Communication between delphi application and Windows NT system driver

Question

I am trying to build a very simple driver. Its sole purpose will be to register "PsSetCreateProcessNotifyRoutine" and on callbacks recieved from kernel, notify my Win32 application about which proccesses are started and stoped.

I only know how to build such a simple driver with "DriverEntry" and "DriverUnload" and compile it with DDK. But I don't know how to actually implement communication. I know it can be done with IOCTL. But beyond that I am in the dark. I cannot find simple example of how to do that in Delphi. I only know it can be done.

So what I am looking for is some simple and understandable tutorial on how to do it or event better an example delphi program with acompaniying driver code. Maybe there are even other ways of communication.

Any help would be appriciated.

Answer 1

Doesn't matter if in Delphi or not. You have to use the function DeviceIoControl. Read the article in MSDN about it.

In short, you'll have to choose some IOCTL codes from the available set. Then you call DeviceIoControl with one of these codes and pass some data, and in driver you handle that request and return something else.

You can also handle standard IOCTLS, such as the ones generated by calling ReadFile or WriteFile in user-mode.

Don't look for a "tutorial how to do that in Delphi", just look for any tutorial. They're all the same, no matter the language, it's pure Win32/Native api stuff. Here's one for example, just googled it out.