Windows 7 Driver Development

This article is a summary of the development-driven Win7 (+vs2010+wdk7.1.0)(winddk\7600.16385.1).

First, System Tools

1,Win7 (amd64 bit ) system

Note: After the system is installed, the administrator runs the cmd command, viewing bcdedit/set testsigning true,bcdedit/debug on wait for the command to run successfully. If the failure, please set the bcdedit Command folder boot corresponding disk (General C Drive) to the active state, if it still fails, please repair Boot(where the system boot file is located), or reload the system under the C Drive.

2, VS2010

3, WDK7.1.0(winddk\7600.16385.1)

Address: https://msdn.microsoft.com/en-us/windows/hardware/hh852365 This address also connects Windbg Debugging Tools and windows Symbols can be downloaded and ready for subsequent commissioning.

4,WinDbg

Address:http://www.microsoft.com/whdc/devtools/debugging/default.mspx

Symbols:

Address:https://msdn.microsoft.com/en-us/windows/hardware/gg463028.aspx

Note: TheSymbol file is downloaded from the Microsoft website http://msdl.microsoft.com/download/symbols , this URL is not available IE Open directly, Windbg->file->symbol File Path input in the interface Srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols; and select Reload , WINDBG will automatically download for you, the key is to check Reload .

5,instdrv software (for installation, start, stop, uninstall Drive)

Note:srvinstw.exe can also install and unload the sys file, but you need to execute the net start under the cmd Command Window the driver name,net stop driver name to start, stop the service.

6.64signer-v1.2(Win7 private test digital signature software)

7,DbgWiew.exe (view the output information of the kernel module)

Address: https://technet.microsoft.com/en-us/sysinternals/bb896647.aspx

8, Virtual machine (WMware10.0 for dual-machine commissioning)

Address:http://www.microsoft.com/zh-CN/download/confirmation.aspx?id=8002

9. Other software: Virtual optical drive DAEMON tools Lite,easybcd ( system boot file Repair Tool ), Partitionmanager( set the C Drive as the active partition), etc.

Second, configure the VS2010 Development Environment

1. Create a new empty project under VS visualc++

Add the Driver class, delete the header file , and modify the Driver.cpp file to driver.c file with the following contents:

#include "Ntddk.h"

provide a Unload function just to

VOID DriverUnload1 (pdriver_object driver)

{

but actually we do nothing, just print a word :

Dbgprint ("Mydriver:our driver is unloading... \ r \ n ");

}

NTSTATUS

DriverEntry (Pdriver_object driverobject,punicode_string Registrypath)

{

Dbgprint ("Mydriver:hello, My salary!");

Driverobject->driverunload = DriverUnload1;

return status_unsuccessful;

}

Note: After you add a class, the C + + items are displayed in the properties for configuration properties.

2. Click The Next button in the solution configuration in VS (that is , the drop- down box button at Debug), click Configuration Manager, click on the activity scheme configuration, click New, enter DriverDebug64, default NULL, solution platform: Select X64.

The effect after completion

3. Click the Other window ---- properties Manager in VS View

4. Right-click the DriverDebug64 in the property manager , Select Properties, and make the necessary settings in the popup form.

(The settings here are mandatory, and perhaps additional settings for more complex driver development)

Note:WDK7.1.0 is installed by default under the C:\WinDDK\7600.16385.1 folder

1) General

Target file extension:. sys

2) VC + + directory

Executable directory (compiler Path): C:\WinDDK\7600.16385.1\bin\amd64

Note:Xp system is as follows:

----------C:\WINDDK\7600.16385.1\BIN\X86\AMD64

----------C:\WinDDK\7600.16385.1\bin\x86

Include directory:C:\WinDDK\7600.16385.1\inc\api

C:\WinDDK\7600.16385.1\inc\crt

C:\WinDDK\7600.16385.1\inc\ddk

Library Catalog:C:\WinDDK\7600.16385.1\lib\win7\amd64

3) C + +

Preprocessor- a preprocessor definition :

_amd64_=1,amd64=1,std_call=1,win32=100,_win32_winnt=0x0501,winver=0x0501,_debug =1

High -level calling convention:__stdcall (/gz)

4) connector

Additional dependencies, input:ntoskrnl.lib; Hal.lib;wdm.lib;wdmsec.lib;wmilib.lib;ndis.lib; MSVCRT. LIB; LIBCMT. lib;% ( Additionaldependencies)

Input , Ignore All connection libraries: Yes (/nodefaultlib)

User Account Control (UAC) enabled by manifest file: No (/manifestuac:no)

Subsystem: Control console (/subsystem:console)

System -led drivers: Drivers (/driver)

System - stack reserve size:4194304(modifiable)

Stack commit size:4096 (modifiable)

Advanced , entry point:driverentry

High -level base:0x10000

Note: Refer to the C:\WinDDK\7600.16385.1 folder ia64,X86 and other paths, can be configured to modify the ia64 , and a system of four.

