Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@mbn-code
mbn-code authored Jan 14, 2024
1 parent 57a3da8 commit d1d3c23
Showing 1 changed file with 81 additions and 112 deletions.
193 changes: 81 additions & 112 deletions README.md
View file
Original file line number Diff line number Diff line change
@@ -1,160 +1,129 @@
# The-Kernel-Driver-GUIDE

![banner](https://github.com/CollinEdward/The-Kernel-Driver-Tutorial/assets/66748817/998669c2-d062-4ce0-a671-2917e84058ca)

# The-Kernel-Driver-GUIDE.
## Welcome to The Kernel Driver Guide!

Kernal Driver Tutorial For Getting Started With Kernel Drivers
Hello and welcome to this comprehensive guide. Please read through carefully to avoid any mistakes. This guide is designed to provide a straightforward walkthrough for creating a simple kernel driver for Windows.

# Hello
Hello and welcome to this GUIDE, remember to read everything carefully to not make any mistakes.
This is a simple guide for getting started with Kernel Drivers.
This was created to make an easy follow along guide on creating a simple kernel driver for windows.
---

# Prerequisites
## Prerequisites

Before you begin, you will need to make sure you have the following:
Before you begin, ensure that you have the following:

- A Windows machine with Secure Boot Disabled
- Windows Machine With at least 4 GB RAM
- A Windows machine with Secure Boot disabled
- At least 4 GB RAM on your Windows machine
- [Windows Redistributable](https://download.visualstudio.microsoft.com/download/pr/a061be25-c14a-489a-8c7c-bb72adfb3cab/4DFE83C91124CD542F4222FE2C396CABEAC617BB6F59BDCBDF89FD6F0DF0A32F/VC_redist.x64.exe)
- [DirectX](https://download.microsoft.com/download/1/7/1/1718CCC4-6315-4D8E-9543-8E28A4E18C4C/dxwebsetup.exe)

# Disabling Secure Boot

- a. Restart your computer: Restart your computer and keep pressing the F2, F10, or Delete key (depending on your computer's manufacturer) until you enter the BIOS/UEFI settings.

- b. Locte The Seucre Boot Feature: Once you have entered the BIOS, look for a section called "Security" or "Trusted Platform Module (TPM)". The Secure Boot setting should be within this section. If not, search for you rspecific manufacturer of motherboard.
### Disabling Secure Boot

- c. Save Settings: Once Secure Boot is disabled, save and exit BIOS and boot into windows.
1. **Restart your computer:** Access the BIOS/UEFI settings by pressing F2, F10, or Delete (based on your computer's manufacturer).
2. **Locate Secure Boot:** Find the Secure Boot setting in the "Security" or "Trusted Platform Module (TPM)" section.
3. **Disable Secure Boot:** Save the settings and boot into Windows.

# Additional tips for disabling Secure Boot:
#### Additional Tips for Disabling Secure Boot:

- Back up your data before disabling Secure Boot.
- Disable Secure Boot only when necessary, such as running virtual machines or specific software.
- Re-enable Secure Boot to protect your computer once done with the required tasks.

- Disable Secure Boot only when you need to run a virtual machine or other software that requires it.

- Once you have finished using the virtual machine or software that requires Secure Boot to be disabled, re-enable Secure Boot to protect your computer.

# Download and Setup

When we want to develop a kernel driver we first need to setup our Enviroment.
We need to download a few requirements, which are listed down below:

* Tip1: Remember to install "WDK" after installing Visual Studio 2022 as WDK is an extension to VS22
* Tip2: Remember to Install all Individual Components when installing Visual Studio 2022

Step 1: Install Visual Studio 2022 Link: https://visualstudio.microsoft.com/downloads/

Step 2: Install SDK Link: https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/

Step 3: Install WDK Link: https://learn.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk

- a1. Follow This Tutorial For Installing Windows Driver Kit if the tutorial above is outdated: https://learn.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk
- a2. When installing components for Visual Studio 2022 need to select "Desktop development with C++" with these individual components:

