This library is derived from https://github.com/not-matthias/kernel-driver-with-rust. You can also check https://not-matthias.github.io/kernel-driver-with-rust/.
I am not a rust expert nor I am a windows kernel expert, don't expect high quality. This is just a toy project.
-
windows-kernel-common-syslibrary is providing kernel types (ntifs.hand its transitive dependencies). -
windows-kernel-ntoskrnl-sysis providing (a lot of) kernel functions (ntfis.hand its transitive dependencies). -
windows-kernel-cng-sysis providing BCrypt bindings. -
windows-kernel-netio-sysis providing Winsock bindings. -
windows-kernel-winsockis a high level wrapper of [Winsock], providing rust abstractions over the raw api. -
windows-kernel-winsock-exampleis a kernel driver that use thewinsocklibrary to call httpbin.
Every package should be available through with the Visual Studio Installer
- Microsoft Visual Studio
- Windows Driver Kit
- LLVM (clang)
- cargo (and cargo-make)
cd windows-kernel-winsock-examplecargo make sign
The command should generate a signed driver, located under target\x86_64-pc-windows-msvc\debug\windows_kernel_winsock_example.sys.
Go in your win10 VM. Open Dbgview and enable kernel logging. Open a terminal as admin.
- if not already existing
sc create windows_kernel_winsock_example binPath="absolute path to windows_kernel_winsock_example.sys" type=kernel sc start windows_kernel_winsock_examplesc stop windows_kernel_winsock_example
The driver should produce something like:
