Windows Driver Development

Albert Holguin

I didn't even read it because of how it looks (run-on and no paragraphs). X|

Lost User

You need to use C. DOnt use C++, it isnt supported in the kernel. You need to write a File System mini filter and fail the IRP_MJ_CLOSE when it is for your application. Doing this is devilishly complex, and you would be best to hand this over to an experienced company to do with you working closely with them. That way you learn and your product gets developed. If you try this as a novice, you are almost destined to fail, some years down the road. If you think ordinary device drivers are hard to write, then at least there are plenty of books for them. File System drivers are virtually undocumented. Oh, and there isnt an IDE. You have to use the 'build' macro from the DDK (WD as it is called today). SO you can use any text editor you like. I use VS, but thats just by habit.

============================== Nothing to say.

Lost User

candogu wrote:

I need to make a hidden or non killable system watcher

candogu wrote:

will give Access is denied (For all users including Administrators)

Thus preventing any user or adminstrator from being able to control their own system.

candogu wrote:

I am not a virus developer or something like that

I can see no other reason that you would want to do this.

Unrequited desire is character building. OriginalGriff I'm sitting here giving you a standing ovation - Len Goodman

CPallini

Or, in other terms: Warning: you're going to create a virus or something like that by accident!" :laugh:

If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler. -- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong. -- Iain Clarke
[My articles]

Lost User

:laugh:

Unrequited desire is character building. OriginalGriff I'm sitting here giving you a standing ovation - Len Goodman

Lost User

candogu wrote:

Where should I start from

Given your description of what you want to do, a real good start would be to redesign your system. An "unkillable" process is a bad design to start with.

candogu wrote:

I have to do this

You might have been told to do this by a client or supervisor but that does not mean that you should do it.

Why is common sense not common? Never argue with an idiot. They will drag you down to their level where they are an expert. Sometimes it takes a lot of work to be lazy Individuality is fine, as long as we do it together - F. Burns

candogu

I appreciate your answer. Thank you for your attention.

candogu

U can see what u want. Yes I am lying what is gonna happen??? I am the biggest virus developer in whole world? Are u happy now?

candogu

This is EXACTLY what I need, thank you for your answer...

Lost User

It is only going to block one application from being stopped. Of course he can have a user created whose SID is allowed to close that exe so control can be maintained. In fact I have done this kind of thing with security SW. Certain apps and areas of the registry have access blocked, launching of aplicaitons is limited to certain users or groups, typical security stuff.

============================== Nothing to say.

Lost User

Yes, but I have a sneaking suspicion that you actually understand the mechanics and implications of doing something like this. :)

Unrequited desire is character building. OriginalGriff I'm sitting here giving you a standing ovation - Len Goodman

JackDingler

Uhm, C++ isn't supported in the kernel? I think you mean that MFC isn't support in the kernel. The Kernel doesn't know anything about the original source the binaries are created from.

JackDingler

When you're done with this, would you please post your experiences in debugging and unkillable process?

Lost User

I do. I used to work for a firm who made security products. :)

============================== Nothing to say.

Lost User

No, I mean C++ isnt supported, as in supported by Microsoft if you have a problem and go to them. Of course you can run C++ derived code, you just need to be carefull about what features you use.

============================== Nothing to say.