Answer the question
In order to leave comments, you need to log in
S
S
ShinShil2017-09-21 10:17:28
ShinShil, 2017-09-21 10:17:28
How to develop virtual device driver on winapi?
The task of studying drivers on Winapi, I know winapi well, I have not come across drivers:
- Develop a driver (virtual device) that monitors the launch of some process X. When this process starts, the driver
starts another process Y. As soon as process X terminates for some cause, the driver unloads process Y.
- Develop a (virtual device) driver that monitors changes in the Windows registry by a given process (or over time)
and creates a log on disk.
In what, besides a notepad, to develop a driver?
What does it mean to create a virtual device driver? It is necessary to create a virtual device and somehow load the driver onto it, or it is enough that the created driver will be loaded using the InstDrv utility (from rootkit.com)
PS. I would be grateful for any links on the topic, I have not come across drivers before, I started with the book "Rootkits: Implementation into the Windows Kernel" by G. Hoglund, J. Butler
1 answer(s)
@ShinShil
I'll start by getting to the bottom of it. Drivers do not have access to WinAPI. Everything is defined in user-level libraries. Drivers have kernel level and uses NativeAPI from ntoksrnl.exe
In Visual studio *trollface* code editor
+ Windows WDK
https://msdn.microsoft.com/en-us/library/windows/h...
This means that there will be only a driver without a device. The bottom line is that a driver is not necessarily device related. It's just code running on the 0th ring (in the kernel). You can download it as usual - through the service ( InstDrv does it all for us, and deletes it after unloading)
in the HTTP Windows driver example (yes, this protocol is implemented through the kernel).
To download, you need either a trusted digital signature, or disable verification for this signature in the system security settings.
O_O
The site has been dead since 2006 :D
Pass this on to the dyno-producers of the problem))
Well, it doesn’t fit that the university asks to write rootkits for Windows, for the life of me)
S
SolidMinus, 2017-09-22 @ShinShil
Winapi driver study task, I know winapi well
I'll start by getting to the bottom of it. Drivers do not have access to WinAPI. Everything is defined in user-level libraries. Drivers have kernel level and uses NativeAPI from ntoksrnl.exe
In Visual studio *trollface* code editor
+ Windows WDK
https://msdn.microsoft.com/en-us/library/windows/h...
This means that there will be only a driver without a device. The bottom line is that a driver is not necessarily device related. It's just code running on the 0th ring (in the kernel). You can download it as usual - through the service ( InstDrv does it all for us, and deletes it after unloading)
in the HTTP Windows driver example (yes, this protocol is implemented through the kernel).
To download, you need either a trusted digital signature, or disable verification for this signature in the system security settings.
O_O
The site has been dead since 2006 :D
Pass this on to the dyno-producers of the problem))
Well, it doesn’t fit that the university asks to write rootkits for Windows, for the life of me)
Similar questions
N
A
A
T
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question