Creating True System Drivers Written in Delphi

just write whatever you want
Post Reply
iconic
Site Admin
Posts: 1065
Joined: Wed Jun 08, 2005 5:08 am

Creating True System Drivers Written in Delphi

Post by iconic »

I recently stumbled upon this link http://hxdef.org/download.php
which i found interesting, i am posting this because it may be beneficial to those who have ever wanted to write a fully-working .sys driver in delphi, which most people think isn't possible. It's not that Delphi isn't powerful enough to do such a thing out of the box, Borland's compiler doesn't support the OMF format in order to link it correctly, since it's an MS format. I'm not talking about some Delphi 2 hack which allows you to create a VxD, I'm talking about a kit that will allow you to develop a driver in any version delphi compiler. The above link will show you 4 driver demos all in delphi code, no strings attached and allow you to hook into the SDT and hook calls such as zwOpenProcess etc. Once Delphi does its job and converts your code to an object format EliCZ' OMF2D tool will create an OMF binary which you will then need to link with MS' link.exe to make this all possible. After that you'll have a system driver written entirely in object pascal which is as stable as any other properly coded driver. The DDDK units written in Delphi exports current NT functions, structs and consts from NTOSKRNL (NT Kernel) and allow for you to do nearly anything you've wanted to in ring-0. check out the source and I hope you guys find this useful and can get started writing drivers in your favorite language (Delphi).

--Iconic
Arksole Hoax
Posts: 211
Joined: Sat May 08, 2004 11:41 am

Post by Arksole Hoax »

yeah looks nice :)

what can be done with "drivers" ?

could you give some examples what can be done with it?
so is it worth, actually, doing it ?

ok verbesserung, :)

what can be done with "drivers" that is meaningfull ?
Last edited by Arksole Hoax on Tue Mar 07, 2006 3:21 pm, edited 1 time in total.
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Post by madshi »

Cool !
iconic
Site Admin
Posts: 1065
Joined: Wed Jun 08, 2005 5:08 am

Post by iconic »

writing a system driver in NT means that you can speak to the kernel (directly), unlike usermode which actually have to hand down operation requests to the lower-level kernel functions. The question is, what can't be done in kernel land? :D As far as examples, they are included in the DDDK (Delphi Driver Development Kit) i linked you to. I am currently working on a few of my own that catch newly created processes and can permit/deny the execution of the process from ring-0. My free time is limited but I found it useful so i just wanted to share it with you guys. If you are wanting to have your driver speak to your usermode application you'll need to create a DOS device link so that ring-0 can be "in synch" with your ring-3 application, the rest is not hard. The loader in the example is written in c but it can be written in Delphi easily, all you need to do is call on service control manager and if you have a "c" understanding replace the functions with Delphi equivalents, i.e

c's memset
memset(&buf_res,0,sizeof(buf_res));

would/could look like this in your delphi program

ZeroMemory(@buf, sizeof(buf));

or

FillMemory(@buf, sizeof(buf), 0);


printf() could be replaced with Delphi Sysutils.Format() function etc.

and so on. So once you create the driver and output a .sys just load it and start experimenting. I will however mention this, if you have absolutely no driver development experience then it will be a bit awkward at first, i recommend reading through the NTDDK prior to getting your feet wet.

--Iconic
Arksole Hoax
Posts: 211
Joined: Sat May 08, 2004 11:41 am

Post by Arksole Hoax »

ah.. thanks! :)
it might be interessting for AV or FW developers!

Hope this doesnt get into evil hands!
iconic
Site Admin
Posts: 1065
Joined: Wed Jun 08, 2005 5:08 am

Post by iconic »

Ich stimme überein

--iconic
rohypnol
Posts: 1
Joined: Sat Jan 30, 2010 10:47 am

Post by rohypnol »

Nice, nice!
Too bad most of the topics covering my issue are 2003-2006. On the bright side, I've found the most interesting/possibly useful information on the madshi.net forum :D

The link in the first post of the thread is dead (RIP), does anyone know of anything similar?
aiwnjoo
Posts: 52
Joined: Tue Mar 06, 2007 1:06 pm

Post by aiwnjoo »

This is Hacker Defender.

http://rootkit.host.sk

http://en.pudn.com/downloads46/sourceco ... 63_en.html

Or search hxdef on google :)
portableac7
Posts: 1
Joined: Tue May 04, 2010 3:31 pm

Post by portableac7 »

aiwnjoo nice info friend............... :D
Post Reply