Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 06-17-2018, 01:07
nimaarek nimaarek is offline
Friend
 
Join Date: Sep 2017
Location: Rivendell
Posts: 24
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 226
Thanks Rcvd at 37 Times in 17 Posts
nimaarek Reputation: 2
The Prepared environment for kernel programming

Hello,
Is there a custom Windows operating system for kernel programming?
For example, the WDK package and the Visual Studio version related to it are installed And other settings for kernel programming and debugging It has been done
Like This (Windows 10 Pro [1607] (x86/x64) Reverser Edition ISOs) :
Code:
www.kernelmode.info/forum/viewtopic.php?f=22&t=4922&p=31664
Reply With Quote
  #2  
Old 06-18-2018, 14:58
Evilcry Evilcry is offline
Friend
 
Join Date: Jan 2009
Posts: 58
Rept. Given: 4
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 41 Times in 18 Posts
Evilcry Reputation: 15
Enterprise grade Device Driver development is done with Standard OS images, debugging performed by running the driver in VirtualMachine (Kernel Development is rich of BSODs or worse scenarios with storage drivers that destroy Filesystem) and attaching in remote debug session with Windbg.

To setup the environment, you can use the following link:
https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/attaching-to-a-virtual-machine--kernel-mode-

Best Regards,
Evilcry
Reply With Quote
The Following User Says Thank You to Evilcry For This Useful Post:
tonyweb (06-18-2018)
  #3  
Old 06-19-2018, 04:31
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 761
Rept. Given: 384
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 789
Thanks Rcvd at 2,021 Times in 570 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Quote:
Originally Posted by nimaarek View Post
Hello,
Is there a custom Windows operating system for kernel programming?
For example, the WDK package and the Visual Studio version related to it are installed And other settings for kernel programming and debugging It has been done
Like This (Windows 10 Pro [1607] (x86/x64) Reverser Edition ISOs) :
Code:
www.kernelmode.info/forum/viewtopic.php?f=22&t=xxxx&p=xxxxx
Seriously, man ? You are actually linking to content in the RECYCLE BIN/TRASH of another forum ?

Isn't it going a bit too far ? I've got my content deleted there, and now you link it in the Recycle Bin ...
Reply With Quote
  #4  
Old 06-28-2018, 04:33
RiRye RiRye is offline
Friend
 
Join Date: Mar 2017
Location: US
Posts: 26
Rept. Given: 1
Rept. Rcvd 2 Times in 1 Post
Thanks Given: 42
Thanks Rcvd at 38 Times in 16 Posts
RiRye Reputation: 2
Perhaps maybe a trimmed version of a checked windows build?

hxxps://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/checked-build-of-windows
Reply With Quote
  #5  
Old 06-28-2018, 06:01
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 761
Rept. Given: 384
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 789
Thanks Rcvd at 2,021 Times in 570 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Quote:
Originally Posted by Evilcry View Post
Enterprise grade Device Driver development is done with Standard OS images, debugging performed by running the driver in VirtualMachine ...
I would beg to differ with EvilCry on this. The development and testing is BEST done on specialized build systems that have the LEAST bit of interferring services and software running on them.

For the development of complex (especially kernel-level) drivers, we use specialized trimmed builds of windows that are VERY lean.

The logic being, that when we want to develop drivers and ensure that the driver(s) themselves are running and performing their functions without issues, it is a LOT easier to debug them when very few services are running in parallel on that system.

Otherwise it becomes very tedious to debug at every stage and see as to whether the driver itself is faulty or whether compatibility with the running services is the issue.

Also, the debugging itself is VERY fast with a system running a minimal set of services on it.It of course goes without saying that for kernel level debugging we require two machines (virtual or real).

It is only when we have determined that the driver itself is functioning as expected, that we switch to debugging and testing on "real" systems that mimic the Retail Builds as closely as possible.

Regards
Reply With Quote
  #6  
Old 06-28-2018, 13:31
chants chants is offline
VIP
 
Join Date: Jul 2016
Posts: 725
Rept. Given: 35
Rept. Rcvd 48 Times in 30 Posts
Thanks Given: 666
Thanks Rcvd at 1,050 Times in 475 Posts
chants Reputation: 48
I am sure if you have good connections with MSFT, you can get something like the Shared Source Initiative
Quote:
https://www.microsoft.com/en-us/sharedsource/
which would allow such customizations to be made in detail for driver debugging.

Otherwise Microsoft seems to encourage using the Checked Windows builds as per RiRye above.

The question is in practice, what are the major companies out there doing?

Last edited by chants; 06-28-2018 at 13:43.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Hades:Windows kernel driver lets reverse engineers monitor user and kernel mode code sh3dow Source Code 0 05-12-2016 03:15
Armadillo Environment Variables Finder 1.2 rukov Community Tools 3 12-16-2015 01:59
Armadillo Environment Variables & Visual Basic D-Jester General Discussion 0 02-20-2005 10:27


All times are GMT +8. The time now is 08:32.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )