WIN10 is on-line, followed by VS2015; Microsoft no longer provides a standalone kernel-driven development package after "WDK7600", but must first install Microsoft integrated development environment VS and then download the integrated WDK Driver development package from Microsoft website, or the development package installed offline
Address:
Https://msdn.microsoft.com/zh-cn/windows/hardware/hh852365.aspx
Offline: Baidu Cloud Link: Http://pan.baidu.com/s/1i3KdUSH Password: vp41
After installing the WDK, I use VS2013 +wdk8.1, no brain next installation is completed, the establishment of a new project, you can see the new drive project.
which provides a lot of templates, (WDM WDF,KWDM, etc.), you may feel that these framework forms are very complex, in fact, the difference between these frameworks, mainly in device-driven development, such as WDM relative NT increased Plug and Play power management, WDF encapsulated WDM interface into a class form, Hiding objects such as drive devices, other similar application-layer-driven frameworks (in fact, DLLs).
Because the new framework of the package hides the underlying object information, and sometimes not enough freedom, let us implement some features of the time is not very convenient, so we still mainly use NT-type driver.
Writing drivers:
The first question is, how do we create NT drivers in the templates provided by WDK8.1 that do not provide NT driver templates at all?
Solution: In fact, although the NT template is not provided, but we can build WDM empty template project, and then add the files themselves, compiled, get the NT driver.
After the establishment of the project, first there will be two projects, one is the drive engineering, the other is the package project (this is a test-driven installation of a project, for us is actually no use, anyway, I was not used, can be directly deleted).
Drive Engineering will help you to build an INF file, NT is not used, of course, the next generation of filter drivers, such as minifilter is used, VS2013 support directly create Minifilter project, so as you built is NT driver, this can be directly deleted, such as do not want to delete, You need to fill in the INF file with some information to avoid the generation of the program times error, you can fill in the following template:
<strong><span style="font-size:18px;">; This DDK document is an excellent INF reference; ; Mywdmdrivera.inf; ;-----------------------Version Section------------------------------------[Version] Signature="$YHMADE $"; signature Provider=Yanhui, supplier, optional fill DriverVer= One/ -/ -,20.46.24.01; driver version, format customization, optional fill catalogfile=Mywdmdrivera.cat; Here's the point. The generated INF is not filled in and you need to add it yourself: Name. cat; If the device conforms to one of the standard classes, fill in the name and GUID used, or create your own device class and GUID. As shown in this example. Class=YH: Just change it, Classguid.={ef2934d45-1dd8-f672-5656-h7g1ee8a35ff}; Just change it, do not have a correspondence with the existing conflict class and calssguid. Online can be checked;---------the source name and the source Disk file Section-----------------------This section determines which source disks and files are installed, and they are shown here as an example, but can be commented out. [SourceDisksNames]1=%diskname%,,,""[SourceDisksFiles] Mywdmdrivera.sys=1,, ;---------class Installation/32-bit class Section-------------------------------; If you use a standard class, do not; 9X style [Classinstall] Addreg=Class_addreg; NT style [ClassInstall32] Addreg=Class_addreg [Class_addreg] HKR,,,,%deviceclassname%Hkr,,icon,,"-5" ;---------End-of-program record-------------------------------------------[DestinationDirs] Default_files_driver= A, System32\Drivers;---------Manufacturer and Model section----------------------------------[Manufacturer]%manufacturername%=standard,nt$arch$ [standard.nt$arch$]; PCI hardware ID using Forms; PCI\VEN_AAAA; DEV_BBBB; SUBSYS_CCCCCCCC; REV_DD; Change to your own ID.%devicedesc%=Default_ddi, Pci\ven_2df4%devicedesc%=Default_ddi, pci\dev_6677%devicedesc%=Default_ddi, pci\subsys_7d9f873k%devicedesc%=Default_ddi, PCI\REV_HK;----------the Windows 9X DD installation Section-----------------------------------------------The experiment shows that the root of DD installation is a name greater than 19 characters, causing problems in Windows 98 [Default_ddi] CopyFiles=Default_files_driver AddReg=Default_9x_addreg [Default_9x_addreg] Hkr,,devloader,,*ntkern Hkr,,ntmpdriver,,mywdmdrivera.sys HKR,"Parameters","Breakonentry",0x00010001,0 ; ---------Windows NT-----------------[Default_ddi. NT] CopyFiles=Default_files_driver AddReg=Default_nt_addreg [Default_ddi. Nt. Services] Addservice= Mywdmdrivera,0x00000003, Default_addservice [Default_addservice] DisplayName=%svcdesc%servicetype=1 ; Service_kernel_driver StartType=3 ; Service_demand_start ErrorControl=1 ; Service_error_normal servicebinary= %Ten%\system32\drivers\mywdmdrivera.sys [Default_nt_addreg] HKLM,"system\currentcontrolset\services\mywdmdrivera\parameters", "Breakonentry",0x00010001,0 ; ---------files (Common)-------------[Default_files_driver] Mywdmdrivera.sys;---------section string---------------------------------------------------[Strings] ProviderName="Yanhui"Manufacturername="Yanhuidriver"DeviceDesc="QQ14526854"The name of the instance displayed in Device Manager. Display Deviceclassname below the class="QT35623608"This is the name of the class that is displayed in Device Manager, and once the name of the class is modified, you need to change the value of the Classguid one time. Svcdesc="Yanhui"The inf end. INF does not have a section that can be added by referencing my inf myself.</span></strong>
We directly add a myWDMDriverA.cpp (I use C + + development driver, but I still recommend that you use C development is more appropriate, because the Microsoft kernel is also C, and C is able to directly manipulate memory, assembly on the personal feel the best language)
Before compiling the driver, here is a brief description of the Windows driver:
There are two types of 1.Windows drivers, NT-type drivers that do not support plug-and-play functions, and WDM drivers that support plug-and-play functionality.
