I'm new in kernel mode world. I've tried to write a simple "hello world" driver in a Windows 7 virtual machine, I'm using WDK 7600.16385.1 -> x86 Free Build Environment for compilation, when it does, the generated driver is a .sys file extension, so I'd like to know if is possible to set up the compiler to generate an .exe file, so thereby a user can run it by double-clicking the executable.
I thought that perhaps, when I install some driver and the "setup" is a .exe file, in fact it isn't really the driver, it is a program that installs the driver (in .sys extension) on your computer, so the .exe file is just the installer and not the driver itself. But I am not sure if this is true.
If you could give me some information about generating a driver for Windoes, I'll be eternally grateful!
Thanks in advance!
The .exe files you're looking at are, indeed, installers. There are a number of tools available for creating installers; NSIS is one of the more popular options.
.exe marks executable files for Windows user mode. The format of user mode and kernel mode "executables" differs a lot. In particular, there is no such thing as user running the kernel executible. Kernel drivers aren't directly accessible to user mode; communication is allowed only via OS-defined interfaces, i.e. user-mode component must perform a dedicated OS call which will be routed to the kernel component by the OS. There are many more differences between kernel and user modes but this particular one explains why running kernel driver by user isn't possible (and shouldn't be).
As for your second question, yes, these .exe files are installers.
Related
Basically I have some C/C++ code that I need to build and debug on a Linux machine. Unfortunately, my windows laptop doesn't have enough free hard space to install some Linux dist nor does it have enough free RAM to comfortably run VM.
Until now, I dealt with it rather comfortably using WSL, but the scale was rather small. It was easy to edit and debug 2-3 .c files through CLI and gdb, but it became really annoying on a large scale projects.
I want something simple as "edit code in windows IDE [X], compile it on remote Linux/WSL (the project uses Makefiles), and preferably debug it via gdb".
VS has something close to what I want, but it can't deal with existing Linux projects. It needs to create a new configuration which is alien to the project's Makefile.
I know this question is a bit old, but I think the solution is to make a symlink between your WSL folder and the Window's folder. This is how I handled it for a Ubuntu-20.04 WSL:
Access PowerShell in Administrator mode
Type cmd.exe in the PowerShell
Once cmd.exe is opened, type mklink /d C:\<path_to_your_Windows_folder> \\wsl$\Ubuntu-20.04\home\<your_user>\<path_to_your_WSL_folder>
EDIT
This was tested under Windows 10 Version 2004 with WSL2
I'm unsure about C and C++ but it sounds like this is exactly the same as how i work in node and javascript every day.
I checkout my code using git inside WSL to a location like /mnt/c/code/myproject. Then using sublime/VS code/webstorm i edit the files in windows in the location c:\code\myproject this works really well and have been doing this every day for over a year.
Things to be aware of are that you need to ensure that your editor of choice saves files with linux line endings and that all command line operations are done inside WSL.
Please see this article to see the differences between windows and linux files and how this works inside the WSL.
I want something simple as "edit code in windows IDE , compile it on remote linux/WSL
You will have something as simple as that.
Only with Windows 19.03 though:
See "Updated WSL in Windows 10 version 1903 lets you access Linux files from Windows"
Microsoft's Craig Loewen says:
In the past, creating and changing Linux files from Windows resulted in losing files or corrupting data. Making this possible has been a highly requested and long anticipated feature. We're proud to announce you can now easily access all the files in your Linux distros from Windows.
So how does this work? He goes on to explain:
To put it briefly: a 9P protocol file server facilitates file related requests, with Windows acting as the client.
We've modified the WSL init daemon to include a 9P server. This server contains protocols that support Linux metadata, including permissions.
There is a Windows service and driver that acts as the client and talks to the 9P server (which is running inside of a WSL instance).
Client and server communicate over AF_UNIX sockets, since WSL allows interop between a Windows application and a Linux application using AF_UNIX as described in this post.
Warning:
The old rules still apply, you should NOT access your Linux files inside of the AppData folder!
If you try to access your Linux files through your AppData folder, you are bypassing using the 9P server, which means that you will not have access to your Linux files, and you could possibly corrupt your Linux distro.
I have a legacy VB6 system which is installed in C:/Program Files/IronDuke
In the past it has written some files into this directory. I understand that these files are hidden away if the application is installed under Vista or a later OS, but not if they were written under XP or earlier OS.
How can I retrieve a copy of these 'hidden' files when written under Vista or Windows 7 or 8?
You are looking at a feature called UAC Virtualization, this blog posting gives a pretty good rundown on what is happening and where the files are located.
From above article:
For example, if an application attempts to write to C:\Program Files\Contoso\Settings.ini, and the user does not have permissions to write to that directory (the Program Files), the write operation will be redirected to C:\Users\Username\AppData\Local\VirtualStore\Program Files\Contoso\settings.ini. If an application attempts to write to HKEY_LOCAL_MACHINE\Software\Contoso\ in the registry, it will automatically be redirected to HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\Software\Contoso or HKEY_USERS\UserSID_Classes\VirtualStore\Machine\Software\Contoso.
so in your case if you are trying to find the files you need to look in:
C:\Users\Username\AppData\Local\VirtualStore\Program Files\IronDuke\
You cannot write to Program Files under Windows 7 / 8 - system security prevents programs running as regular users from doing so. One option for you is to write these files to the user's profile folder (you'll have to update the VB6 program for this, although the changes should be pretty small if the program is otherwise well-written). This would be your best option since the updated code would work well in the future without more changes.
You amy be able to get the program running using Compatibility Mode but I doubt it - on my Windows 8 system I don't even get 'Windows XP' as a compatibility option anymore. All other options will likely enforce security.
You can try running your program as administrator but I'd only do this if you don't have the source to make the changes - it's poor practice to run programs with all privileges since it opens up the system for attacks.
Is the ADBd (ADB Daemon) source code part of the kernel or AOSP (Android Open Source Project)?
I hadn't checked the source, but I believe it's part of AOSP. Though, being a system application, it does have special permissions that are unobtainable on unrooted device by installed applications.
I have a Program.exe that I need to intercept. That specific program uses CreateFile & ReadFile, however I need to intercept ReadFile function.
I thought about writing my own File System Filter MiniDriver.
I found this link by Googling: http://msdn.microsoft.com/en-us/library/ff551862(v=vs.85)
It seems that is the correct way to do this. However last time I did any driver development, I remember that >= VISTA did not allow drivers to be installed easily. You needed to acquire "Signed" priviledge from Microsoft(you had to pay).
My question is that, can I create Simple File System Filter Driver for my USB stick and intercept any readings from ReadFile()? All I want to do is to allow ReadFile by a specific process.
1) I need this legally
2) I need to avoid unsigned drivers, so the driver would always work.
Will one minifilter driver work for every OS starting from XP?!
Prohibit of loading unsigned drivers is exist only on x64 versions of windows >= vista
On x64 versions you can
1) Switch to test mode to turm off this restriction
2) Add test sertificate as root to certificate storage
But if you want distribute this driver you must bay certificate.
Yes, minifilter is the preferred way for this. You can intercept system calls/IRPs and allow-deny any of them depending upon your criteria.
Also, same driver code can be used for multiple OSes, however you need to build for specific Os.
WDK 7 can be used to build drivers from XP to Windows 7.
Also, as izlesa suggested, you need to sign for x64 windows higher than vista.
I would like to know if I can use g++ to compile C++ source files stored on an FTP server? Can this be done?
Note: The FTP server is within the local network
You can't execute commands over FTP, nor can you operate directly on files stored on an FTP server unless you have mapped the FTP server to a filesystem. How to do the latter depends on your operating system.
Since you said g++, I assume Linux, so look into FTPFS.
No, this is not possible. Ftp doesn't allow you to execute programs on the server, it is just used to transfer files. To execute programs (like the compiler) you need some different kind of access to the server, like for example with Ssh.
If you are using a Linux system (and probably any *nix or BSD flavout as well) then yes it is possible if the ftp-server is mounted as a filesystem on your machine, like Tyler McHenry wrote.
It is however not neccessary to "look into FTPFS" if you are using any recent Gnome-based distro. In Ubuntu (9.04) I can do "Places"->"Connect to server" and choose FTP. Then, when the folder is opened in Nautilus you can find the mounted directory in ~/.gvfs/ and then you should be able to compile it without any trouble at all.
I would be very surprised if KDE did not have the same feature, but the directory will be mounted somewhere else.
Does the FTP server have a public website that works with scripting languages, such as PHP? If so, you could upload your source code, edit a PHP file that calls system and compile your code.
In general this probably isn't a good idea: It's a slow, manual process & could be subject to security problems if the PHP script lets you edit the compilation command.