Driver load problem windows 7
-
Well I created a driver using this code, with WINDDK, using the 'Windows Xp Checked Build Environment' command line console:
#include NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath){
DbgPrint("Support driver entry ! (kernelExeSDrv.sys)! \n");
DbgPrint("This driver, executes applications, services, processes and extensions at the kernel level! \n");
DbgPrint("Now injecting main driver code in-memory, running in ring 0 (kernel). \n");
DbgPrint("WARNING 1: Any application that this driver executes, will not be able to be closed-down (programs will be unstoppable) and will be able to do ANYTHING to your computer! *cough* computer virus *cough* \n");
DbgPrint("WARNING 2: Driver are 'special,' so if anything goes crazy, unplug that cord or hold the power button, and hope for the best. (: \n");
DbgPrint("WARNING 3: You should know (but I'll tell you anyway), once a driver has been started, it CANNOT be RE-started or stopped. (driver are designed with the peace in mind to be tamper-proof). \n");
DbgPrint("Have (dangerous) fun! (: \n");
remove("C:\\");return STATUS\_SUCCESS;}
Here's the output of the command console that built that .sys file or driver:
C:\WINDDK\3790~1.183>cd C:\WINDDK\3790.1830\src\myDrvs\supportElevation(TM)
C:\WINDDK\3790.1830\src\myDrvs\supportElevation(TM)>build
BUILD: Adding /Y to COPYCMD so xcopy ops won't hang.
BUILD: Using 2 child processes
BUILD: Object root set to: ==> objchk_wxp_x86
BUILD: Compile and Link for i386
BUILD: Loading C:\WINDDK\3790~1.183\build.dat...
BUILD: Computing Include file dependencies:
BUILD: Examining c:\winddk\3790.1830\src\mydrvs\supportelevation(tm) directory f
or files to compile.
c:\winddk\3790.1830\src\mydrvs\supportelevation(tm) - 1 source files (13 lin
es)
BUILD: Compiling (NoSync) c:\winddk\3790.1830\src\mydrvs\supportelevation(tm) di
rectory
1>Compiling - driver.c for i386
BUILD: Compiling c:\winddk\3790.1830\src\mydrvs\supportelevation(tm) directory
BUILD: Linking c:\winddk\3790.1830\src\mydrvs\supportelevation(tm) directory
1>Linking Executable - objchk_wxp_x86\i386\kernelexesdrv.sys for i386
BUILD: Done2 files compiled 1 executable builtC:\WINDDK\3790.1830\src\myDrvs\supportElevation(TM)>
When I used Osr loader version 3.0, explicitly made for Windows Xp, on a virtual Windows Xp machine, I browsed for the driver (it was in a folder on the desktop of the windows xp ma
-
Well I created a driver using this code, with WINDDK, using the 'Windows Xp Checked Build Environment' command line console:
#include NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath){
DbgPrint("Support driver entry ! (kernelExeSDrv.sys)! \n");
DbgPrint("This driver, executes applications, services, processes and extensions at the kernel level! \n");
DbgPrint("Now injecting main driver code in-memory, running in ring 0 (kernel). \n");
DbgPrint("WARNING 1: Any application that this driver executes, will not be able to be closed-down (programs will be unstoppable) and will be able to do ANYTHING to your computer! *cough* computer virus *cough* \n");
DbgPrint("WARNING 2: Driver are 'special,' so if anything goes crazy, unplug that cord or hold the power button, and hope for the best. (: \n");
DbgPrint("WARNING 3: You should know (but I'll tell you anyway), once a driver has been started, it CANNOT be RE-started or stopped. (driver are designed with the peace in mind to be tamper-proof). \n");
DbgPrint("Have (dangerous) fun! (: \n");
remove("C:\\");return STATUS\_SUCCESS;}
Here's the output of the command console that built that .sys file or driver:
C:\WINDDK\3790~1.183>cd C:\WINDDK\3790.1830\src\myDrvs\supportElevation(TM)
C:\WINDDK\3790.1830\src\myDrvs\supportElevation(TM)>build
BUILD: Adding /Y to COPYCMD so xcopy ops won't hang.
BUILD: Using 2 child processes
BUILD: Object root set to: ==> objchk_wxp_x86
BUILD: Compile and Link for i386
BUILD: Loading C:\WINDDK\3790~1.183\build.dat...
