Windows 10 x64 Kernel Driver (FPC trunk)

[Fibonacci]

Anyone using FPC for drivers development?

1. Remove all initialization code from the RTL, everything that might call any user mode API calls, or create your own minimal RTL, or find one.
2. Declare SysDriverObject and SysRegistryPath pointers somewhere in the interface of system.pp, we need them to save the parameters that the entrypoint was called with for later use in PASCALMAIN.

Code: Pascal  [Select][+][-]

1. var
2.   SysDriverObject: Pointer;
3.   SysRegistryPath: Pointer;

3. Use entrypoint for DLL, just change its parameteres to take 2 params instead of 3. You see, drivers are basically DLLs that are loaded into the process "System".

Code: Pascal  [Select][+][-]

1. function _FPC_DLLMainCRTStartup(DriverObject: Pointer; RegistryPath: Pointer): LongInt; stdcall; public name '_DLLMainCRTStartup';
2. begin
3.   SysDriverObject := DriverObject;
4.   SysRegistryPath := RegistryPath;
5.   PASCALMAIN;
6.   result := ExitCode;
7. end;

4. Create a file named "driver.lpr":

Code: Pascal  [Select][+][-]

1. library driver;
2.  
3. function DbgPrint(aFormat: PAnsiChar): Integer; cdecl; varargs; external 'ntoskrnl.exe';
4.  
5. type
6.   _DRIVER_OBJECT = packed record
7.     // cut
8.   end;
9.   DRIVER_OBJECT = _DRIVER_OBJECT;
10.   PDRIVER_OBJECT = ^_DRIVER_OBJECT;
11.  
12. procedure DriverUnload(DriverObject: PDRIVER_OBJECT); stdcall;
13. begin
14. end;
15.  
16. begin
17.   DbgPrint(LineEnding);
18.   DbgPrint('Hello World! Windows Kernel Mode Driver in FPC trunk' + LineEnding);
19.   DbgPrint('Build time  = ' + {$I %DATE%} + ' ' + {$I %TIME%} + LineEnding);
20.   DbgPrint('FPC version = ' + {$I %FPCVERSION%} + LineEnding);
21.   DbgPrint('FPC target  = ' + {$I %FPCTARGET%} + LineEnding);
22.   DbgPrint(LineEnding);
23.  
24.   PDRIVER_OBJECT(SysDriverObject)^.DriverUnload := @DriverUnload;
25.  
26.   ExitCode := 0; // STATUS_SUCCESS
27. end.

I removed _DRIVER_OBJECT struct to leave it as an excercise for you The struct in the FPC sources is correct only for x86. Actually the whole NativeNT source is full of bugs and is not suitable for use in x64.

5. Open driver.lpr in Lazarus and compile

6. Create a service for the driver, I named mine "fpcd" and put the compiled DLL file in C:\fpcd\fpcd.sys

Code: Pascal  [Select][+][-]

1. sc create fpcd type= kernel start= demand binPath= "C:\fpcd\fpcd.sys"

7. Start the service

Code: Pascal  [Select][+][-]

1. sc start fpcd

In Windows 32 bit it works fine.

For Windows 64 bit either enable TestSigning, or there are few ways to bypass the signature validation. A great literature:
https://www.geoffchappell.com/notes/windows/license/customkernelsigners.htm

Perhaps I will create a github repo with all the information needed? Any interest in this?

[mav]

Yes! Waiting for github repo.
Thanks

[Fibonacci]

I see little interest But I created a repo anyway

https://github.com/fibodevy/fpc-driver

[mav]

Great!

[VisualLab]

I see little interest But I created a repo anyway

It's not that bad. It's only been 2 days since your message was published. I think they're interested. For now, mav and me. Maybe the other interested people are just reading the forum.


P.S. It's a pity that Linux isn't fully modular* (it's only pseudo-modular). Of course, I mean writing such drivers just for yourself, for experiments. Torvalds and his colleagues would probably have a heart attack if they found out about such "computer blasphemy" as writing Linux drivers in Pascal

*) Although on the other hand, when there is no Linux API on the hardware and driver side, it wouldn't help. Because after a few kernel versions (changes), such drivers would stop working.

[DragoRosso]

I am also interested, I recently purchased an EV certificate and I am finishing the procedures for the release (maybe tomorrow they will release the certificates to me).
I need in the near future to write some drivers for Windows x64 specifically for Intel processors and your work is really excellent.
I don't know yet when I will "throw myself" into this undertaking but your starting point is very important.

[MarkMLl]

I feel that this is definitely something worth doing, the lower levels of Windows are- IMO- better thought out than unix and- in particular- Linux which by now is more a "necessary evil" than a paragon of good design.

P.S. It's a pity that Linux isn't fully modular* (it's only pseudo-modular). Of course, I mean writing such drivers just for yourself, for experiments. Torvalds and his colleagues would probably have a heart attack if they found out about such "computer blasphemy" as writing Linux drivers in Pascal

*) Although on the other hand, when there is no Linux API on the hardware and driver side, it wouldn't help. Because after a few kernel versions (changes), such drivers would stop working.

xref to recent thread https://forum.lazarus.freepascal.org/index.php/topic,69507.msg539943.html#msg539943

While I deeply admire the technical achievement of writing a Linux kernel module in Pascal, the defensiveness of Linux system programmers when presented with something that isn't written in C and compliant with their (unwritten) doctrine amounts to rabid hostility. As such, even if we can do it I don't think we should talk about it...

MarkMLl

[BlackDoomer]

I see little interest But I created a repo anyway

https://github.com/fibodevy/fpc-driver

This repo is no longer available (404), did you remove it?

[Fibonacci]

Yeah, I made the repo private. Honestly, it is not worth maintaining or documenting.

Setting up a working environment for Windows kernel driver development in FPC is a massive pain, and I really do not feel like writing a README for it - because the moment I publish it, I will get questions about every step, and every step is complicated.

The signing situation alone makes this pointless nowadays. Even if you buy an EV certificate, that is not enough to install the driver on a regular Windows machine. You have to go through Microsoft for attestation/WHCP signing, wait for them to sign it, and only then can it be loaded normally. Until that happens, your only options are TestSigning mode or various hacks to bypass signature enforcement, and those hacks are getting harder with every Windows update.

On top of that, my implementation was bare minimum. I had to roll a mini-RTL because the standard one pulls in user-mode API calls. A lot was still missing for the driver to actually do anything useful. It worked in TestSigning mode, plus I had a small trick to load the driver without TestSigning - but I have no idea if that trick still works on current Windows 11 builds. And I am not going to test it, because, again, I do not feel like it.

There is also one more thing - the repo required a very specific FPC build. Trunk, but a particular commit from around 2 years ago. Newer trunk versions broke something in the build, and I never had the energy to track down what exactly went wrong. So even if I gave you the source, you would also need to figure out which FPC commit to compile it with.

So the repo without instructions on how to prepare the toolchain, pick the right FPC commit, compile, and actually use the result would be useless to you. And writing all that down is more work than the project is worth in 2026.

[Thaddy]

As far as 64 drivers are concerned: they must be signed but self-signed works on a development machine with signtool.
Otherwise it is easier to write 64 bit drivers than 32 bit drivers using fpc.

[440bx]

Yeah, I made the repo private. Honestly, it is not worth maintaining or documenting.

Setting up a working environment for Windows kernel driver development in FPC is a massive pain, and I really do not feel like writing a README for it - because the moment I publish it, I will get questions about every step, and every step is complicated.

If you were to ignore the signing problems and concentrate solely on the FPC problems, are those problems you could provide solutions for in your custom unleashed fork ?  if the answer is "yes", is it appealing for you to enhance unleashed to make it easier to develop drivers ?

[Thaddy]

@440bx
It is already quite easy - as compared to 32 bit drivers. But signing is an issue, only for redistribution.
Can you elaborate on possible problems with the current FPC win 64 bit release regarding driver development?

[Fibonacci]

If you were to ignore the signing problems and concentrate solely on the FPC problems, are those problems you could provide solutions for in your custom unleashed fork ?  if the answer is "yes", is it appealing for you to enhance unleashed to make it easier to develop drivers ?

There's a NativeNT target in FPC already, but it's incomplete to an unknown degree - in practice, not usable for anything serious.

The bigger pain point is the trunk RTL: at some commit a couple of years back, the build setup changed in a way that you can no longer drop RTL units alongside your project and compile them together. The RTL has to be rebuilt separately, in its own pass - which massively complicates the dev cycle when you're iterating on a kernel-mode RTL replacement. That's why I worked off an older commit - it allowed the "throw it all together and rebuild" workflow that's a lot more practical for this kind of work.

Unleashed is now too far ahead of that older commit to roll back, so addressing this would mean: first sinking some unknown amount of time into figuring out a workable path for preparing a dev environment around the NativeNT target, then slowly building out the target itself. That's days of poking around and potentially fixing FPC just to start writing a driver RTL freely - before any actual driver-relevant work.

So the honest answer is: not really. Technically doable, but I don't see a clear purpose for it, I don't have the motivation, and the entry cost is high. If at some point a concrete project shows up where this matters, I'd reconsider - but right now, no.

Otherwise it is easier to write 64 bit drivers than 32 bit drivers using fpc.

Other way around in my experience - 32-bit drivers are simpler. The dev side is roughly the same on both (same FPC, same RTL pain), but 32-bit Windows doesn't enforce driver loading nearly as strictly. Self-signed or unsigned drivers, or one of the various loading tricks, just work in a lot more cases on 32-bit. So: dev = same, loading a self-signed / hacked driver = much easier on 32-bit. The 64-bit pain is almost entirely on the loading / signing side, not the writing side.

@440bx
Can you elaborate on possible problems with the current FPC win 64 bit release regarding driver development?

Let me answer this one - as it stands, you can't compile a working 64-bit driver with what's currently in FPC. The NativeNT target is incomplete to an unknown degree - the build setup is wired for both i386 and x86_64, but the implementation is patchy enough that I wouldn't call either architecture production-usable. You'd need your own RTL - either built from scratch, or by fixing and finishing NativeNT. The gaps are huge; the target is essentially a "template". If you went back about 20 years you might be able to compile it for XP, but the resulting driver wouldn't actually do anything useful.

Take a look at the NativeNT sources sometime - empty function bodies, TODO markers everywhere. It's abandoned work, last meaningful activity around 2010; doing it properly would mean redoing most of it from scratch.

[LeP]

@440bx
It is already quite easy - as compared to 32 bit drivers. But signing is an issue, only for redistribution.
Can you elaborate on possible problems with the current FPC win 64 bit release regarding driver development?

About signing drivers, I know that drivers, expecially for kernel mode, should be signed by Microsoft .... but I use in modern machine (I mean Win11) an old driver.
This driver is signed by normal EV sign (very very old, and is not coming from Microsoft chain) and it works at kernel mode without any issue.

I try to substitute the sign with mine and it works too ... of course not only in my PC but in others too.

My be, the signs is not an issue so heavy?

[Thaddy]

There's a NativeNT target in FPC already, but it's incomplete to an unknown degree - in practice, not usable for anything serious.

Yes, it is - maybe largely - written by PascalDragon and focused in 32 bit at the time. It is still usable, though. It may be that some current API calls are missing, but what is there is not wrong.