lerno
commented
2 months ago What about the CRT, what libraries should be linked - presumably it's not the regular win crt? I also wonder how to best indicate that one is doing kernel programming. Possible options:
- A special target, e.g.
--target winkernel-x64 - A setting with the crt, so
--wincrt=kernel - Using an attribute
@windriveror something - Separate setting:
--winkernel=yes
Here are some details about generating a windows driver, preliminary note: remember that the windows SDK and WDK are required.
Linked libraries:
Considering an installation with default parameters for the WDK you will be able to find all the static libraries in a path like
C:\Program Files (x86)\Windows Kits\<WINDOWS_VERSION>\lib\<WDK_VERSION>\km\<ARCH>\, like “ntoskrnl.lib”, “hal.lib”, etc.In my current installation in windows 11 the only supported architectures are x64 and ARM64.
Additional libraries:
Due to exploit mitigation Visual studio enforces the usage of the latest spectre mitigation libraries
Compiler/Linker flags
Drivers are characterized by the
/SUBSYSTEM:NATIVElinker flag.The Visual Studio codegen allows you to set the
/INTEGRITYCHECKflag, which sets theIMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITYbit of theDllCharacteristicfield into the optional header, this bit is required by some Windows kernel functions such asPsSetCreateProcessNotifyRoutinethat would otherwise fail if this bit is not set.Entry point
The entrypoint of a driver is usually called
DriverEntry. Visual studio by default changes the entrypoint of a driver depending on the framework chosen so that it is wrapped with his custom code, for example forWDMandKMDFframeworks the entry points areGsDriverEntryandFxDriverEntryrespectively, of course they can be changed.