Write kernel driver loader

I. common ways to load kernel drivers API introduce .

Load kernel driver , Use our ring3 Next API That's it .

API namely :

OpenSCManager  open device ( service ) Manager

CreateService   Create service ( Or equipment , Different according to different parameters )

OpenService      Open device or service .

StartService            Start service , Start device .

ControlService        Control the status of a device or service .

CloseServiceHandle  Close handle to service or device

DeleteService        Uninstall service

Parameter introduction :

1. Open device manager
SC_HANDLE OpenSCManager( LPCTSTR lpMachineName, //
Machine name . Computers can be developed , If not specified , to NULL Open yourself . LPCTSTR lpDatabaseName, //
Name of the open device manager database , If is NULL Use the default . DWORD dwDesiredAccess // Open permissions . );
Return value :

   success :  Returns the handle to the device manager

   fail :  return NULL


2. Create device or service .
SC_HANDLE CreateService(
SC_HANDLE hSCManager, // Device manager handle , adopt OpenScManger return LPCTSTR lpServiceName, //
Name of service or device startup LPCTSTR lpDisplayName, // Display name of service or DWORD dwDesiredAccess, //
Access to services or devices DWORD dwServiceType, // Type of service or device created , If it's a kernel driver , You can give it here DWORD
dwStartType,// When does the service or device start DWORD dwErrorControl, //
If the service or device fails to start , Then specify what the application should do ,( restart , Or grow again .) LPCTSTR lpBinaryPathName, //
File path of service or device , Must give . LPCTSTR lpLoadOrderGroup, // Service or equipment rent arrangement . LPDWORD lpdwTagId, //
The service can be started through the registry . LPCTSTR lpDependencies, // array of dependency names LPCTSTR
lpServiceStartName,// Start name of the service . LPCTSTR lpPassword // password ;
Return value :

   success :  Returns a handle to create a service or device .

   fail :  return NULL

3. Open service or device .
SC_HANDLE OpenService( SC_HANDLE hSCManager, // Handle to Device Manager , adopt OpenScManger return .
LPCTSTR lpServiceName,// Name of service or device . DWORD dwDesiredAccess // Permission to open a service or device . );
Return value :

   success :  Returns a handle to a service or device .

   fail :  return NULL

4. Start service or device .
BOOL StartService( SC_HANDLE hService, // Service or device handle DWORD dwNumServiceArgs, //
Number of 2D arrays . LPCTSTR* lpServiceArgVectors // Two dimensional array . Each group stores a service name . If it's a kernel driver, give it all NULL that will do . );
Return value :

   success :  Return non-zero value

   fail :  Return zero .

5. Control service or equipment .
BOOL ControlService( SC_HANDLE hService, //
Service or device handle , adopt OpenService perhaps CreateService return . DWORD dwControl, // Control code .
If SERVICE_CONTROL_PAUSE Then the service will be suspended LPSERVICE_STATUS lpServiceStatus //
Status of the service . It's a structure , The operating system helps you fill it out .

structural morphology :
typedef struct _SERVICE_STATUS { DWORD dwServiceType;     // Type of service DWORD
dwCurrentState;    // Current status of the service , Suspended or stopped .... DWORD dwControlsAccepted; // Control code of service .
DWORD dwWin32ExitCode;    // Service error or stop return error DWORD dwServiceSpecificExitCode;
// Error code returned by service startup . DWORD dwCheckPoint;      // Whether the number of times the service is enabled for statistics . arrive 100 Start complete . Use of general progress bar
DWORD dwWaitHint; } SERVICE_STATUS,*LPSERVICE_STATUS// Given an expectation . time . And then start up in time .
6. Close service handle .
BOOL CloseServiceHandle( SC_HANDLE hSCObject // Handle to service or device );
 7. Uninstall service
BOOL DeleteService( SC_HANDLE hService // handle to service);

II. Detailed code

It's simple API introduce . Here is the complete code .

Please note that I am using MFC Prepared by .  But each of its functions does not depend on each other . If you're copying code . Then you can copy them and use them .

