[Student]

Hi, i gotten interested in driver development recently and i have to make a project for school that has to be finished around july... So this is a big project you can see there's a lot of months between now and then . My problem is my teachers don't like ideas that I have presented because drivers dont seem very interesting to the judges since they cant see anything happening!

I was thinking of using this as oportunity to learn about kernel mode and etc but I don't know any interesting software I can learn to create in this time that peeople will find interesting??

so I think maybe something in usermode that uses drivers would good but I don't think of anythign that isn'tt like a malware or anti virus , my question is if you have any ideas of something cool and interesting for a newbie to create in these months . All the topics in this forum interest me

[Vrtule]

Hello,

give us some ideas that did not seem interesting enough for your teacher (or other ideas you would like to realize but you think they will not be interesting enough).

Developing an application with GUI that cooperate with a kernel driver is a good idea since:
1) there is a piece of kernel development,
2) there is a GUI, so the judges actually see something happening.

From time to time, I create a (small) tool in order to help with my current work tasks. Usually, it is either a tool that displays information not available from usermode, or a monitoring utility. The tools are usually similar to something that already exists but has certain advantages (and disadvantages).

In the past, I developed VrtuleTree which is an application displaying information about drivers and devices currently present in the system. Yes, there exists a very similar tool called DeviceTree, but:
1) VrtuleTree works on Vista/7/8/8.1 (DeviceTree seems not to be very happy on these systems, at least for me),
2) VrtuleTree works in a (more) safe manner,
3) although VrtuleTree does not display all information DeviceTree does, it is a perfect tool for me (especially the new version that is not public yet).

Currently, me and my friend are slowly working on an application similar to IrpTracker.

So, another approach is to look at utilities you like and attempt to create something similar that imrpove some aspects of that utilities. Even creating something that already exists may be worth of doing so if your main goal is to improve your skills.

Best regards
Vrtule

[TETYYSs]

No matter what school project it is, if possible, do graphics-related project. Those look most impressive.

[Student]

Hello,

give us some ideas that did not seem interesting enough for your teacher (or other ideas you would like to realize but you think they will not be interesting enough).

Developing an application with GUI that cooperate with a kernel driver is a good idea since:
1) there is a piece of kernel development,
2) there is a GUI, so the judges actually see something happening.

From time to time, I create a (small) tool in order to help with my current work tasks. Usually, it is either a tool that displays information not available from usermode, or a monitoring utility. The tools are usually similar to something that already exists but has certain advantages (and disadvantages).

In the past, I developed VrtuleTree which is an application displaying information about drivers and devices currently present in the system. Yes, there exists a very similar tool called DeviceTree, but:
1) VrtuleTree works on Vista/7/8/8.1 (DeviceTree seems not to be very happy on these systems, at least for me),
2) VrtuleTree works in a (more) safe manner,
3) although VrtuleTree does not display all information DeviceTree does, it is a perfect tool for me (especially the new version that is not public yet).

Currently, me and my friend are slowly working on an application similar to IrpTracker.

So, another approach is to look at utilities you like and attempt to create something similar that imrpove some aspects of that utilities. Even creating something that already exists may be worth of doing so if your main goal is to improve your skills.

Best regards
Vrtule

thanks a lot for the reply I gave ideas like usb driver and driver filter I hadn't spoken about for example the gui that a driver filter can have, anyway as you can see it was all very vague and I guess it's normal that they didn't seem interested 2nd problem I think of these ideas is that an USB driver is easy to code because all the resources are online and not something for a project of so many months (depending on what it does but when I said it I meant something simple). Although I'm still not decided I was thinking of a tool to detect suspicious malware related activity in kernel mode

No matter what school project it is, if possible, do graphics-related project. Those look most impressive.

You mean like programming with DirectX or OpenGL?

[Vrtule]

so many months

It depends on the exact task (and it difficulty) and on how good documentation you aim to write (I expect the documentation is part of the school project). My experience is that normal programmers don't know much (if anything) about kernel programing, hence if you wish to create a good documentation, you have to cover also an introduction to this topic. So, writing the documentation might not be such an easy task.

Detecting suspicious activity... well, you can create a driver that filters access to important system files, directories, registry keys and values (see CmRegisterCallback(Ex) and FltRegisterFilter functions). You can display suspicious actions by a GUI application. But If you are a newbie in kernel programming, even this task may be quite complicated for you (it also depends on how much time you want to spend with the project). It is quite easy (if you have some experience in kernel) to create something that usually works (but does not work in some/many corner cases), however, it is very hard (on my experience at least) to create something that ALWAYS works.

I think that register/filesystem filter (detector of suspicious activity) is a good project for you. But you must be careful when specifying goals of the project. To get information about various way a malware can attack important files and registry keys, have look at the SSTS64 project on http://www.matousec.com website.

Best regards
Vrtule