Doing Memory mapped I/O from windows driver

Here is the example of how to perform Memory Mapped I/O using windows driver.



#include <wdm.h>

VOID DriverUnload(PDRIVER_OBJECT pDriverObject)
{
    DbgPrint("Driver unloading\n");
    {
        PVOID p;
        PHYSICAL_ADDRESS physAddr;
        physAddr.QuadPart = 0xFED01000;
        p = MmMapIoSpace(physAddr, 4, 1);
        *(unsigned int*)p = 0xF9;
    }
}

NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
{
    DbgPrint("Hello, World\n");
    DriverObject->DriverUnload = DriverUnload;

    return STATUS_SUCCESS;
}

Linking error with MSVCRT ??

One of the reason could be that the 'Library' and 'EXE' are using different run time library.
For example, if LIB will use 'Debug Multithreaded' and EXE will use 'Multithreaded' OR a different combination, then you will get Linking error while linking LIB with EXE.

In visual studio 6, you can get this option @  Project -> Setting -> c/c++ tab -> Code Generation -> use run time library combo box.

How to check PING command on a group of IPs

Here is a small DOS script that can ping a group of IPs...
In this example, we are trying to ping from 10.125.56.125 to 10.125.56.150 range.

Things which is important and must be remember is 'ENABLEDELAYEDEXPANSION' which is used for 'delayed expansion' for '!' mark (%var% ==> !var!)



@echo off
SETLOCAL ENABLEDELAYEDEXPANSION
set ip=10.125.56.1
for /L %%i in (25,1,50) do (
set add= %ip%%%i
ping !add! -n 1 > nul
set ret=!ERRORLEVEL!
if !ret!==1 (
echo Host not reachable : !add!
)
)

Printing __int64 (long long) datatype in c for windows (Microsoft)

Wandering how to print __int64 data type ? Whereas the other compiler nicely support %lld, Microsoft Visual Studio has a unique way. It usage %I64d for it.

Here code goes;


int main()
{
__int64 a = 1234567890123456789;
printf("%I64d", a);


return 0;
}

How to load PDB which have different time stamp

Sometimes it happens that you forget to store the PDB of your application and give executable to your customers. Once you received any crash dump for your application, you might realize that PDBs are missing and WinDBG is not loading them now.

What you can do now ??

Well..you still have the source code ... you can build it again and get the 'logically correct' PDBs ... but unfortunately, our debugger does not understand this because it will look for timestamps and other checksum. Though loading new PDB is not logically wrong because it also point to exact same source ... but we need to tell this to our debugger.

Steps are here  :

If you are in such a situation, please use this command series:

.symopt+ 0x40

.reload

in case if you are trying to load symbols which are in deferred state use  .reload /f

How to write a Basic Windows Driver

Its very simple. You just need to create three files.

sources [No extension please]


TARGETNAME = driver
TARGETPATH = obj
TARGETTYPE = DRIVER
INCLUDES   = %BUILD%\inc
LIBS       = %BUILD%\lib
SOURCES    = driver.c

makefile [No extension please]

!INCLUDE $(NTMAKEENV)\makefile.def

Driver.c [You can choose any name, it should just match with 'sources' file entry]


#include <ntddk.h>


VOID DriverUnload(PDRIVER_OBJECT pDriverObject)
{
    DbgPrint("Driver unloading\n");
}


NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath) 
{
    DbgPrint("Hello, World\n");
DriverObject->DriverUnload = DriverUnload;


    return STATUS_SUCCESS; 
}

How to compile ?? 

Just install DDK

use Build env and choose the specific platform

go to directory where you have all these above 3 files.

run build command. That's It. You must get your SYS. Look around :)

Now, how to Load/Test ?

Simple, we will use Windows Service manager for it (as of now)

open command prompt (i am doing this on Windows XP)

run sc create driver binPath= c:\driver.sys type= kernel

[here the driver is the driver name (you can choose any name) and i have pasted my SYS file in C driver. Choose the path where your SYS file is]

That's it Done. ;)

How to Load this driver? 

Now open the command prompt and run command net start driver 

[here driver is my driver name, you can choose your name]

That's it. If you are running DebugView, you can see "hello, world" in your view.

How to unload this driver?

Just run net stop driver

[here, driver is my driver name, you can choose any name]

That;s it. If you are running DebugView, you can see 'driver unloading' statement in your view.

Is not that simple !!   :)

Generating PDB Files for your driver

You need to set this option in 'sources' file.

USE_PDB=1

Hope this will help. I know, Understanding this will require Pre-knowledge of how to build Windows Driver. I will write it in sometime.