1. Install kernel driver code
m_CreateService = CreateService( m_ScHand, Service or device name , // for example : MySystem.sys
Installed properties , I'm here for the kernel . So the kernel is installed . SERVICE_DEMAND_START, SERVICE_ERROR_SEVERE,
m_EdtPathName, NULL, NULL, NULL, NULL, NULL);if (m_CreateService == NULL) {
::CloseServiceHandle(m_CreateService); ::CloseServiceHandle(m_ScHand);
::MessageBox(NULL, TEXT("Sorry Install Drive Fail"), TEXT("Error"), NULL);
return; } ::CloseServiceHandle(m_CreateService);
::CloseServiceHandle(m_ScHand); ::MessageBox(NULL, TEXT("InStall Drive Sucess"
), TEXT("Sucess"), NULL);
2. Uninstall code
m_ScHand = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS); if (m_ScHand ==
NULL) { ::MessageBox(NULL, TEXT("Sorry OpenScManger Fail\r\n"), TEXT("Error"),
MB_ICONEXCLAMATION);return; } //open Service m_CreateService =
OpenService(m_ScHand, m_ServiceName, SERVICE_STOP | DELETE); if
(m_CreateService == NULL) { ::MessageBox(NULL, TEXT("Sorry Install Drive Fail"
), TEXT("Error"), NULL); return; } BOOL bRet = FALSE; bRet =
DeleteService(m_CreateService);if (!bRet) {
::CloseServiceHandle(m_CreateService); ::CloseServiceHandle(m_ScHand);
::MessageBox(NULL, TEXT("Sorry UnInstall Drive Fail"), TEXT("Error"), NULL);
return; } DeleteService(m_CreateService);
::CloseServiceHandle(m_CreateService); ::CloseServiceHandle(m_ScHand);
::MessageBox(NULL, TEXT("UnInstall Drive Sucess"), TEXT("Sucess"), NULL);
3. Code to start kernel driver
  m_ScHand = NULL; m_CreateService = NULL; m_ScHand = OpenSCManager(NULL,
NULL, SC_MANAGER_ALL_ACCESS);if (m_ScHand == NULL) { ::MessageBox(NULL, TEXT("
Sorry OpenScManger Fail\r\n"), TEXT("Error"), MB_ICONEXCLAMATION); return; } //
open Service m_CreateService = OpenService(m_ScHand, m_ServiceName,
SERVICE_START);if (m_CreateService == NULL) { ::MessageBox(NULL, TEXT("Sorry
Start Drive Fail"), TEXT("Error"), NULL); return; } UpdateData(TRUE); BOOL bRet
= StartService(m_CreateService,0,NULL); // Important places . if (bRet == NULL) {
::CloseServiceHandle(m_CreateService); ::CloseServiceHandle(m_ScHand);
::MessageBox(NULL, TEXT("Sorry Start Service Fail\r\n"), TEXT("Error"), IDOK);
return; } ::CloseServiceHandle(m_CreateService);
::CloseServiceHandle(m_ScHand); ::MessageBox(NULL, TEXT(" Start Service
Sucess\r\n"), TEXT("Sucess"), IDOK);
4.. Pause kernel drive .
m_ScHand = NULL; m_CreateService = NULL; UpdateData(TRUE); m_ScHand =
if (m_ScHand != NULL){ SC_HANDLE hService = OpenService(m_ScHand,
m_ServiceName, SERVICE_STOP);if (hService != NULL) { if
(ControlService(m_CreateService, SERVICE_CONTROL_STOP, &svcsta)) {
CloseServiceHandle(m_CreateService); CloseServiceHandle(m_ScHand);
::MessageBox(NULL, TEXT(" Stop Service Sucess\r\n"), TEXT("Sucess"), IDOK);
return ; } CloseServiceHandle(m_CreateService); CloseServiceHandle(m_ScHand);
::MessageBox(NULL, TEXT(" Stop Service Fail\r\n"), TEXT("Error"), IDOK); return
; } CloseServiceHandle(m_ScHand);return ; } else { ::MessageBox(NULL, TEXT("
Stop Service Fail\r\n"), TEXT("Fail"), IDOK); return ; } return;

Complete engineering code data download :

   link :https://pan.baidu.com/s/1kWoHJZD <https://pan.baidu.com/s/1kWoHJZD>
password :osy7


Hard to create , Reprint please indicate the source .