A forum for reverse engineering, OS internals and malware analysis 

Ask your beginner questions here.
 #31984  by WhoPMi
 Tue Aug 14, 2018 11:02 pm
Hello everyone, i read from microsoft that i could create export drivers, to use them as dlls on usermode, but i can't find anything about how could i declare them as export drivers and import some functions from these lasts.
If you could provide me some informations i'll be glad.

Thank you.
 #31988  by WhoPMi
 Thu Aug 16, 2018 12:47 am
tyty and where should i load the .def file? I mean, do i just need to save it with all configs that i want or i need to link him somehow from vs?
 #31991  by EP_X0FF
 Thu Aug 16, 2018 4:28 am
Def is standard module definition file same as when you create usual DLL. If you unfamiliar with creating dlls in user mode, ffs why you want to do this in kernel?
 #31994  by WhoPMi
 Thu Aug 16, 2018 10:41 am
It's not that, I've never used .def files to declare my dlls, i used to write the dlls normally without taking care about them.
 #31995  by WhoPMi
 Thu Aug 16, 2018 11:09 am
And please if you could explain me how could i use those SOURCES files, because i can't rly find anything about them, and how do i link them in the linker's properties?

Thank you, really
 #31996  by Vrtule
 Thu Aug 16, 2018 12:01 pm
Well, the documentation on MSDN linked in EP's post seems to be quite old. SOURCE and MAKEFILE files were required prior WDK 8 (before integration into Microsoft Visual Studio).

Maybe, it would be better to look at the Empty DLL for Drivers project template in MSVS (you need to install WDK8-10 I suppose). Well, they say its for universal drivers but that may be changed in project settings I think.

However, I have no practical experience with these drivers. I just expect that they behave as standard DLLs without meaningful initialization routine (DLLMain).
 #31997  by WhoPMi
 Thu Aug 16, 2018 12:34 pm
Thanks, but how should i load the dll( because the compiler compiles it as a .dll file)? And normally , i read online that to create an export driver( dll in kernel mode) it has to be a file .sys moved in the windows/drivers folder. And i also found that there's no similar instruction to the GetProcAddr in kernel mode
 #31998  by Vrtule
 Thu Aug 16, 2018 3:50 pm
I expect the system load your export driver when another driver imports at least one of its (export driver's) symbols. The easiest way to import such a symbol is to use a .lib file created together with the "DLL" binary (well, I expect the linker creates one if the export driver exports at least one symbol).