2.NT driver to import header file when Ntddk.h, while WDM-type driver to import header file is wdm.h
3.DriverEntry needs to be placed in memory of the INIT flag. The INIT flag indicates that the function only needs to load memory when it is loaded, and when the driver is loaded successfully, the function can be unloaded from memory.
4.c++ writing the driver requires attention to the following writing format:
#ifdef _cplusplusextern "C" {#endif #include<ntddk.h>#ifdef _cplusplus}#endif #definePagedcode code_seg ("page")#pragmaPagedcodeVOID Unload (in Pdriver_object pdriverobject); extern "C"NTSTATUS driverentry (in Pdriver_object pdriverobject, in punicode_string pregistrypath) {kdprint ("......")); return "......." ; }
If you write a driver entry in C + + and do not write in this format, a blue screen will appear when the driver is loaded or unloaded
And in compiling the code is to pay special attention to the case of letters, C and C + + is particularly sensitive to uppercase and lowercase letters!!
Add some simple code.
Below, compile, error ..... No relationship, see the cause of the error, there are some warnings are treated as errors, or some function parameters are not used, resulting in compilation However, these are because the security warning level is too high, we can
In fact, the previous old version, before writing the driver needs to configure the properties of the project in order to correctly generate.
But Microsoft has made a great improvement in the VS2013, let us almost without rewriting the properties can be successfully generated, the previous Yi in the case of a compilation error, you can modify two places to solve:
(a) All the warnings and security measures, such as the use of macro unreferenced_parameter parameters, and so on, of course, there is no way to write the program.
(b) Reduction of warning levels Oh,
If you are not sure, I can modify the project properties to achieve the driver-driven build problem that is affected by the program configuration problem by referring to the following instructions: only some configuration and operation steps are recorded here!
1. Set VC + + path
< I installed the WDK under the E-drive >
(1). Configuration executable directory: E:\WinDDK\7600.16385.1\bin\x86;
(2). To configure the Include directory:
E:\WinDDK\7600.16385.1\inc\ddk
E:\WinDDK\7600.16385.1\inc\crt
E:\WinDDK\7600.16385.1\inc\api
(3). To configure the Library directory:
E:\WinDDK\7600.16385.1\lib\win7\i386
Create a new/C + + file without the C + + settings option < At first we created an empty project so there is no C + + file in the project, so now is the empty project-source file-Add a new item C + + File >
Conventional
Target file extension:. SYS//Required
2 Setting up C + + options
General tab
(1) Debug Information Format (C7 compatible (/z7)//optional
(2) Warning level (Level 2 (/W2)//optional
(3) Treat the warning as an error (Yes (/WX)//optional
Optimization tab
Optimization (disable/od)//optional
Preprocessor
Preprocessor definition: win32=100;_x86_=1; Winver=0x501;dbg=1//Required
Code generation
(1) Enable Minimal rebuild: no//optional
(2) Basic runtime check: Default value//optional
(3) Runtime Library: Multithreaded Debugging (/MTD) or multithreaded (/MT)//Recommended
(4) Buffer security check: no//optional (Avoid Link:error LNK2001: Unable to resolve external symbol __security_cookie)
Senior
calling convention: __stdcall (/GZ)//Required
3. Linker settings
Conventional:
Enable incremental linking: No (/INCREMENTAL:NO)//Recommended selection
Ignore import library: Yes//optional (when set to this value, you must add: E:\WinDDK\7600.16385.1\lib\win7\i3865 in the additional library directory so that the project does not depend on the settings of the IDE environment)
Input:
Additional dependencies: ntoskrnl.lib; Hal.lib;wdm.lib;wdmsec.lib;wmilib.lib;ndis.lib; MSVCRT. LIB; LIBCMT. LIB//Required//nt type drive ntoskrnl.lib; WDM-driven Wdm.lib (halxxx function in Hal.lib, wmixxx function in wmilib.lib,ndisxxx function in Ndis.lib) (need to add Microsoft's standard library MSVCRT.LIB MSVCRTD if necessary.) LIB (Debug library) LIBCMT. Libibcmtd. LIB (Debug Library)) (if there is a source file in the source code, the Targetlibs field of the file will list the required libraries for that project)
Ignore all default libraries: Yes (/NODEFAULTLIB)//Required
