Load – Unload drivers during development

The easiest way to load your driver into the kernel, for testing, during kernel development is by creating a system service to load the driver for you. This method, of course, is not suggested for release due to forensics issues.

 
Windows API functions used in service installer:
> OpenSCManager establishes a connection to the service control manager on the specified computer and opens the specified service control manager database.

> CreateService creates a service object and adds it to the specified service control manager database.

> OpenService opens an existing service.

> StartService starts a service.

To create a service and start it using C you can download and compile this code from Github.

 
Extra Windows API functions used in service uninstaller:
> ControlService sends a control code to a service.

> DeleteService marks the specified service for deletion from the service control manager database.

To stop a service and remove it using C you can download and compile this code from Github.

 

Usage
Load driver:

ServiceInstaller.exe c:\mydriver.sys MyService

Unload driver:

ServiceUninstaller.exe MyService
Categories: Kernel, Rootkits Tags: , , ,
%d bloggers like this: