Windows Kernel Driver Starter Code
I have just completed Pavel Yosifovich’s excellent Windows Kernel Programming training (which I would highly recommend to anyone interested in learning more about the Windows kernel), and I came out of it with quite a lot of kernel driver code. Some of the things we did were writing our own version of the Sysinternals Process Monitor tool, and a proof of concept anti-ransomware tool; in both cases we were able to monitor everything happening on the filesystem, processes, and threads. You can do a lot in a kernel driver.
There is quite a bit involved in writing a Windows kernel driver, but every driver starts out the same way. So I’ve written some boilerplate starter code that I use every time I start writing a new kernel driver, which makes it a lot easy to get up and running quickly. In order to use this, you’ll need to install the latest versions of the following:
- Windows 10 x64
- Visual Studio 2019 (any edition) with the C++ workload installed
- Windows 10 SDK
- Windows 10 Driver kit (WDK)
After you have the above install, you can start a new kernel driver project by opening Visual Studio, select “Create a new project”, and choose the “Empty WDM Driver” project template. Unless you’re developing a hardware driver or a filesystem minifilter driver, you’ll need to delete the .inf
file that Visual Studio puts into the project by default (most other drivers won’t build with it present). After that, just add a new .cpp
file to the project, and drop the following boilerplate code into it, and you’re ready to go!
If you’d like to see some interesting things you can do with Windows kernel drivers, check out the Windows driver samples page in Microsoft’s documentation or head over to Pavel’s GitHub page for some other great examples of the power of Windows kernel functions.