A forum for reverse engineering, OS internals and malware analysis 

Ask your beginner questions here.
 #3615  by R00tKit
 Sat Nov 20, 2010 3:15 pm
hi

i write our driver code in notepad and it's very tedious :(
which tool can use to write kernel-mode code with IntelliSense and highlighting

regard
 #3619  by GamingMasteR
 Sat Nov 20, 2010 6:45 pm
Hi,

You can use Visual Studio as IDE .
Check this sample VS2008 project, open Null.vcproj in notepad and replace "C:\WINDDK" strings inside with DDK path in your box .
Attachments
(2.01 KiB) Downloaded 31 times
 #3620  by R00tKit
 Sat Nov 20, 2010 8:22 pm
hi
first very very thank for your replay

we change lib and header directory !
in this approach we use vs2010 compiler? this is not importance ?
 #3621  by GamingMasteR
 Sat Nov 20, 2010 8:42 pm
I think there will not be problems, but you can try to build some projects and see if something goes wrong .
Note that in the sample project it will compile the code as C++ not C, you can change source code ext to *.c if you want to compile it as C .
 #3626  by R00tKit
 Sun Nov 21, 2010 6:35 am
for other who eager to do it manually:

Setup Visual Studio 2008.
Setup DDK (WDK).
Add to VS paths DDK include files, libs and bins.
Create new empty "Win32 project" and add source file (i.e. HelloWorld.c).
Configure project properties (All Configurations):

1. C\C++ - General - Debug Information Format = Program Database (/Zi)
2. C\C++ - Preprocessor - Preprocessor Definitions = _X86_ [add also DBG for Debug config]
3. C\C++ - Code Generation - Enable C++ Exceptions = No
4. C\C++ - Code Generation - Basic Runtime Checks = Default
5. C\C++ - Code Generation - Buffer Security Check = No (/GS-)
6. C\C++ - Advanced - Calling Convention = __stdcall (/Gz)
7. C\C++ - Advanced - Compile As = Compile as C Code (/TC) [if you are going to use plain C]
8. Linker - General - Output File = $(OutDir)\$(ProjectName).sys
9. Linker - General - Enable Incremental Linking = Default
10. Linker - Input - Additional Dependencies = ntoskrnl.lib hal.lib $(NOINHERIT) [add needed libs here e.g. ntoskrnl.lib hal.lib]
11. Linker - Input - Ignore All Default Libraries = Yes (/NODEFAULTLIB)
12. Linker - Manifest File - Generate Manifest = No
13. Linker - System - SubSystem = Native (/SUBSYSTEM:NATIVE)
14. Linker - System - Driver = Driver (/DRIVER)
15. Linker - Advanced - Entry Point = DriverEntry
16. Linker - Advanced - Base Address = 0x10000
17. Linker - Advanced - Randomized Base Address = Disable (/DYNAMICBASE:NO)
18. Linker - Advanced - Data Execution Prevention (DEP) = Disable (/NXCOMPAT:NO)
 #3662  by gglittle
 Tue Nov 23, 2010 10:19 pm
geek1982 wrote:for other who eager to do it manually:
...
This is all well and good, but the recommended way of building a kernel mode driver is to use BUILD.EXE from the latest released WDK and the proper build environment for your targeted OS. I haven't used it, but from what I have read DDKWIZARD, as recommended by mehdi, produces a Makefile project that utilizes a batch file called DDKBUILD.bat. That BAT file sets up a command line environment properly and then calls BUILD.exe from that environment. Even with that, there are times when you simply need to know how to use a WDK build environment.

There have been reported bugs with VS projects not using DDKBUILD that were easily fixed by simply building the driver using BUILD or DDKBUILD. The point here is that the VS compiler may NOT, and most likely isn't, be the same compiler used by BUILD and contained within the WDK.

Gary