Creating True System Drivers Written in Delphi

just write whatever you want

Creating True System Drivers Written in Delphi

Postby iconic » Tue Mar 07, 2006 2:44 pm

I recently stumbled upon this link
which i found interesting, i am posting this because it may be beneficial to those who have ever wanted to write a fully-working .sys driver in delphi, which most people think isn't possible. It's not that Delphi isn't powerful enough to do such a thing out of the box, Borland's compiler doesn't support the OMF format in order to link it correctly, since it's an MS format. I'm not talking about some Delphi 2 hack which allows you to create a VxD, I'm talking about a kit that will allow you to develop a driver in any version delphi compiler. The above link will show you 4 driver demos all in delphi code, no strings attached and allow you to hook into the SDT and hook calls such as zwOpenProcess etc. Once Delphi does its job and converts your code to an object format EliCZ' OMF2D tool will create an OMF binary which you will then need to link with MS' link.exe to make this all possible. After that you'll have a system driver written entirely in object pascal which is as stable as any other properly coded driver. The DDDK units written in Delphi exports current NT functions, structs and consts from NTOSKRNL (NT Kernel) and allow for you to do nearly anything you've wanted to in ring-0. check out the source and I hope you guys find this useful and can get started writing drivers in your favorite language (Delphi).

Posts: 859
Joined: Wed Jun 08, 2005 5:08 am

Postby Arksole Hoax » Tue Mar 07, 2006 3:05 pm

yeah looks nice :)

what can be done with "drivers" ?

could you give some examples what can be done with it?
so is it worth, actually, doing it ?

ok verbesserung, :)

what can be done with "drivers" that is meaningfull ?
Last edited by Arksole Hoax on Tue Mar 07, 2006 3:21 pm, edited 1 time in total.
Arksole Hoax
Posts: 211
Joined: Sat May 08, 2004 11:41 am

Postby madshi » Tue Mar 07, 2006 3:15 pm

Cool !
Site Admin
Posts: 9958
Joined: Sun Mar 21, 2004 5:25 pm

Postby iconic » Tue Mar 07, 2006 3:21 pm

writing a system driver in NT means that you can speak to the kernel (directly), unlike usermode which actually have to hand down operation requests to the lower-level kernel functions. The question is, what can't be done in kernel land? :D As far as examples, they are included in the DDDK (Delphi Driver Development Kit) i linked you to. I am currently working on a few of my own that catch newly created processes and can permit/deny the execution of the process from ring-0. My free time is limited but I found it useful so i just wanted to share it with you guys. If you are wanting to have your driver speak to your usermode application you'll need to create a DOS device link so that ring-0 can be "in synch" with your ring-3 application, the rest is not hard. The loader in the example is written in c but it can be written in Delphi easily, all you need to do is call on service control manager and if you have a "c" understanding replace the functions with Delphi equivalents, i.e

c's memset

would/could look like this in your delphi program

ZeroMemory(@buf, sizeof(buf));


FillMemory(@buf, sizeof(buf), 0);

printf() could be replaced with Delphi Sysutils.Format() function etc.

and so on. So once you create the driver and output a .sys just load it and start experimenting. I will however mention this, if you have absolutely no driver development experience then it will be a bit awkward at first, i recommend reading through the NTDDK prior to getting your feet wet.

Posts: 859
Joined: Wed Jun 08, 2005 5:08 am

Postby Arksole Hoax » Tue Mar 07, 2006 5:17 pm

ah.. thanks! :)
it might be interessting for AV or FW developers!

Hope this doesnt get into evil hands!
Arksole Hoax
Posts: 211
Joined: Sat May 08, 2004 11:41 am

Postby iconic » Tue Mar 07, 2006 5:45 pm

Ich stimme überein

Posts: 859
Joined: Wed Jun 08, 2005 5:08 am

Postby rohypnol » Sat Jan 30, 2010 10:50 am

Nice, nice!
Too bad most of the topics covering my issue are 2003-2006. On the bright side, I've found the most interesting/possibly useful information on the forum :D

The link in the first post of the thread is dead (RIP), does anyone know of anything similar?
Posts: 1
Joined: Sat Jan 30, 2010 10:47 am

Postby aiwnjoo » Mon Feb 01, 2010 7:54 am

This is Hacker Defender. ... 63_en.html

Or search hxdef on google :)
Posts: 52
Joined: Tue Mar 06, 2007 1:06 pm

Postby portableac7 » Tue May 04, 2010 3:35 pm

aiwnjoo nice info friend............... :D
Posts: 1
Joined: Tue May 04, 2010 3:31 pm

Return to fun talk

Who is online

Users browsing this forum: No registered users and 1 guest