Menu
some time ago I decided to learn how to write drivers. Unfortunatelly I didn't get too far because for testing the driver it is kinda important for you to be able to unload it without the need of restarting the machine. Now I got back to it but I am just not able to get past this on my own.
Now I suppose just to make the question more straight forward you sure want to see this:
VOID Unload(PDRIVER_Object DriverObject)
{
DbgPrint("Unload\r\n");
}
and
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath)
{
DbgPrint("Entry\r\n");
pDriverObject->DriverUnload = Unload;
return STATUS_SUCCESS;
}
In DbgView it prints the "Entry" message, but when unloading the driver it doesn't print the "Unload" one. Actually trying to stop the driver service changes it's status to NOT_STOPPABLE. Then I have to restart if I want another try. I work with Windows 7 and with same outcomes I have tried to do it booting up with TESTSIGNING ON and with no signiture required too. A little bit odd thing is the load doesn't work either unless I create device in the entry function. Only then I can find my driver with winobj in the \Driver directory. I have also tried it out on another machine with Win7 installation but it turned out local settings are not the issue. If you recognize this kind of kernel behaviour I would really like to hear it, thanks.
Actually if know about some programm that can load .sys and then is able to unload it, drop a link or name. Source codes not required, the executable should do.. or vice versa.. thanks.
545
Driver development - use OSR Driver Loader
71
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
