some time ago I decided to learn how to write drivers. Unfortunately, I did not go too far, because for testing the driver it is very important for you to be able to unload it without having to restart the machine. Now I'm back to him, but I just can't get past this on my own.
Now I suppose that just to make the question more direct, you will definitely want to see this:
VOID Unload(PDRIVER_Object DriverObject)
{
DbgPrint("Unload\r\n");
}
and
NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegistryPath)
{
DbgPrint("Entry\r\n");
pDriverObject->DriverUnload = Unload;
return STATUS_SUCCESS;
}
DbgView "Enter", "". NOT_STOPPABLE.
, .
Windows 7 , TESTSIGNING ON - . , , . winobj \Driver. Win7, , . , , .
, - , .sys, , . , .. .. .