Manifest file: Enable user Account Control (UAC) no//Required otherwise >link:fatal error LNK1295: "/manifestuac" is incompatible with "/driver" specification; "/manifestuac" is not used when linking
Debugging:
Generate Debug Information: Yes (/debug)//optional
Build image file: Yes (/MAP)//optional
Image file Name: $ (TargetDir) $ (TargetName). Map//optional
Systems (System):
SUBSYSTEM: Console (/subsystem:console//Required
Stack Reserve Size: 4194304//optional
Stack commit size: 4096//optional
Drivers: Drivers (/driver)//Required
Senior:
Entry point: driverentry//Required
Random Base: Empty//Delete the data in the box. (Yes is not either no or a clean text box)//Must be selected otherwise e:\xxx.sys:fatal error LNK1295: "/dynamicbase" and "/driver" specification is not compatible; link does not use "/ Dynamicbase "
Data Execution Prevention (DEP): empty//Delete the data in the box. (Yes is not either no or a clean text box)//Must be selected otherwise e:\xxx.sys:fatal error LNK1295: "/nxcompat:no" and "/driver" specification is incompatible; link is not used "/nxcompat : NO "
Set effect and: Yes (/release)//optional
Base Address: 0x10000//Recommended option
Command line:/section:init,d/ignore:4078 (recommended not to write in, will error!) )
OK, let's try compiling the build again, and we've built it.
Now set the port for the virtual machine: As for the virtual machine system installation I will not explain, a search on the Internet a lot!
According to the online explanation, the virtual machine is added a virtual serial port (\\.\pipe\com_1), because the virtual machine in the virtual printer, occupy the virtual serial port one.
So, you have two options, one to delete the virtual printer, one to add another virtual serial port (for example: \\.\pipe\com_2), here, I chose to delete the virtual printer.
OK, the virtual machine has opened the serial monitor.
Debug Driver:
VS2013 provides integrated IDE debug driver, the network has a lot of configuration debugging environment post, here I first long-winded explanation two sentences:
(a) VS2013 commissioning, the first need to establish a debugging machine engineering
(b) Choose to add a target computer (add New computer), where the target computer is the installation of Windbg VS2013 and other debugging software host, we basically use this machine as the target machine, click Next, you can select a variety of target computer types.
For example:
The first prevision computer and automatically Configura debuggers: Select a remote real machine, vs will install the Debug tool on the remote computer, set the debugging environment, will restart several times.
The second provision computer and choose debugger Setting and the third item: You can choose your own debug mode (network, serial, 1394,USB). Even if you are not using a network for debugging, use a network cable to connect the debugger to the debug machine, as vs will need to configure and transfer files using the Web when configuring the environment.
Here I choose to use the third item, and configure the serial port debugging, because, before we use the WinDbg is also configured serial debugging.
By configuration, you can:
Connection type selected as serial (serial port)
(baud rate) Baud Rate 115200
Pipeline Pipe tick
(Re-connect) Reconnect tick
(Pipe name) Pipe name \\.\pipe\com_1
These options are set according to your virtual machine settings, and the last click is done.
OK, here, to summarize, we are able to compile the driver, and then until the debug drive needs to create a target computer, the target computer can be either a real machine or a virtual machine, which of course cannot be proved. Because Microsoft told us that, after VS2012, the XP platform driver compilation is not supported, we also see when we choose to drive the build environment. There's no XP at all,
It doesn't matter, let's start with the Win7 32来 debug experiment.
After opening the virtual machine into the system, set the system startup entry to: (debug mode), after Setup, restart the virtual machine.
I can also directly in the system boot time Press F8 key to enter the boot Mode selection interface, check "debug mode" Enter:
After choosing, the system of the virtual machine enters normally, the speed will be a bit slow, need to wait patiently.
