我编写了简单的64位kmdf驱动程序(wfp / inspect)。该驱动程序位于:
%WinDir%\ System32 \ Drivers \ Inspect.sys
我可以使用:net start inspect加载此驱动程序。
现在,我想在Windows启动期间加载此驱动程序,因此我已经准备了以下inf文件:
[版本]
签名=“ $ Windows NT $”
类别= WFPCALLOUTS
ClassGuid = {57465043-616C-6C6F-7574-5F636C617373}
提供商=%ProviderString%
CatalogFile = Inspect.cat
DriverVer = 09/20 / 2018,19.58.54.237
[SourceDisksNames]
1 =%InspectDisk%,,,“”
[SourceDisksFiles]
Inspect.sys = 1,
[DestinationDirs]
DefaultDestDir = 12; %WinDir%\ System32 \ Drivers
Inspect.DriverFiles = 12; %WinDir%\ System32 \ Drivers
[DefaultInstall]
OptionDesc =%InspectServiceDesc%
CopyFiles = Inspect.DriverFiles
[DefaultInstall.Services]
AddService =%InspectServiceName%,, Inspect.Service
[DefaultUninstall]
DelFiles = Inspect.DriverFiles
[DefaultUninstall.Services]
DelService =%InspectServiceName%,0x200; SPSVCINST_STOPSERVICE
DelReg = Inspect.DelRegistry
[Inspect.DriverFiles]
Inspect.sys ,,, 0x00000040; COPYFLG_OVERWRITE_OLDER_ONLY
[检查服务]
DisplayName =%InspectServiceName%
说明=%InspectServiceDesc%
ServiceType = 1; SERVICE_KERNEL_DRIVER
StartType = 0; SERVICE_BOOT_START
ErrorControl = 1; SERVICE_ERROR_NORMAL
ServiceBinary =%12%\ Inspect.sys; %WinDir%\ System32 \ Drivers \ Inspect.sys
AddReg = Inspect.AddRegistry
[Inspect.AddRegistry]
HKR,“参数”,“ BlockTraffic”,0x00010001,“ 0”; FLG_ADDREG_TYPE_DWORD
HKR,“参数”,“ RemoteAddressToInspect”,0x00000000,“ 10.0.0.1”; FLG_ADDREG_TYPE_SZ
[Inspect.DelRegistry]
HKR,“参数” ,,
[字符串]
ProviderString =“ TODO-Set-Provider”
InspectDisk =“交通检查安装盘”
InspectServiceDesc =“交通检查标注驱动程序”
InspectServiceName =“检查”
但驱动程序未在启动时加载。
就像我在开始时提到的那样,它是64位kmdf驱动程序。
我忘了什么吗?有什么建议/提示在哪里吗?
感谢帮助。
答案 0 :(得分:0)
请参阅以下question。 TL; DR:
使用sc create [服务名称] binPath = [.sys文件的路径] type = 内核以创建内核模式服务,并sc启动[服务名称]以 开始