驱动环境安装
- 安装Vs2022
- 安装SDK
- 安装WDK
DriverDemo
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
| #include "ntddk.h"
VOID DriverUnload(PDRIVER_OBJECT DriverObject)
{
if (DriverObject != NULL)
{
DbgPrint("[%ws]Driver Upload,Driver Object Address:%p", __FUNCTIONW__,DriverObject);
}
return;
}
NTSTATUS DriverEntry( PDRIVER_OBJECT DriverObject,PUNICODE_STRING RegistryPath)
{
DbgPrint("[%ws]Hello Kernel World\n",__FUNCTIONW__);
if (RegistryPath != NULL)
{
DbgPrint("[%ws]所在注册表位置:%wZ\n", __FUNCTIONW__,RegistryPath);
}
if (DriverObject != NULL)
{
DbgPrint("[%ws]驱动对象地址:%p\n", __FUNCTIONW__,DriverObject);
DriverObject->DriverUnload = DriverUnload;
}
return STATUS_SUCCESS;
}
|
error MSB8040:
此项目需要缓解了 Spectre 漏洞的库
https://www.cnblogs.com/hack747/p/16398455.html
安装对应版本的Spectre缓解库
img
MyDriver1.inf
: error 1297: Device driver does not install on any devices
删除.inf文件重新编译即可
驱动签名禁用
https://zh.theihccforum.com/how-disable-driver-signature-enforcement-windows-10
1
2
3
| bcdedit /set nointegritychecks on
bcdedit /set testsigning on
bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS
|
驱动加载运行
1
2
3
4
| sc create scdemo binPath="c:\demo.sys" type= kernel start= demand
sc start scdemo
sc stop scdemo
sc delete scdemo
|
使用Drover Loader/Unloader
加载驱动
img
可以使用debugview查看加载内容
img
MacOs下 Windbg view
双机调试配置
Net
net相对于使用串口较为简单设置些
1
2
3
4
5
6
7
8
|
bcdedit /debug on
bcdedit /dbgsettings net hostip:192.168.181.130 port:50010
Key=3cb9a0g3w94mp.1pnw6lxz6ohti.38p3gpzpdrc7k.qqgcqkf16kuv
|
img
img
Com
1.找到对应的虚拟机.vmx文件进行修改
被调试机器设置
将原有的 serial0项删除替换
1
2
3
4
5
6
7
| serial0.fileType = "thinprint"
serial0.fileName = "thinprint"
serial0.fileName = "/Users/{name}/com1"
serial0.present = "TRUE"
serial0.fileType = "pipe"
serial0.yieldOnMsrRead = "TRUE"
serial0.startConnected = "TRUE"
|
调试机器设置
1
2
3
4
5
6
7
8
9
| serial0.fileType = "thinprint"
serial0.fileName = "thinprint"
serial0.present = "TRUE"
serial0.present = "TRUE"
serial0.fileType = "pipe"
serial0.fileName = "/Users/{name}/com1"
serial0.yieldOnMsrRead = "TRUE"
serial0.tryNoRxLoss = "FALSE"
serial0.pipe.endPoint = "client"
|
{name}替换为自己电脑的用户名
2.
被调试机设置开启串口 管理员cmd运行以下命令
1
2
3
4
5
6
7
8
9
10
11
12
| bcdedit /enum ACTIVE
bcdedit /dbgsettings serial baudrate:115200 debugport:1
bcdedit /copy {current} /d "Windows Debug Entry"
bcdedit /displayorder {current} {上一行的id}
bcdedit /displayorder {current} {f08931ce-554a-11ed-850e-c773c5b7f7b1}
bcdedit /debug {上一行的id} ON
bcdedit /debug {f08931ce-554a-11ed-850e-c773c5b7f7b1} ON
bcdedit -set TESTSIGNING on
bcdedit /dbgsettings
|
img
设置完成后重启系统 选择第二项
img
3.调试机设置
计算机管理 - 设备管理器- 端口-通信端口-端口设置 设置为115200
img
4.调试机windbg
kernel Debugging com连接进行调试
img
使用VirtualKD-Redux(×)
在mac下使用虚拟机通过该方法尝试时没能成功
https://github.com/4d61726b/VirtualKD-Redux
安装重启后 进入该模式F8关闭签名后会一直卡死。。。
img