- C++ ATL for latest v143 build tools with Spectre Mitigations (ARM64/ARM64EC)
- C++ ATL for latest v143 build tools with Spectre Mitigations (x86 & x86)
- C++ MFC for latest v143 build tools with Spectre Mitigations (ARM64/ARM64EC)
- MSVC v143 - VS 2022 C++ ARM64/ARM64EC Spectre-mitigated libs (Latest)
- MSVC v143 - VS 2022 C++ x64/x86 Spectre-mitigated libs (Latest)

- **Installing Debug View**
- * Download Debug View from this direct link: https://download.sysinternals.com/files/DebugView.zip
* Or go here: https://learn.microsoft.com/en-us/sysinternals/downloads/debugview


# Visual Studio 2022 Project Setup
- 1 Create a new kernel mode driver project in Visual Studio. ( Kernel Mode Driver, Empty (KMDF).

![9](https://github.com/CollinEdward/The-Kernel-Driver-Tutorial/assets/66748817/51d10f13-6859-4d0b-876c-084859c57651)

---

## Download and Setup

To develop a kernel driver, set up your environment by downloading the following requirements:

Right click on the project

![5](https://github.com/CollinEdward/The-Kernel-Driver-Tutorial/assets/66748817/5d1dd955-ca81-4faf-be77-d41adca4c1ec)

- 2 Activate "Use Local Time" and Enable Active(Release)

![6](https://github.com/CollinEdward/The-Kernel-Driver-Tutorial/assets/66748817/44acad7f-24b8-4fdd-b756-b9631a7b4f61)
1. **Install Visual Studio 2022:** [Download Link](https://visualstudio.microsoft.com/downloads/)
2. **Install Windows SDK:** [Download Link](https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/)
3. **Install Windows Driver Kit (WDK):** [Download Link](https://learn.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk)

- 3 Navigate to "Linker" -> "Command Line" and write
- Follow [this tutorial](https://learn.microsoft.com/en-us/windows-hardware/drivers/download-the-wdk) if the above WDK link is outdated.
- When installing components for Visual Studio 2022, select "Desktop development with C++" and specific individual components as listed in the guide.

"/INTEGRITYCHECK"
#### Installing Debug View

- 4 Add A Class
- Download Debug View: [Direct Link](https://download.sysinternals.com/files/DebugView.zip) or [Sysinternals Website](https://learn.microsoft.com/en-us/sysinternals/downloads/debugview)

Tip: Name this the same name as the project

Right Click on Properties -> Hover on Add -> Click On Class
![8](https://github.com/CollinEdward/The-Kernel-Driver-Tutorial/assets/66748817/ec977ceb-d804-4473-9b13-9b9bbc453c77)
---


# Creating And Running The Driver ( Using Debug View )
## Visual Studio 2022 Project Setup

- 2 Add a new header file named "messages.h" ( In the Header Files Folder ).
- 3 Define a function called debug_message that takes a string and some extra parameters.
![1](https://github.com/CollinEdward/The-Kernel-Driver-Tutorial/assets/66748817/b111f975-b64c-4655-86a2-99a4e0c8a54c)
1. **Create a new kernel mode driver project:** Choose "Kernel Mode Driver, Empty (KMDF)" in Visual Studio.
- Right-click on the project.
- Activate "Use Local Time" and Enable Active(Release).
- Navigate to "Linker" -> "Command Line" and add "/INTEGRITYCHECK".
- Add a class with the same name as the project.


- 4 Include the "messages.h" header file in your source file.
---

![2](https://github.com/CollinEdward/The-Kernel-Driver-Tutorial/assets/66748817/84ad28b7-291d-4f9e-93b4-873f4d95e5e0)
## Creating and Running the Driver (Using Debug View)

- 5.1 Create a function called driver_entry that takes a PDRIVER_OBJECT and a PUNICODE_STRING.
- 5.2 Create a function called unload_driver that takes a PDRIVER_OBJECT.
- 5.3 Call the debug_message function to print a message when the driver starts and stops.
![3](https://github.com/CollinEdward/The-Kernel-Driver-Tutorial/assets/66748817/a4a6cdf2-47d2-48a5-8870-1c414499f0ea)
1. **Add a new header file:** Name it "messages.h" in the Header Files folder.
2. **Define a function:** Create a function called `debug_message` that takes a string and extra parameters.
3. **Include the header file:** Add "messages.h" in your source file.
4. **Create functions:**
- `driver_entry` that takes a `PDRIVER_OBJECT` and a `PUNICODE_STRING`.
- `unload_driver` that takes a `PDRIVER_OBJECT`.
- Call `debug_message` to print a message when the driver starts and stops.
5. **Compile the driver.**

