install SDK and WDK

What I use here is VS2019. The environment is already equipped , Just write it down . later VS2019 Can not be visual studio installer distinguish , And put new things , Then the official website vs The downloader has only VS2022, Think about updating it , So I reconfigured it , because C Disc shortage , Just put VS2019 Completely uninstalled . Who wants to ,VS2022 No longer supported win10 Of WDK( That expansion can't be installed ), and 2022 Of WDK There is no driver x86 Version of , Come and go . ok , It's reloaded VS2019.

Friendship tips ： The newer the version, the better

Hook this in the installer

WDK Install Links

I seem to use 2004 Version of , It's still 10.19041.1, A little magic

Last ,VS20xx Is not important , It doesn't matter which one you install , The important thing is to remember SDK and WDK The version corresponds to

Finish loading WDK You will be prompted whether to install VS2019 add-in , Click Install
It doesn't matter if you don't pop up , Start looking

Double click the file , Can be installed ( If you don't use the default installation location , Then think about where to put it )

Create project

Create a new one Kernel Mode Driver, empty (KMDF) Project

Just name yourself

Right click ==> attribute , That menu is too long , No screenshots.
Create a new one xxx.c file , Do not xxx.cpp

If you report an error ： This project needs to alleviate Spectre Vulnerability Library
So please check

If you have to toss , Then please move vs Find a corresponding version of the mitigation Library in the installer and install , Anyway, I installed several unmatched versions , I'm too lazy to

Programming

// Equivalent to ordinary program  windows.h
#include <ntddk.h>

// Unload function 
void DriverUnload(PDRIVER_OBJECT object) {
    
	// Print a sentence , Convenient observation 
    DbgPrint("hello world: driver is unloading...");
}

// The main function , amount to main
//driver There is some information in , It's about this drive 
NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path) {
    
	// Driver USES DbgPrint(), For ordinary programs printf(), I know what you mean 
    DbgPrint("hello world");
    // You can think that we assigned a callback function pointer 
    // The right time ( When uninstalling this driver ), Will call this function pointer 
    driver->DriverUnload = DriverUnload;
    // Namely return 0 nothing more , Just look good 
    return STATUS_SUCCESS;
}

compile , Then pull to winxp Try it
dbgView I also checked the monitoring core , But sometimes it works and sometimes it doesn't work , Don't make a fool of yourself
Anyway, when it doesn't work windbg It will also print
I checked the surveillance core , But neither of them printed , Really weird

Other tools

There is a dual machine debugging tool called VirtualKD-Reduxz, Than windbg Naked even faster ,github There is , Search directly and you're done
There are also installation tutorials and use tutorials , Fool operation , I won't go into details
If something goes wrong during configuration , You can refer to what I wrote before
Virtual KD appear Still cannot find RPC dispatcher table

It hasn't been updated for a long time , No one looked at it. , No power . Just write it for yourself