5.If the compilation is passed, the configuration is successful and the files such as . SYS are produced.

Third, commissioning

Configuring the Debug Machine

1. Set the Win7 to a debug state

1) Open cmd Command Window as Administrator:Win + R open Run input box, enter cmd,or mouse click System Start icon, enter in the input box cmd, Right-click on the search above to display the cmd.exe, run as administrator.

2) in turn, enter:

bcdedit/?

Bcdedit/enum OSLoader

bcdedit/copy {current}/d "Windows 7 copy"

Bcdedit/debug on

Bcdedit/bootdebug on

Bcdedit/dbgsettings

Bcdedit/timeout 7

2. Set the Win7 to Beta

Run cmd command as Administrator,Bcdedit/set testsigning True

3. Digital signature of test certificate

Run 64Signer v1.2.exeas Administrator, click Browse to locate the dual . sys file and click Sign.

4. View Kernel output information

To run Dbgview.exeas an administrator, click the Capture menu and tick the captrue kernel item.

5, configuration WinDbg

1) Set the system character descriptor path:windbg->file->symbol File path interface input

Srv*c:\windows\symbols*http://msdl.microsoft.com/download/symbols; and select

Reload,WinDbg will automatically download character tabulation, the key is to tick Reload.

2) Set the character (Symbol) path corresponding to the . SYS that you generated:

E:\Project\TestDriver\TestDriver\x64\DriverDebug64

3) Set the original code path of the . SYS generated by itself:E:\Project\TestDriver\TestDriver

Note: The default pathfor the . sys file that you generated:E:\Project\TestDriver\x64\DriverDebug64

6. Install the . sys file

Run InstDrv.exeas Administrator, select the . sys file to install, start, and so on

Note: Please do not test the kernel with breakpoints in the local host, otherwise the card machine, can not do anything, you should use two-machine debugging (that is, the new virtual machine, the local machine and the virtual machine through the pipeline communication).

Configuring virtual Machines

1. Install the virtual machine

Note: The motherboard is not enabled by default virtualization technology, the general method is to boot or restart the press F12 key to enter the BIOS menu , will be virtualized ( Virtualization ...

2. Configuring virtual Machines

1) Start -->wmware work stations--> Double-click a virtual machine under My Computer (Windows 7 x64) - edit Virtual machine settings - Remove Printer - Add a channeling port

2) Select the channeling port that you just added, and in the dialog box on the right, set the following:

Tick Connect at startup

Choose to use Named pipes (N)

The next two drop-down boxes are selected: The end is the server, the other end is the application

3) I perform and do not perform this step to be able to debug successfully. This step is a redundant compensation, and if you fail to perform this step, copy the host directory C:\WINDOWS\Symbols to the same location as the virtual machine. and compile the generated character file (E:\Project\TestDriver\TestDriver\x64\DriverDebug64

directory) into the C:\WINDOWS\Symbols directory of the virtual machine . It mainly matches the characters ' consistency on the main and passenger plane.

3. Double-machine Commissioning

Break statement when adding debugging to source code

#if DBG

__debugbreak (); position

#endif

Regenerate sys file, re-perform the steps above, Then open the windbg Software, install .sys file and open, Actions such as closing, uninstalling, and so on. After turning on the break point, you can step-by-step debugging ...

Note: assembly _asm int 3 interrupts, correct on xp , Win7 error in the position . If you fail to enter a breakpoint for debugging, Verify that the sys file is successfully installed on the client (virtual Win7 System), the system character set (Symbols ), i character Symbols whether to download or set correctly, pipe port is correct, etc.

Tip: The software is not running as an administrator on the local host, or the administrator is running successfully, and the client (typically running the software as an administrator on the virtual machine)

If the Win7 + wdk8.0+windbg for driver filter development, please uninstall the WDK7, otherwise the runtime will report a lot of bizarre errors ....

Windows 7 Driver Development