vscode development wdk

Enterprise 2023-09-30 07:02:24 views: null

findwdk

https://github.com/SergiusTheBest/FindWDK.git

Copy the FindWdk.cmake module to the following path

CMake\share\cmake-3.22\Modules

Pay attention to defining system variables or modifying the following path to ensure that the wdk tool path can be found
Insert image description here

Build project

Building projects in cmake is implemented through wdk_add_driver

wdk_add_driver(simple simple.c)

Configure vmware environment

  • msconfig, modify the virtual machine to run in debug mode
    Insert image description here
  • Add a serial port to the virtual machine and use the \.\pipe\com_1 command channel to connect to com1

vs plugin

Install the vs windows driver kit plug-
Insert image description here
in. Add the vmare virtual machine configuration in the plug-in as follows
Insert image description here
. Start device debugging by attaching a remote target (only after the device is added in the plug-in can it be directly searched by name)
Insert image description here

Install

Turn on debugging mode, turn off digital signature and restart
bcdedit /debug on
bcdedit /dbgsettings serial debugport:n baudrate:115200
bcdedit /set testsigning on
bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS
bcdedit /set nointegritychecks on

cmd to execute the installation and enter the sys file

@echo off
sc create %~n1 binpath= "%~f1" type= kernel start= demand type= kernel start=demand
sc start %~n1
pause
sc stop %~n1
sc delete %~n1

Use windbg to debug sys files, set the pdb path to the symbol path in the virtual machine, and then debug breakpoints can be broken.

irp

Applications and the kernel communicate through IRP packets, irp five commonly used packet types

#define IRP_MJ_CREATE 0X00 //Corresponds to the user layer function CreateFile()
#define IRP_MJ_CLOSE 0X02 //Corresponds to the user layer function CloseHandle()
#define IRP_MJ_READ 0X03 //Corresponds to the user layer function ReadFile()
#define IRP_MJ_WRITE 0X04 //Corresponds to the user layer function WirteFile ()
#define IRP_MJ_DEVICE_CONTROL 0X0e //DeviceIoControl(), writable and readable

IRP is divided into linear IRP (synchronous IRP, the IRP is automatically canceled when the thread exits) and non-linear IRP (asynchronous IRP, not associated with any thread, data is transferred between the driver and the driver, and needs to be manually released in the completion function)

IoBuildSynchronousFsdRequest, IoBuildDeviceIoControlRequest, synchronous
IoBuildAsynchronousFsdRequest, IoAllocateIrp, asynchronous

  • Spin lock, infinite loop waiting, occupying a lot of CPU resources
  • page_code, the driver layer is in physical memory and accesses the application layer memory using page_code to page the memory.

IRQL >= DISPATCH_LEVEL triggers page_code assertion, detects kernel memory
DriverEntry, and IRP dispatch functions generally run at PASSIVE_LEVEL

Guess you like

Origin blog.csdn.net/daoer_sofu/article/details/130427105
Recommended
wlnmp one-click installation package update 240522
ChatGPT was severely down and was rumored to have been hacked by Russian hackers.
Ranking
Java implementation Storage Structure queue
Android development Yabo Sports Start Tutorial
Let me catch it! There are a lot of interesting souls, not many interesting books, Redis in-depth adventure subverts your understanding of Redis
easyrecovery software 2024 free version computer file data recovery tool
Deep Understanding of Virtual Private Networks: How VPNs Connect the World
EOS was looted, not without reason
Construction of chromium GN system
Comprehensive summary of JAVA basic knowledge [New students must see and learn together]
Fall in love with [data structures] Quick Sort
OpenCV implements FAST algorithm corner point detection and ORB algorithm feature point detection
Daily
More
2024-05-22(9)
2024-05-21(35)
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)

Code World

© 2018 codetd.com