- 8 Compile the driver.
---

- 9 Set Kernal driver Bin Path using sc create command.
tip: Assuming you have the project on C drive, just replace the "computer name" with your actual computer name, and "KernalReadWriteDriver.sys" With the name if your .sys file.
## Setting Up Kernel Driver (Using `sc create` command)

sc create KernelReadWriteDriver type= Kernel Binpath="C:\Users\computer name\source\repos\KernelReadWriteDriver\x64\Release\KernelReadWriteDriver.sys"

- 10 Enable test signing
Using the cmd enable testsigning with the following command:
1. **Set Kernel driver Bin Path:** Use `sc create` command.
- Replace "computer name" with your actual computer name and "KernelReadWriteDriver.sys" with your .sys file name.

bcdedit /set testsigning on
```bash
sc create KernelReadWriteDriver type= Kernel Binpath="C:\Users\computer name\source\repos\KernelReadWriteDriver\x64\Release\KernelReadWriteDriver.sys"
```

- 11 Start DebugView in ADMIN mode

- 12 Enable Capture Kernel In Debug View
![4](https://github.com/CollinEdward/The-Kernel-Driver-Tutorial/assets/66748817/e00cb8ac-d070-43bd-b964-d3837a1b289e)
2. **Enable test signing:** Use the command:
```bash
bcdedit /set testsigning on
```

- 13.1 Load the driver using the sc command.
Without the quotation marks and with the name of your kernel driver
3. **Start DebugView in ADMIN mode.**
4. **Enable Capture Kernel In Debug View.**

sc start "kernel driver name"
5. **Load the driver using the sc command:**
```bash
sc start "kernel driver name"
```

- 13.2 If you get an error when trying to start
If you get an error when trying to start the service, try to enter this in to ADMIN cmd and restart.

bcdedit /set nointegritychecks on
6. **If you encounter an error:**
- Run the following command in ADMIN cmd and restart:
```bash
bcdedit /set nointegritychecks on
```

- 14 Stop the driver using the sc command.
Without the quotation marks and with the name of your kernel driver
7. **Stop the driver using the sc command:**
```bash
sc stop "kernel driver name"
```

sc stop "kernel driver name"
---

## Congratulations!

Congratulations on completing The-Kernel-Driver-Tutorial! You've successfully set up your development environment, disabled Secure Boot, and created a simple kernel driver for Windows.
# Cheat Table Content for Assaulted Cube Process
---
- * Cheat Entries Can be found in this md [cheat-entries.md](cheat-entries.md) or from downloading the [assaultcube.CT](assaultcube.CT) file, and running with cheat engine whilst running the [game](https://github.com/assaultcube/AC/releases/tag/v1.3.0.2).
## Cheat Table Content for Assaulted Cube Process
Honerable mention of resouces and explenation videos / good to know sources:
- Cheat entries can be found in [cheat-entries.md](cheat-entries.md) or by downloading the [assaultcube.CT](assaultcube.CT) file. Run it with Cheat Engine while playing the [game](https://github.com/assaultcube/AC/releases/tag/v1.3.0.2).
https://www.youtube.com/watch?v=6TBQ7lWYQ0g

https://www.youtube.com/watch?v=EaxaQYESDlM

https://www.youtube.com/watch?v=KzD_nc5B_8w
---
https://www.youtube.com/watch?v=eumG222Efzs
## Honorable Mentions
https://www.youtube.com/watch?v=8oC0w6WhZ1E
Special thanks to the following resources and explanation videos:
- [Video 1](https://www.youtube.com/watch?v=6TBQ7lWYQ0g)
- [Video 2](https://www.youtube.com/watch?v=EaxaQYESDlM)
- [Video 3](https://www.youtube.com/watch?v=KzD_nc5B_8w)
- [Video 4](https://www.youtube.com/watch?v=eumG222Efzs)
- [Video 5](https://www.youtube.com/watch?v=8oC0w6WhZ1E)

0 comments on commit d1d3c23

Please sign in to comment.