How to load kmdf driver (wfp/inspect) on system boot

1

I wrote simple 64bit kmdf driver (wfp/inspect). This driver is located in:

%WinDir%\System32\Drivers\Inspect.sys

I can load this driver using: net start inspect.

Now I would like to load this driver during Windows startup, so I have prepared this inf file:

[Version]
Signature = "$Windows NT$"
Class = WFPCALLOUTS
ClassGuid = {57465043-616C-6C6F-7574-5F636C617373}
Provider = %ProviderString%
CatalogFile = Inspect.cat
DriverVer = 09/20/2018,19.58.54.237


[SourceDisksNames]
1 = %InspectDisk%,,,""


[SourceDisksFiles]
Inspect.sys = 1,,


[DestinationDirs]
DefaultDestDir = 12 ; %WinDir%\System32\Drivers
Inspect.DriverFiles = 12 ; %WinDir%\System32\Drivers


[DefaultInstall]
OptionDesc = %InspectServiceDesc%
CopyFiles = Inspect.DriverFiles


[DefaultInstall.Services]
AddService = %InspectServiceName%,,Inspect.Service


[DefaultUninstall]
DelFiles = Inspect.DriverFiles


[DefaultUninstall.Services]
DelService = %InspectServiceName%,0x200 ; SPSVCINST_STOPSERVICE
DelReg = Inspect.DelRegistry


[Inspect.DriverFiles]
Inspect.sys,,,0x00000040 ; COPYFLG_OVERWRITE_OLDER_ONLY


[Inspect.Service]
DisplayName = %InspectServiceName%
Description = %InspectServiceDesc%
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 0 ; SERVICE_BOOT_START
ErrorControl = 1 ; SERVICE_ERROR_NORMAL
ServiceBinary = %12%\Inspect.sys ; %WinDir%\System32\Drivers\Inspect.sys
AddReg = Inspect.AddRegistry


[Inspect.AddRegistry]
HKR,"Parameters","BlockTraffic",0x00010001,"0" ; FLG_ADDREG_TYPE_DWORD
HKR,"Parameters","RemoteAddressToInspect",0x00000000,"10.0.0.1" ; FLG_ADDREG_TYPE_SZ


[Inspect.DelRegistry]
HKR,"Parameters",,,


[Strings] ProviderString = "TODO-Set-Provider"
InspectDisk = "Traffic Inspect Installation Disk"
InspectServiceDesc = "Traffic Inspect Callout Driver"
InspectServiceName = "Inspect"

but driver isn't load on boot.

As I mentioned on the begin, it's 64bit kmdf driver.

Did I forgot about something? Any suggestion/hint where the problem is?

Thanks for help.

windows
kmdf
asked on Stack Overflow Sep 24, 2018 by (unknown user) • edited Sep 24, 2018 by (unknown user)

1 Answer

1

see the following question. TL;DR:

Use sc create [service name] binPath= [path to your .sys file] type= kernel to create a kernel-mode service and sc start [service name] to start it

answered on Stack Overflow Jan 14, 2019 by Baget

User contributions licensed under CC BY-SA 3.0