hardware ID for Kernel-Bridge.sys about kernel-bridge HOT 10 CLOSED

Hi here!
It's easier to use a "net start Kernel-Bridge" or use a C++ interface in User-Bridge to install the Kernel-Bridge driver. It doesn't requires to use an *.inf-files.

from kernel-bridge.

use a C++ interface in User-Bridge to install the Kernel-Bridge driver.

Could you please describe this approach step-by-step?
Thanks in advance!

from kernel-bridge.

Hm? But look at the README.md - there is a sample. All you need is to call the KbLoader::KbLoadAsFilter(L"Path\to\driver.sys", L"260000"). Run your app with an admin rights and it will load the KB driver.

from kernel-bridge.

Also, could you describe how i can step through your code in Visual Studio? My goal is learning and the best way to learn is stepping through the code. When i hit "Start Debugging" VS asked me to provision a computer for that. I provisioned a remote machine and all necessary files were placed there, but i need to break into the kernel from Visual studio to attach to the driver process and i don't know how to do that...

from kernel-bridge.

Are you setted up a COM-port to work with a kernel debugger?

from kernel-bridge.

No, i use:
Using NET for debugging
Opened WinSock 2.0
Waiting to reconnect...

WinDbg attaches to the kernel on the remote machine without any problem when used by itself. (Not in Visual Studio)
Visual Studio by itself can also attach to the remote computer and i see in "Debug output window" message "Debugee is running" so i need to break into kernel and that's where i hit a snag.

from kernel-bridge.

So, i guess the best way to approach this would be creating my own auxiliary application on the remote machine, move the binaries there and use
// Loading as minifilter (it allows to use extended features):
KbLoader::KbLoadAsFilter(L"N:\Folder\Kernel-Bridge.sys", L"260000");
as you suggest in the readme and then, after the driver is loaded attach to it from WinDbg on my host. Correct me, if i am wrong, please.

from kernel-bridge.

It is possible to use only virtual COM-ports to debug a kernel. So, you should to create one. In the virtual machine settings remove a virtual printer (as it works on a COM1) and create the new COM-port and name it "\\pipe\com_1". And check the checkbox "Poll CPU" (or something like that). And set the first end of the pipe to the VM and the second end of the pipe to the host.

Now you have the pipe "\\pipe\com_1" associated with the virtual COM1.

Run the "msconfig" in the guest-vm and set up there a COM1-debugging.

Now you can attach to the virtual machine using a kernel debugger. I recommend you to download a WinDbg Preview from the Microsoft Store and use the "Attach to the kernel" menu there. But if you want to use a Visual Studio, so run "Attach to the process" and choose there your remote kernel.

from kernel-bridge.

OK, great! Thanks a lot for your help, Alexander!

from kernel-bridge.

And yes, after all, run your own app to load the KB and press "Pause" in debugger. Or you can insert the "__debugbreak()" intrinsic in desired place and it will break in a kernel debugger.

from kernel-bridge.