Rootkits

A Hello World driver for Windows 8.1

Simple Windows 8.1 WDM Hello World driver

> Create a Windows 8.1 virtual machine. (I prefer vmware)

> Run a command line with administrator permissions inside vm and execute:

bcdedit.exe -set loadoptions DISABLE_INTEGRITY_CHECKS
bcdedit.exe -set TESTSIGNING ON

> Restart vm.

> Install Visual Studio 2013 and WDK 8.1 (host machine)

> Create a new empty Kernel Mode Driver project (KMDF).

> Create a new .c file (for ex. helloworld.c):

#include <ntddk.h>
 
VOID Unload(IN PDRIVER_OBJECT DriverObject)
{
	DbgPrint("%s\n", "Driver unloaded.");
	return;
}
 
NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING regPath)
{
	DbgPrint("%s\n", "Driver has been loaded.");
	(*DriverObject).DriverUnload = Unload;
	return (STATUS_SUCCESS);
}

> Open project properties and set the following values for x64 architecture:

  • General->Platform Toolset = WindowsKernelModeDriver8.1
  • Driver Model Settings->Type of driver = WDM
  • StampInf->Catalog File Name = helloworld.cat

> Build project for Windows 8.1 Debug and x64 architecture.

> To load or unload the driver you gonna need two executables. The first program will create a service and start it to load the driver and the second one will stop the service and remove it to unload the driver. Download and compile these codes.