hfiref0x
commented
8 years ago TDL launched drivers are not using /GS, you don't need any GsDriverEntry nor WDM templates. You have 2 driver examples on which you MUST relly.
Closed traplol closed 8 years ago
hfiref0x
commented
8 years ago TDL launched drivers are not using /GS, you don't need any GsDriverEntry nor WDM templates. You have 2 driver examples on which you MUST relly.
traplol
commented
8 years ago You're not wrong, but there should be more documentation about what a "driverless" driver is then and it shouldn't be required to use an existing project as a base. Anyways using /GS- isn't enough to get an empty driver to load with TDL but changing the entry point is
hfiref0x
commented
8 years ago This tool considers you are know / familar with what it is doing. It is self-explaining and not for newbies. Driversless rootkits is common trend of malware in 2007-2012, it is not my problem you(somebody else) never heard about them.
I was unable to get TDL to load my "driverless" driver when creating my driver from the "Empty WDM Driver" template in VS2015.2 until I started poking around the linker properties of the example projects. I noticed the default value for
Configuration Properties -> Linker -> Advanced -> Entry Pointis GsDriverEntry, after changing that to DriverEntry or making this change in my code:to
I had no problems getting TDL to load my driver. I suggest mentioning this in the README.md.
OS: Windows 10 Pro x64 Version: 10.0.10586 Build 10586 VS2015 Version: 14.0.25123.00 Update 2 Windows Driver Kit: 10.0.10586.0