A forum for reverse engineering, OS internals and malware analysis 

Search found 12 matches

 Go to advanced search

Re: ddkwizard + others, building drivers visual studio..

 by gglittle ¦  Tue Dec 07, 2010 6:35 pm ¦  Forum: Kernel-Mode Development ¦  Topic: ddkwizard + others, building drivers visual studio.. ¦  Replies: 7 ¦  Views: 10203

Could someone explain to me why the structures like IRP and DRIVER_OBJECT are not defined anywhere though, because that is what I'm looking for. Both structures are defined in ntddk.h/wdm.h Yea, i just looked that up myself and i edited my post, sorry. What I mean to say was that intellisence is no...

Re: 64bit Driver Test in 32Bit Environment

 by gglittle ¦  Thu Nov 25, 2010 5:29 am ¦  Forum: Kernel-Mode Development ¦  Topic: 64bit Driver Test in 32Bit Environment ¦  Replies: 11 ¦  Views: 14905

You may also use my patch, it will disable PatchGuard and driver signing for Windows 7 X64 RTM. SP1 is not supported, yet. -Fyyre Do the development in 32 with a final test and install in 64 bit. Properly written, the driver will not care whether it was built for 32 or 64 bit. Remember, however, th...

Re: NT Insider journal, Jul / August 2010 . Volume 17 - Issu

 by gglittle ¦  Thu Nov 25, 2010 5:18 am ¦  Forum: General Discussion ¦  Topic: NT Insider journal, Jul / August 2010 . Volume 17 - Issue 2 ¦  Replies: 5 ¦  Views: 5566

t4L wrote:Yeah, I used to get my NT Inisder the last time I got it was forever :(
You do realize that all you need to do is go to OsrOnline.com, register, and signup for a subscription?

Re: 64bit Driver Test in 32Bit Environment

 by gglittle ¦  Wed Nov 24, 2010 3:00 pm ¦  Forum: Kernel-Mode Development ¦  Topic: 64bit Driver Test in 32Bit Environment ¦  Replies: 11 ¦  Views: 14905

Hi I have latest WDK and I have VmWare 7 Workstation. I'm running XP SP3 32 bit. With these features, could I somehow manage to test and run my 64bit driver for example in Win7 or even XP 64 bit ? Thanks Do the development in 32 with a final test and install in 64 bit. Properly written, the driver ...

Re: Difference between an IOCTL and an IRP

 by gglittle ¦  Wed Nov 24, 2010 2:52 pm ¦  Forum: Newbie Questions ¦  Topic: Difference between an IOCTL and an IRP ¦  Replies: 6 ¦  Views: 8381

Don't look at it as two mechanisms. It's really only one. If your driver registers READ/WRITE functions then you can use ReadFile/WriteFile, but if those functions are not registered, then you use DeviceIoControl and you will have to define the IOCTLs you need for data transfer. In nearly ALL cases ...

Re: Difference between an IOCTL and an IRP

 by gglittle ¦  Wed Nov 24, 2010 3:47 am ¦  Forum: Newbie Questions ¦  Topic: Difference between an IOCTL and an IRP ¦  Replies: 6 ¦  Views: 8381

So how do you differentiate between the two? Is it used as a way to easily send an arbitrary number of commands to a driver, instead of creating your own messaging mechanism that would use IRP_MJ_READ and WRITE? What is the difference in sending an IRP_MJ_WRITE and an IOCTL that would to the write ...

Re: BSOD with ExFreePoolWithTag

 by gglittle ¦  Tue Nov 23, 2010 11:13 pm ¦  Forum: Newbie Questions ¦  Topic: BSOD with ExFreePoolWithTag ¦  Replies: 5 ¦  Views: 8420

Just a suggestion, but consider initializing a pointer to NULL when you define it. Thus if you had code that some how in the logic failed to execute the ExAllocateXxxx, your logic to free the code will always encounter either a NULL or a valid pointer. Uninitialized, dataToSend could be garbage and ...

Re: Compilation nightmare accessing kernel objects

 by gglittle ¦  Tue Nov 23, 2010 10:59 pm ¦  Forum: Newbie Questions ¦  Topic: Compilation nightmare accessing kernel objects ¦  Replies: 4 ¦  Views: 5979

You can however use C++ as a superset for compiling C code. By doing so you get stronger type checking as well the ability to define variables other than at the beginning of a scope. You can compile with C++ by either defining the source file with CPP or setting /TP in the C_FLAGS. You will also hav...

Re: Difference between an IOCTL and an IRP

 by gglittle ¦  Tue Nov 23, 2010 10:44 pm ¦  Forum: Newbie Questions ¦  Topic: Difference between an IOCTL and an IRP ¦  Replies: 6 ¦  Views: 8381

IOCTL is mnemonic for IO control code, or a 32 bit value with bit fields defined within it that provides the IO manager with buffering, and other information. An IRP, or IO request packet is a structure or defined chunk of memory created by the IO manager that has all the information that the driver...

Re: IntelliSense and WDK

 by gglittle ¦  Tue Nov 23, 2010 10:19 pm ¦  Forum: Newbie Questions ¦  Topic: IntelliSense and WDK ¦  Replies: 6 ¦  Views: 8277

for other who eager to do it manually: ... This is all well and good, but the recommended way of building a kernel mode driver is to use BUILD.EXE from the latest released WDK and the proper build environment for your targeted OS. I haven't used it, but from what I have read DDKWIZARD, as recommend...