Compiling a kernel driver

codejester47 · June 1, 2024, 9:29pm

Hello there, I was trying to compile a kernel driver using the Microsoft Compiler (cl.exe) outside VS so here is my code.

#define _AMD64_
#include <ntifs.h>
#include <ntddk.h>

NTSTATUS
DriverEntry(
    PDEVICE_OBJECT      DeviceObject,
    PUNICODE_STRING     RegistryPath
) {
    UNREFERENCED_PARAMETER(DeviceObject);
    UNREFERENCED_PARAMETER(RegistryPath);

    DbgPrint("Hello, World!\n");

    return STATUS_SUCCESS;
}

How I compile:

cl Source.c "C:\Program Files (x86)\Windows Kits\10\Lib\10.0.22621.0\km\x64\NtosKrnl.lib" /I "C:\Program Files (x86)\Windows Kits\10\Include\10.0.22621.0\km" /I "C:\Users\ihxd\Desktop\j07-b\include" /link /subsystem:native /driver:wdm -entry:DriverEntry

\include is where I have every .h file included. It's like External Dependencies in VS.

The driver is created and now I try to debug it.

I got NO output in WinDbg at all.. I have no idea what's wrong.

Peter_Viscarola_OSR · June 1, 2024, 10:57pm

That’s not going to ever work.

You need to create a project file and build it with MSBUILD. There are a lot of switches, defines, and options you need. Building using a WDK project and MSBUILD is the on,y way to go if you want to build from the command line.

codejester47 · June 1, 2024, 11:30pm

I saw that you need .vcprojx file for it if I'm right, is it mandatory?

Tim_Roberts · June 2, 2024, 2:25am

I get NO output in WinDbg at all.. I have no idea what's wrong.

Practically everything. How did you install this driver? How did you try to run it? You can't just launch it at a command line like an executable. It has to be installed as a service with the appropriate registry entries and launched with the service tools.

And DbgPrint doesn't print anything unless you have set the appropriate registry flags. Have you done any reading at all about kernel drivers?

I saw that you need .vcprojx file for it if I'm right, is it mandatory?

You mean .vcxproj. For anything but the most trivial of drivers, yes, a project file is a virtual necessity. The vcxproj is the Visual Studio equivalent of a makefile.

codejester47 · June 2, 2024, 9:09am

Hello, yes I did. I usually use KdPrintEx but that didn't work so I thought DbgPrint might work. But thanks for letting me know.

Mark_Roddy · June 2, 2024, 5:46pm

Here:

#define HtsTrace( _dbgLevel, ...)          \
    if (_dbgLevel <= gTraceLevel)  {      \
        DbgPrintEx(DPFLTR_IHVDRIVER_ID, DPFLTR_ERROR_LEVEL,  __VA_ARGS__); }

This macro allows your driver to control the debug print level without all the registry or debugger nonsense. Set gTraceLevel as appropriate. Generally I only use this in the debug build of my drivers, and use the WPP based IFR log for the release build.

However, given that all the build tools are free to download and use, why not just use them?

MBond2 · June 3, 2024, 12:49am

if you really want to, your could compile a driver without using project files etc. But why would you want to? If you want to do it just to prove that it can be done, or to lean a lot while doing it, then sure - but if that's the case, then asking question at this kind of high level is a bit counter productive. You necessarily want to find out those things yourself, but might need to ask for help on some finer points.

And if this is related to any commercial work, then you absolutely want to use the standard way. That's the way that will be maintained for a long time into the future and when it needs to change, there will be a migration pattern

codejester47 · June 3, 2024, 11:10am

I've already decided to build a Kernel Driver using MSBuild with the .vcxproj file.
Works just fine, I was just curious if it's done since I don't really like Visual Studio. My Computer can barely handle a VM and a VS at the same time

So I was just really curious if it's possible to set it up outside VS. I didn't really like the .vcxproj idea but I had to go with it since I don't know any other ways. I wanted to use Makefile but yea as I said just decided to go with both .vcxproj file and Makefile to use MSBuild

codejester47 · June 3, 2024, 11:11am

Not sure what this does. Do I just use this so I don't have to enable something like
ed nt!Kd_IHVDRIVER_Mask 8 ?

Mark_Roddy · June 3, 2024, 3:50pm

Yes. It avoids that nonsense.

By the way you can just used the EWDK iso image for the build tools. No need to install visual studio. Building from the command line is fully supported.

Tim_Roberts · June 3, 2024, 9:45pm

You don't have to run the IDE. I never did. I did all my editing in gvim, and ran the "msbuild" command from a command line. Once you have a model to start from, it's easy to create and manage vcxproj files by hand. They serve the same purpose as but are more expressive than makefiles.

Mark_Roddy · June 3, 2024, 10:20pm

Well that is true, however actually understanding what any particular vcxproj file is doing is a rather arcane skill at this point. Msbuild Hell is a reality.