Lazarus

Programming => Operating Systems => Windows => Topic started by: yoozaa on October 22, 2022, 10:32:02 am

Title: About Kernel Mode Nativent Windows DDK
Post by: yoozaa on October 22, 2022, 10:32:02 am
When compiling KERNEL MODE Nativent  Driver,, GET :  Error: Entrypoint _NtDriverEntry not defined

https://wiki.freepascal.org/Target_NativeNT
Code: Pascal  [Select][+][-]
  1. library helloworld; // this is important - do not try a "program" here
  2.  
  3. // tell FPC that we want to compile a kernel mode application
  4. // (NEEDS a RTL that was compiled with KMODE)
  5. {$apptype native}
  6.  
  7. uses
  8.   // for entry point types and debug output
  9.   DDK;
  10.  
  11. // this method is called once our driver is unloaded
  12. procedure DriverUnload(aObject: PDriverObject); stdcall;
  13. begin
  14.   DbgPrint('Unloading driver');
  15. end;
  16.  
  17. // during the entry point the variables DriverObject and
  18. // RegistryPath are valid
  19. begin
  20.   DbgPrint('Hello World!');
  21.  
  22.   // we need to setup the unload routine or the driver will
  23.   // only be unloaded on shutdown!
  24.   DriverObject^.DriverUnload := @DriverUnload;
  25. end.

system

Code: Pascal  [Select][+][-]
  1. {$ifdef kmode}
  2.  
  3. // Kernel Mode Entry Point
  4.  
  5. function NtDriverEntry( aDriverObject: Pointer; aRegistryPath: Pointer ): LongInt; stdcall; [public, alias: '_NtDriverEntry'];
  6. begin
  7.   NtDriverEntry := FPCDriverStartup(aDriverObject, aRegistryPath);
  8. end;
Title: Re: About Kernel Mode Nativent Windows DDK
Post by: Thaddy on October 22, 2022, 11:23:49 am
32 or 64 bit? A 64 bit kernel mode driver needs to be signed! And it may be that on win 10+ a 32 bit driver also needs to be signed. You can during development use a local certificate for that as per the DDK documentation on MSDN.
32 bit drivers below or equal to platform WIN7 are known to work. ( see wiki remarks)
Title: Re: About Kernel Mode Nativent Windows DDK
Post by: AlexTP on October 22, 2022, 12:19:20 pm
@Thaddy,
I wrote your info here
https://wiki.freepascal.org/Target_NativeNT#Driver_signing
Pls correct if needed.
Title: Re: About Kernel Mode Nativent Windows DDK
Post by: yoozaa on October 22, 2022, 01:48:52 pm
@Thaddy
 Thanks a lot ! Can you give one i368 or x64  demo for nativent 
Title: Re: About Kernel Mode Nativent Windows DDK
Post by: Thaddy on October 22, 2022, 05:55:59 pm
That is a bit more complex than you might think, because I have to explain how to sign the driver,,, But I will have a go at it,
The code s basically correct, but signing a driver locally is not that straightforward unless you already own a proper (certificate)  license from Microsoft.

(And that is a GOOD thing and merely an inconvenience)
Title: Re: About Kernel Mode Nativent Windows DDK
Post by: 440bx on October 22, 2022, 06:50:45 pm
A driver need not be signed in order to be loaded.

There are ways to configure Windows to make it load and execute unsigned drivers.  There are plenty of sites around that describe the various ways of accomplishing that, among them is : https://www.maketecheasier.com/install-unsigned-drivers-windows10/

steps are similar for most versions of Windows.

HTH.
Title: Re: About Kernel Mode Nativent Windows DDK
Post by: Thaddy on October 23, 2022, 06:14:59 pm
A driver need not be signed in order to be loaded.
That is incorrect for 64 bit drivers.. fake information.
Plz read my info very carefully.
Title: Re: About Kernel Mode Nativent Windows DDK
Post by: d.ioannidis on October 23, 2022, 06:49:18 pm
Hi,

A driver need not be signed in order to be loaded.
That is incorrect for 64 bit drivers.. fake information.
Plz read my info very carefully.

 I tried today to see how one can use the fpc nativent target to create a kernel driver.

 I only tested kernel mode, not user mode, and I found out that you can't load 32 bit unsigned kernel driver on a 64bit Win system ... Not even a 32 bit signed driver with embedded signature . You'll need to install it through a means that does involve a driver package and a catalog file and not using scm managed install ( a.k.a. "legacy driver" using sc.exe ) .

 So Thaddy is correct IMHO . There is a lot more to consider when you want to create a driver for a "modern" 64 bit ( 7 and up ) Windows system .

regards,
Title: Re: About Kernel Mode Nativent Windows DDK
Post by: 440bx on October 23, 2022, 07:34:48 pm
I'll just state what should be obvious, a developer isn't going to get a driver that is currently being developed signed just to be able to test it during development.

Title: Re: About Kernel Mode Nativent Windows DDK
Post by: d.ioannidis on October 23, 2022, 08:08:55 pm
Hi,

I'll just state what should be obvious, a developer isn't going to get a driver that is currently being developed signed just to be able to test it during development.

If by ".. currently being developed signed .." you mean no signature at all then AFAIU you're wrong . It depends on the driver type. For kernel type driver ( see here (https://learn.microsoft.com/en-us/windows-hardware/drivers/install/kernel-mode-code-signing-requirements--windows-vista-and-later-#-kernel-mode-code-signing-requirements-during-development-and-test) ) :

Quote
64-bit versions of Windows starting with Windows Vista
The kernel-mode code signing policy requires that a kernel-mode driver be test-signed and that test-signing is enabled. A test signature can be a WHQL test signature or generated in-house by a test certificate. Drivers must be test-signed as follows:

    A kernel-mode boot-start driver must have an embedded test signature. This applies to any type of PnP or non-PnP kernel-mode driver.

    A kernel-mode driver that is not a boot-start driver must have either a test-signed catalog file or the driver file must include an embedded test signature. This applies to any type of PnP or non-PnP kernel-mode driver.

regards,
TinyPortal © 2005-2018