How do I "install" a custom-windows driver?
Solution 1
There are special functions for that. See CmRegisterCallback(), CmRegisterCallbackEx() and Filtering Registry Calls on MSDN.
As for just installing a kernel mode driver, you may use the Service Controller (sc.exe). Use sc create [service name] binPath= [path to your .sys file] type= kernel
to create a kernel-mode service and sc start [service name]
to start it. Don't forget to sc stop
and sc delete
it before making changes to the driver.
Solution 2
Basically drivers are considered as Services as such you can utilize the Service COntrol manager Using the aforementioned APIs what you basically achieve is the appropriate entries in the registry under the Services key. For a sample of how to achieve this check this article, scroll to the bottom to the section named "Dynamically Loading and Unloading the Driver". Furthermore if you want to achieve easy debugging/development and are using VS2k10 I'd suggest you use the free VisualDDK I believe this should be enough to get you going.
user997112
Updated on June 07, 2022Comments
-
user997112 almost 2 years
I am planning to write a basic windows registry filter in C. The purpose of the filter is to hook all (user and kernel privileged) registry calls so that I can use them in my program. I am basically copying regmon/process monitor by Mark Rusinovich but more basic.
My question is, once the filter is written in C, how do you get the system to implement the custom behaviour and to not implement the original intended behaviour of the registry calls?
I am using windows 7
EDIT: I am trying to do this as part of a hobby c++ project which can hook all registry calls.