Windows Driver Development

candogu

Hi, I want to start to develop windows drivers which are not device drivers I got a task and I need to make a hidden or non killable system watcher for my business this driver will only control my another process is alive if it is not alive it will give the system a shut down or driver will hide my application or when the user tries to kill my application driver will give Access is denied (For all users including Administrators) message and I know C, C++, C# at intermediate level I decided to begin developing in C++. Which IDE should I use?, Where should I start from? I have to do this I am not a virus developer or something like that Thanks.

Richard Andrew x64

Is your keyboard missing its punctuation keys?

The difficult we do right away... ...the impossible takes slightly longer.

_Superman_

Use Visual Studio and go for a Windows Service application.

«_Superman_»  _I love work. It gives me something to do between weekends.

_Microsoft MVP (Visual C++)

Polymorphism in C

Albert Holguin

I didn't even read it because of how it looks (run-on and no paragraphs). X|

Lost User

You need to use C. DOnt use C++, it isnt supported in the kernel. You need to write a File System mini filter and fail the IRP_MJ_CLOSE when it is for your application. Doing this is devilishly complex, and you would be best to hand this over to an experienced company to do with you working closely with them. That way you learn and your product gets developed. If you try this as a novice, you are almost destined to fail, some years down the road. If you think ordinary device drivers are hard to write, then at least there are plenty of books for them. File System drivers are virtually undocumented. Oh, and there isnt an IDE. You have to use the 'build' macro from the DDK (WD as it is called today). SO you can use any text editor you like. I use VS, but thats just by habit.

============================== Nothing to say.

Lost User

candogu wrote:

I need to make a hidden or non killable system watcher

candogu wrote:

will give Access is denied (For all users including Administrators)

Thus preventing any user or adminstrator from being able to control their own system.

candogu wrote:

I am not a virus developer or something like that

I can see no other reason that you would want to do this.

Unrequited desire is character building. OriginalGriff I'm sitting here giving you a standing ovation - Len Goodman

CPallini

Or, in other terms: Warning: you're going to create a virus or something like that by accident!" :laugh:

If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler. -- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong. -- Iain Clarke
[My articles]

Lost User

:laugh:

Unrequited desire is character building. OriginalGriff I'm sitting here giving you a standing ovation - Len Goodman

Lost User

candogu wrote:

Where should I start from

Given your description of what you want to do, a real good start would be to redesign your system. An "unkillable" process is a bad design to start with.

candogu wrote:

I have to do this

You might have been told to do this by a client or supervisor but that does not mean that you should do it.

Why is common sense not common? Never argue with an idiot. They will drag you down to their level where they are an expert. Sometimes it takes a lot of work to be lazy Individuality is fine, as long as we do it together - F. Burns

candogu

I appreciate your answer. Thank you for your attention.

candogu

U can see what u want. Yes I am lying what is gonna happen??? I am the biggest virus developer in whole world? Are u happy now?

candogu

This is EXACTLY what I need, thank you for your answer...

Lost User

It is only going to block one application from being stopped. Of course he can have a user created whose SID is allowed to close that exe so control can be maintained. In fact I have done this kind of thing with security SW. Certain apps and areas of the registry have access blocked, launching of aplicaitons is limited to certain users or groups, typical security stuff.

============================== Nothing to say.

Lost User

Yes, but I have a sneaking suspicion that you actually understand the mechanics and implications of doing something like this. :)

Unrequited desire is character building. OriginalGriff I'm sitting here giving you a standing ovation - Len Goodman

JackDingler

Uhm, C++ isn't supported in the kernel? I think you mean that MFC isn't support in the kernel. The Kernel doesn't know anything about the original source the binaries are created from.

JackDingler

When you're done with this, would you please post your experiences in debugging and unkillable process?

Lost User

I do. I used to work for a firm who made security products. :)

============================== Nothing to say.

Lost User

No, I mean C++ isnt supported, as in supported by Microsoft if you have a problem and go to them. Of course you can run C++ derived code, you just need to be carefull about what features you use.

============================== Nothing to say.