Then we select the configuration computer for the COM1 port to be set above VS2013 project:
Select Debug on the menu to select the Attach to process option:
Transfer: Windows Kernel Mode Debugger
Qualifier: The computer name that we added
Click Attach VS2013 will automatically enter the debug state, if no we click on the "Debuging Tools for Windows" option:
This will bring up the confirmation screen:
Select: "I Know", then the VS2013 comes with the Windbg software will start, into the status of waiting for the connection:
At this time to detect the virtual machine system, to see if the normal access to the desktop, (here the speed is a bit slow, need a little wait).
There is a reaction, indicating that the system is landing ..... Wait a moment, then this view, if entered the system, we click the VS2013 compiler pause button, interrupt the connection to the virtual machine:
After the click here may be a bit of card, speed a little slow, wait a moment just fine. If it's really stuck, we'll use the Task Manager to end the VS2013 compiler, reopen it, open the drive project, and put a good breakpoint on its own.
Then re-select Debug, attach to process on the menu to turn on drive debugging as of the last setting. Note that the virtual machine turned on cannot be turned off!
When you reconnect to the virtual machine and run to: int 3 here:
OK, all ready, now we enter "G" in the Command box press ENTER, let the virtual machine is not controlled, accept the sovereignty, automatically run up ...
Before this, remember that we have broken down in the code, or after loading the driver, the debugger cannot intercept ....
It is now possible to drivername.sys the generated driver file to the desktop of the virtual system, where my driver file is Mywdmdrivera.sys.
Then we use the Driver Loader tool Drivermonitor open to load the driver file and then click Go to continue loading:
See it! When the driver is loaded into the system, the VS 2013 compiler and the WinDbg debugger react immediately and the drive Debugs intercept the breakpoint!
At this point the VS2013 may pop up "the frame is not in the module's warning interface (it is personal), and only one of my two computers appears this situation:
The reason is that we didn't set the source file and the symbol path to WinDbg.
Online said: This error is likely to be one of the following, the reader can try each:
1. The above error occurs when another project is referenced in the project, and the referenced DLL is not updated after the code of the referenced project has been modified.
2. Attempted to debug a dump file for managed code. Visual Studio only supports the use of the SOS tool to debug a managed minidump in the Immediate window.
3. In the Solution Properties page, you can change the directory where the debugger looks for source files and tell the debugger to ignore the selected source files. Check the Solution Property Pages dialog Box-> Common Properties-> Debug Source Files-> "Do not look for these source files" to see if the source files you want to debug are not in the list, and if so, please delete them after determining.
4. Show disassembly when the source code is disabled in Tools-> Options-> Debugging.
5. Because the code's upper and lower file limits the loading of the source codes to be debugged (especially if the error occurs when debugging JavaScript code).
6. The source file you want to debug is in a well-encapsulated DLL file, so pressing F11 is not going to go in.
7. If you have a backup file, try your backup file.
8. Rewrite the source code you want to debug. (This is certainly not recommended, but this is the last way to do it.) )
We can try to set the 3rd, 4 point of the source file, Windbg the path of the symbol we click the "Options" dialog box:
We select the two options in the symbol file, "Debug", to automatically download the required symbols on the Microsoft server.
We then choose the directory of cache symbols, such as you have to download the installation of Windbg Symbols symbol file, you can directly specify to the installation directory here, if not installed, casually assigned to an empty folder, click OK, Windbg will continue to run, download symbols on the server, and automatically select the debug mode and enter.
Let's pull up the VS201 register and we can see the driver dynamic pointer address:
If the source address is correct, we can see the pointer pointing and running the jump step in the Disassembly Debug window!
To this, it shows VS2013 deployment +VM double-Machine Debug Test success!
Talk more nonsense here!!
The symbol file for the drive project in 2013 is not specifically specified, and the compiler will automatically find the symbol file on the Microsoft server just ticked and download it to the specified location.
But I also want to know another method is to load or download the symbol file in the form of a command.
If you do not have a separate installation symbol file in your system, enter the command in the Debugger Immediate Windows window:
. Sympath Srv*c:\symbols*http://msdl.microsoft.com/download/symbols
The path between *c:\symbols* is the path to the symbol file you want to save, and if you have already downloaded and installed the symbol file separately, you can specify it with the following form of command:
. sympath D:\Symbols Return to display:
We'll just. Reaload again (reload symbol file)
Haha, the input command here and smart tips Oh!
Part of the symbol file is not found also belongs to the normal situation, the specified directory does not have these drivers symbol file! Can be assigned to the official website to download symbol files
. Sympath Srv*c:\myserversymbols*[url=http://msdl.microsoft.com/download/symbols]http://msdl.microsoft.com/download/symbols
VS 2013 Driver Development +VM dual-machine commissioning (pro-Test + detailed)