Skip to content

Instantly share code, notes, and snippets.

@bgrewell

bgrewell/setup_for_windows_10_driver_development.md

Last active February 23, 2020 18:01
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save bgrewell/9dbee520b818f8c7bb5527eb99cc7e2d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save bgrewell/9dbee520b818f8c7bb5527eb99cc7e2d to your computer and use it in GitHub Desktop.
Download ZIP
Instructions for installing all the tooling needed to do Windows 10 1903 device driver development (Assuming Visual Studio is already installed). It also includes steps to get up and running with the 'inspect' sample for WFP Callout driver development.
Raw
setup_for_windows_10_driver_development.md

Installing Toolchain For Driver Development

In addition to getting the tooling installed for driver development on Windows 10 1903 I have also included instructions for getting up and running with the Windows Filtering Platform sample Inspect which is a sample callout driver for doing packet inspection.

Install the Windows 10 SDK

The first step is to install the Windows 10 SDK. This is required to build the drivers and needs to match the version of the WDK that you will install in the next step.

  1. Navigate to Windows 10 SDK Download Page
  2. Click on Download The Installer
  3. Run the file
  4. Select Install the Windows Software Development Kit - ... and click Next
  5. Opt in/out of the data usage and click next
  6. Read and Accept the agreement
  7. Uncheck the features you don't want then click Next

The install will take a while depending on your system. Once it is finished click close

Install the Windows 10 1903 WDK

  1. Navigate to Widows 10 WDK Download Page
  2. Scroll down to step 2 and click on Download WDK for Windows 10, version 1903
  3. Run the file
  4. Select Install the Windows Driver Kit - ... and click Next
  5. Opt in/out of the data usage and click next
  6. Read and Accept the agreement
  7. Allow the UAC Elevation
  8. Install will take a while again...
  9. After the install finishes leave Install Windows Driver Kit Visual Studio extension checked and click Close
  10. Once the extension installer starts check the versions of Visual Studio you want to install the extension on and click Install You may need to close any open Visual Studio Windows
  11. Once finished click close

Installing Windows Filtering Platform Sample

  1. Navigate to Windows Filtering Platform Sample Page
  2. Click blue button Download ZIP
  3. Open the file and extract the contents to somewhere on your disk
  4. Navigate to that location and open the file inspect.sln
  5. If prompted for Visual Studio version select Visual Studio 2019.
  6. I recommend making the README.md file available inside VS. To do this right click on the solution and click Add -> Existing Item then browse and select README.md. Now you should see README.md listed under Solution Items.

Building the project

Once you have finished installing everything you should have a project open with the inspect sample in it. The first step is to see if the project will build. Most likely you need to make some changes before it will.

  1. Right click on the inspect project and click on properties
  2. Click on Driver Settings
  3. Change Target Platform from Universal to Desktop
  4. Once that is done click ctrl-b or go to Build -> Build inspect and the project should build properly.

Setting up a remote deployment host to test on

  1. Install or Clone an existing Virtual Machine running Windows 10
  2. If the system needs to be updated to 1903 follow these steps.
  • Navigate to Windows 10 Site and selecting the Update now button.
  • Once the download finishes run the Windows10Upgrade9252.exe
  • Click Update Now
  • If checks pass click Next
  • Wait for the update to finish and reboot
  1. On your local system (the one with the WDK installed) navigate to C:\Program Files (x86)\Windows Kits\10\Remote\x64 and copy the file WDK Test Target Setup x64-x64_en-us.msi then paste/copy it to your virtual machine
  2. Run the WDK Test Target Setup x64-x64_en-us.msi
  3. Open up the firewall by going to System and Security -> Windows Firewall -> Advanced Settings -> Inbound Rules. Enable all Network Discovery rules, on each rule double click and go to the scope tab and under Remote IP address select Any IP address
  4. Locate the File and Printer Sharing rules and double click and go to the scope tab and under Remote IP Address select Any IP address
  5. Back on your development machine click x86 on the toolbar in Visual Studio and change to x64. Then right click the project inspect and select properties
  6. Go to Driver Install then to Deployment and select Configure Devices from the drop down
  7. Enter Remote Debug VM for the Display name
  8. Enter the IP adress for the network name
  9. Click next and leave defaults continue until the install starts.
  10. Click Finish after install is complete (if it gives an error about setting a restore point it will still work)
  11. Click OK to close out the properties window
  12. Right click on the project and select properties again and go to Driver Settings and click General and make sure the target platform is set to Desktop
  13. Build solution with ctrl-shift-b
  14. Right click on the project inspect and select Deploy
  15. Navigate to C:\DriverTest\Drivers on the debug VM and you should see your driver files
  16. Enable debug printing on the target VM. Add a key to the registery called Debug Print Filter under HKLM\System\CurrentControlSet\Control\Session\Manager then add a DWORD named DEFAULT and set the value to 8
  17. Disable signing on the VM. Open a elevated command prompt and run the command bcdedit /set testsigning on
  18. Reboot the test system

Testing the driver

  1. Inside C:\DriverTest\Drivers on the VM right click on inspect.inf and click Install and select Yes on the UAC prompt
  2. Open the registery editor on the test system and go to HKLM\System\CurrentControlSet\Services\inspect\Parameters
  3. Create the following keys
  • REG_DWORD named BlockTraffic and set it to 0 to permit or 1 to block
  • REG_SZ named RemoteAddressToInspect and set it to the IPv4 or IPv6 address (example 10.0.0.1)
  1. Open an administrative command prompt and start the driver net start inspect
  2. To stop use net stop inspect

You should have seen the message that The Inspect service was started successfully. All is working now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment