Windows kernel learning 1

I have been studying the Windows Kernel for a few months. I have bought a book and can watch it at will, as well as videos. There are no regulations. So I decided to publish the course of study and appreciate it myself.

At the beginning, of course it was helloworld. The first time I wrote helloworld and used C, something went wrong, which made me not quite clear, but I felt like it was not close to the kernel, it's a feature of C.

In this section, the registered uninstall callback function is written after the DriverEntry function, and vs2010 cannot be compiled successfully... Maybe I have no experience, so I will always use eclipse. The bottom of the slot. Copied and compiled successfully. Oh, why do I use C?ProgramTo register a function name at the beginning, it may be unrelated!

# Include <ntddk. h>

Void wori (
Pdriver_object driver
)
{
Kdprint ("ooooooooooooooooooover! "));

}

Ntstatus DriverEntry (
Pdriver_object driver,
Punicode_string reg_path
)
{
Kdprint ("bbbbbbbbbbbbbbbbbbbbbbegin! "));
Driver-> driverunload = wori;
Return STATUS_SUCCESS;
}

Compiled successfully. By the way, I started to set vs2010 so that he could compile the kernel and generate a. SYS file. It took a lot of effort and I checked a bunch of materials. By the way, this editor does not allow you to use tab indentation for blog writing !!

Remove it from the virtual machine, load it with monitor, open debugview, and filter the display tool of kernel information (the name is not very accurate, but I know what functions he has on the name ), when the service is started or stopped, the printed debugging information is displayed in the window.

Although it looks like a troublesome version of helloworld, I am very excited. Haha!

On me, I wrote

Int A = 5;

Then print "A". Does the kernel know the int type?

Try writing an assembly.