Page 1 of 1

Creating True System Drivers Written in Delphi

PostPosted: Tue Mar 07, 2006 2:44 pm
by iconic
I recently stumbled upon this link http://hxdef.org/download.php
which i found interesting, i am posting this because it may be beneficial to those who have ever wanted to write a fully-working .sys driver in delphi, which most people think isn't possible. It's not that Delphi isn't powerful enough to do such a thing out of the box, Borland's compiler doesn't support the OMF format in order to link it correctly, since it's an MS format. I'm not talking about some Delphi 2 hack which allows you to create a VxD, I'm talking about a kit that will allow you to develop a driver in any version delphi compiler. The above link will show you 4 driver demos all in delphi code, no strings attached and allow you to hook into the SDT and hook calls such as zwOpenProcess etc. Once Delphi does its job and converts your code to an object format EliCZ' OMF2D tool will create an OMF binary which you will then need to link with MS' link.exe to make this all possible. After that you'll have a system driver written entirely in object pascal which is as stable as any other properly coded driver. The DDDK units written in Delphi exports current NT functions, structs and consts from NTOSKRNL (NT Kernel) and allow for you to do nearly anything you've wanted to in ring-0. check out the source and I hope you guys find this useful and can get started writing drivers in your favorite language (Delphi).

--Iconic

PostPosted: Tue Mar 07, 2006 3:05 pm
by Arksole Hoax
yeah looks nice :)

what can be done with "drivers" ?

could you give some examples what can be done with it?
so is it worth, actually, doing it ?

ok verbesserung, :)

what can be done with "drivers" that is meaningfull ?

PostPosted: Tue Mar 07, 2006 3:15 pm
by madshi
Cool !

PostPosted: Tue Mar 07, 2006 3:21 pm
by iconic
writing a system driver in NT means that you can speak to the kernel (directly), unlike usermode which actually have to hand down operation requests to the lower-level kernel functions. The question is, what can't be done in kernel land? :D As far as examples, they are included in the DDDK (Delphi Driver Development Kit) i linked you to. I am currently working on a few of my own that catch newly created processes and can permit/deny the execution of the process from ring-0. My free time is limited but I found it useful so i just wanted to share it with you guys. If you are wanting to have your driver speak to your usermode application you'll need to create a DOS device link so that ring-0 can be "in synch" with your ring-3 application, the rest is not hard. The loader in the example is written in c but it can be written in Delphi easily, all you need to do is call on service control manager and if you have a "c" understanding replace the functions with Delphi equivalents, i.e

c's memset
memset(&buf_res,0,sizeof(buf_res));

would/could look like this in your delphi program

ZeroMemory(@buf, sizeof(buf));

or

FillMemory(@buf, sizeof(buf), 0);


printf() could be replaced with Delphi Sysutils.Format() function etc.

and so on. So once you create the driver and output a .sys just load it and start experimenting. I will however mention this, if you have absolutely no driver development experience then it will be a bit awkward at first, i recommend reading through the NTDDK prior to getting your feet wet.

--Iconic

PostPosted: Tue Mar 07, 2006 5:17 pm
by Arksole Hoax
ah.. thanks! :)
it might be interessting for AV or FW developers!

Hope this doesnt get into evil hands!

PostPosted: Tue Mar 07, 2006 5:45 pm
by iconic
Ich stimme ├╝berein

--iconic

PostPosted: Sat Jan 30, 2010 10:50 am
by rohypnol
Nice, nice!
Too bad most of the topics covering my issue are 2003-2006. On the bright side, I've found the most interesting/possibly useful information on the madshi.net forum :D

The link in the first post of the thread is dead (RIP), does anyone know of anything similar?

PostPosted: Mon Feb 01, 2010 7:54 am
by aiwnjoo
This is Hacker Defender.

http://rootkit.host.sk

http://en.pudn.com/downloads46/sourceco ... 63_en.html

Or search hxdef on google :)

PostPosted: Tue May 04, 2010 3:35 pm
by portableac7
aiwnjoo nice info friend............... :D