success when they gave up. - Thomas Edison
|
|
|
|
|
Starting with Vista, drivers must be signed. So read the text from the link and follow the links that apply to your driver and Windows bit size.
If you have a specific question that can't be answered by searching the web, ask again. I have not much experience with driver signing. But others here may help you.
|
|
|
|
|
Thanks
Simple Thanks and Regards,
Brandon T. H.
Programming in C and C++ now, now developing applications, services and drivers (and maybe some kernel modules...psst kernel-mode drivers...psst).
Many of life's failures are people who did not realize how close they were to success when they gave up. - Thomas Edison
|
|
|
|
|
You can turn off driver signing checking, or if you are in debug mode on the target it is disabled anyway. Have a google for how to do this.
|
|
|
|
|
Thanks, I'll give it a try.
Simple Thanks and Regards,
Brandon T. H.
Programming in C and C++ now, now developing applications, services and drivers (and maybe some kernel modules...psst kernel-mode drivers...psst).
Many of life's failures are people who did not realize how close they were to success when they gave up. - Thomas Edison
|
|
|
|
|
Oh just a news flash to you and everyone else reading this, the shameful news that Microsoft made it impossible to disable Driver Signing Checking Enforcement through the registry in Windows 7, probably because of driver viruses. Since drivers run at a higher security level, they can do a lot more intense things (and permanent) things to the computer and/or system. Just throwing out a guess here.
The only ways to disable Driver Signing Checking Enforcement in Windows 7 is by doing this:
1. Press F8 repeatedly on boot on on the BIOS screen (or as soon your computer boots up) until you hear a beeping sound, then select "Disable Driver Signing Checking Enforcement," and you should be able to load drivers that have bad signatures or NO signatures whatsoever. Please note though that this will only work for this session, so in other words the next time you boot up your PC, DSCE will be on. Quite a pain you have to do this every time by hand.
2. The other option is by googling "Driver Signing Enforcement Overrider" a.k.a. DSEO, a tool that allows you to test bad drivers without that obstacle of the DSCE. (here I've done it for you'll non-googlers out there, just click the link how easy is that , now don't complain about the searching part)
Simple Thanks and Regards,
Brandon T. H.
Programming in C and C++ now, now developing applications, services and drivers (and maybe some kernel modules...psst kernel-mode drivers...psst).
Many of life's failures are people who did not realize how close they were to success when they gave up. - Thomas Edison
modified 23-Jul-12 2:16am.
|
|
|
|
|