wdk

I'm writing a simple kernel driver for my application (think of a very simple anti-malware application.) I've hooked ZwOpenFile() and used PsGetCurrentProcess() to get a handle to the caller process. It returns a PEPROCESS structure: PEPROCESS proc = PsGetCurrentProcess(); I'm using ZwQueryInformationProcess() to get the PID and ImageFileName : DbgPrint("ZwOpenFile Called...\n"); DbgPrint("PID: %d\n", PsGetProcessId(proc)); DbgPrint("ImageFileName: %.16s\n", PsGetProcessImageFileName(proc)); and trying to get the process FullPath this way (but I get BSOD): WCHAR strBuffer[260]; UNICODE_STRING

i want to create a virtual monitor. The way this would work is that the virtual monitor would appear in a window on my desktop. As far as Windows knows it is just another monitor. It occurs to me that it would, as a practical matter, have to be done as video card driver (i.e. rather than the video going out a wire to an LCD panel, it would go into another window on the desktop). Does what i'm describing sound, technically, possible ? (from a DDK point of view) Note: i can't use a virtual pc, because no virtual PC has resolutions high enough for my needs. Also because it's not what i asked for.

VS2017默认是没有安装WDK的，但是我们写驱动文件的话需要用到WDK。不过安装了WDK后，发现以前一些正常的项目在Release模式下编译会报LINK1104，无法打开.lib的错误 针对这个错误，可以参考这篇文章： https://blog.csdn.net/LEON1741/article/details/87392536 也就是需要在Visual Studio Installer里面安装三个组件，它们都在单个组件里面，分别是： 再次运行，发现问题解决。 来源： https://www.cnblogs.com/smart-zihan/p/11770909.html

I've been looking at Windows's File System Filter Drivers . I started with this "FsFilter" example: http://www.codeproject.com/Articles/43586/File-System-Filter-Driver-Tutorial With effort, I managed to get it built and signed in versions that work on everything from 64-bit Win8 to 32-bit WinXP. (Well, as long as I run Bcdedit.exe -set TESTSIGNING ON to allow it to accept my test certificate, since I didn't pay Microsoft $250 to sign my .SYS file. :-/) Now I want to modify FsFilter. I'd like write accesses to certain types of files to be trapped by the filter. I then want the user to receive a

在微软官网找了半天。。 搜索window driver kit，好吧。进入一页英文页面。。 https://docs.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk 因为之前装的VS是2015的。所以官网上最新的是VS2017，WDK是1809的。。。所以不适用。。 左边有一导航栏，点击Other WDK downloads 好吧。然后页面往下拉拉拉。。 这玩意在这里。。 下载好了安装。。 打开VS2015 创建项目---Kernel Mode Driver,Empty(KMDF) 创建.c文件 随便写上代码 #include <ntddk.h> void DriverUnload(PDRIVER_OBJECT driver) { DbgPrint("first:Our driver is unloading....\r\n"); } NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path) { DbgPrint("first:Hello,my salary!"); driver->DriverUnload = DriverUnload; return STATUS_SUCCESS; } 　　 结果第一行就来个红包波纹曲线报错

I am quite new to driver development and trying to write a simple filter driver that will enable or disable a keyboard or mouse device. If I can make it work, I want to use it to disable the touchpad on my laptop when a mouse is plugged in. I realize there is probably software out there that does this already, but I am really interested in device drivers and want to learn how to do this myself. I am using the kbfiltr and moufiltr examples that ship with the WDK, installed as upper filter drivers. The kbfiltr example creates a pdo which can be enumerated and connected to by a usermode program.

For some days now I've been battling with printing XPS to file without the dialog. I've read posts on the matter in CodeGuru and by Feng Yuan (MSDN), along with many discussion topics here and I am still lost. Specifically my scenario is that I have a 3rd party API that I must use, and it prints to the default printer (say Microsoft XPS Document Writer). I want to be able to "apply" a filename prior to the printing procedure, and of course not to have dialog. I've tried working with WinDDK - XPSDRV and LOCALMON samples but wasn't able to figure out exactly how to manipulate the code to achieve

I've seen that Mac Drive 7 adds HFS+ and HFS support to windows for both hard-drives and CDs, which includes handling problems like the mac partition format. Clearly that must mean that file system support in windows is extensible somehow, even if it is slow. So where could someone start to write a simple (or not) file system driver for windows? I'm having a lot of trouble googling for this because these are commonly used words. You need the Windows Driver Kit (WDK). The Installable File System Kit which is part of the WDK should get you started. Good luck! The IFS actually primarily permits

I wrote and compiled a minifilter driver using WDK 7.0 build utility for Windows 7 32 bit. Then i installed it on a Windows 7 (32 bit) machine running on VMWare using OSR's driver loader utility. When i ran DbgView, i could see the DbgPrint output accurately. Then i compiled that very same driver using WDK 8.0 integrated in Microsoft Visual Studio Pro 2012 for Windows 7 (32 bit). That created 3 files as a result, a sys, cat and inf file. I installed the Driver on a Windows 7(32 bit) machine running on VMWare, by right clicking the inf file and selecting 'install'. Then i started the service