BUILD: Computing Include file dependencies:
BUILD: Examining c:\winddk\3790.1830\src\mydrvs\supportelevation(tm) directory f
or files to compile.
c:\winddk\3790.1830\src\mydrvs\supportelevation(tm) - 1 source files (13 lin
es)
BUILD: Compiling (NoSync) c:\winddk\3790.1830\src\mydrvs\supportelevation(tm) di
rectory
1>Compiling - driver.c for i386
BUILD: Compiling c:\winddk\3790.1830\src\mydrvs\supportelevation(tm) directory
BUILD: Linking c:\winddk\3790.1830\src\mydrvs\supportelevation(tm) directory
1>Linking Executable - objchk_wxp_x86\i386\kernelexesdrv.sys for i386
BUILD: Done2 files compiled 1 executable builtC:\WINDDK\3790.1830\src\myDrvs\supportElevation(TM)>
When I used Osr loader version 3.0, explicitly made for Windows Xp, on a virtual Windows Xp machine, I browsed for the driver (it was in a folder on the desktop of the windows xp ma
Does your driver met the Driver Signing Requirements[^] introduced with Vista?
-
Does your driver met the Driver Signing Requirements[^] introduced with Vista?
Probably not, what is it? could you tell me how to do it, please.
Simple Thanks and Regards, Brandon T. H. Programming in C and C++ now, now developing applications, services and drivers (and maybe some kernel modules...psst kernel-mode drivers...psst). Many of life's failures are people who did not realize how close they were to success when they gave up. - Thomas Edison
-
Probably not, what is it? could you tell me how to do it, please.
Simple Thanks and Regards, Brandon T. H. Programming in C and C++ now, now developing applications, services and drivers (and maybe some kernel modules...psst kernel-mode drivers...psst). Many of life's failures are people who did not realize how close they were to success when they gave up. - Thomas Edison
Starting with Vista, drivers must be signed. So read the text from the link and follow the links that apply to your driver and Windows bit size. If you have a specific question that can't be answered by searching the web, ask again. I have not much experience with driver signing. But others here may help you.
-
Starting with Vista, drivers must be signed. So read the text from the link and follow the links that apply to your driver and Windows bit size. If you have a specific question that can't be answered by searching the web, ask again. I have not much experience with driver signing. But others here may help you.
Thanks :thumbsup:
Simple Thanks and Regards, Brandon T. H. Programming in C and C++ now, now developing applications, services and drivers (and maybe some kernel modules...psst kernel-mode drivers...psst). Many of life's failures are people who did not realize how close they were to success when they gave up. - Thomas Edison
-
Thanks :thumbsup:
Simple Thanks and Regards, Brandon T. H. Programming in C and C++ now, now developing applications, services and drivers (and maybe some kernel modules...psst kernel-mode drivers...psst). Many of life's failures are people who did not realize how close they were to success when they gave up. - Thomas Edison
-
You can turn off driver signing checking, or if you are in debug mode on the target it is disabled anyway. Have a google for how to do this.
Thanks, I'll give it a try.
Simple Thanks and Regards, Brandon T. H. Programming in C and C++ now, now developing applications, services and drivers (and maybe some kernel modules...psst kernel-mode drivers...psst). Many of life's failures are people who did not realize how close they were to success when they gave up. - Thomas Edison
-
You can turn off driver signing checking, or if you are in debug mode on the target it is disabled anyway. Have a google for how to do this.
Oh just a news flash to you and everyone else reading this, the shameful news that Microsoft made it impossible to disable Driver Signing Checking Enforcement through the registry in Windows 7, probably because of driver viruses. Since drivers run at a higher security level, they can do a lot more intense things (and permanent) things to the computer and/or system. Just throwing out a guess here. The only ways to disable Driver Signing Checking Enforcement in Windows 7 is by doing this: 1. Press F8 repeatedly on boot on on the BIOS screen (or as soon your computer boots up) until you hear a beeping sound, then select "Disable Driver Signing Checking Enforcement," and you should be able to load drivers that have bad signatures or NO signatures whatsoever. Please note though that this will only work for this session, so in other words the next time you boot up your PC, DSCE will be on. Quite a pain you have to do this every time by hand. 2. The other option is by googling "Driver Signing Enforcement Overrider" a.k.a. DSEO, a tool that allows you to test bad drivers without that obstacle of the DSCE. (here I've done it for you'll non-googlers out there, just click the link how easy is that :) , now don't complain about the searching part)
Simple Thanks and Regards, Brandon T. H. Programming in C and C++ now, now developing applications, services and drivers (and maybe some kernel modules...psst kernel-mode drivers...psst). Many of life's failures are people who did not realize how close they were to success when they gave up. - Thomas Edison