Writing Drivers in Delphi

Driver development has always been the privilege of C/C++ and Assembler programmers. If someone needs to write a device driver in Delphi, he has to settle for “adapter” drivers that would allow their user-mode program some ability to interface with kernel-mode functions. There are also “wizards” that (supposedly) allow one to create a driver without much driver-development knowledge. Both of these are often commercial software.

For some tasks one could also use a service (which can be written in Delphi). Well, either that or learn to program C/C++. With older Delphi versions you could still use the Microsoft linker included in DDK to link the object files produced by the Delphi compiler to get a valid .sys file, but newer Delphi versions have a different .obj file format. Is there any hope? Well, yes there is!

The main reasons why you can’t usually create drivers in Delphi are such :

  • It’s compiler/linker can’t produce .sys files.
  • The object file format incompatibility mentioned above.
  • DDK isn’t generally available in languages other than C/C++.
  • Some essential units (RTL) aren’t intended for use in kernel-mode and might crash a driver (and the whole system along with it).

The solution I recently discovered is the Delphi Driver Development Kit v0.0.4 (local mirror) that addresses most of these issues and lets you create kernel-mode drivers even in Delphi 7! It includes translated DDK headers, an utility to convert Delphi OBJ files to a format compatible with the Microsoft linker and some other things. And the best thing is it’s free! I compiled and run one of the samples on my Windows XP machine using Delphi 7 and it worked OK :)

DDDK 0.0.4 was created by The Hacker Defender Project team. Take a look at their site, they also have some other interesting programs and articles there.

Update 04.07.2007 : Looks like “The Hacker Defender Project” is down. You can still get the DDK at http://w-shadow.com/files/DDDK004.zip

Related posts :

22 Responses to “Writing Drivers in Delphi”

  1. zxc says:

    THX!
    HDTeam

  2. Knut Johnsen says:

    The DDDK004.zip contains a virus according to my Norton 2008!!! DO NOT USE.

  3. White Shadow says:

    And it’s clean according to my NOD32. Norton probably just got something caught in its heuristic filters.

  4. phs says:

    Thanks, that seems interesting.

    Just wanted to point out that also Avira AntiVir believes that DCC32.exe contains a virus/trojan horse (“TR/Agent.257941″). I guess this file was patched. Would you maybe know what changes were made to the compiler?

    Cheers, phs

  5. White Shadow says:

    Nope, I don’t know the specifics. And the original webpage has been down for a long time, so good luck finding an explanation anywhere. Ah well.

  6. Thomas says:

    I’ve found the same, and also omf2d.exe contains the Virus WORM/Generic 27127 (AVIRA).
    But, fortunally, DDDK04 is not necessary to create drivers with Delphi! The only reason, to use omf2d.exe is, because since Delphi4(?) the resulting obj-Files are not compatible with MS-Linker to produce the sys-File. Use Delphi3 dcc32.exe instead!

    See this link:

    http://forum.sysinternals.com/forum_posts.asp?TID=5324&PN=2

    To link the obj-files you can use the linker and the ntoskrnl.lib from the Win-Sever2003-DDK you can get under

    http://www.microsoft.com/whdc/devtools/ddk/default.mspx

    The only difficulty is to translate the DDK-headers to Delphi…

    Have fun

    Thomas

  7. memoz says:

    but then compile.debug.bat didn’t make the .sys file
    coul’d you help me !!!!!!!!!!!!!!!!!!

  8. White Shadow says:

    I don’t think I can, sorry. I haven’t dealt with this topic for ages.

  9. memoz says:

    please i want to make driver in by delphi7 , i’m try so mutch but no way
    i want help
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

  10. Arghblarg says:

    The original DDDK004.zip is cached on the Internet Archive (Wayback Machine).. perhaps these ones don’t trip virus scanners.. I don’t know as I haven’t tested them yet. Use at own risk.

    http://web.archive.org/web/*/http://hxdef.org/download/DDDK004.zip

  11. Arghblarg says:

    OK guys, I think everyone can relax. I analyzed the ‘infected’ DCC32.exe, omf2d.exe and link.exe files in this archive.

    It turns out they are compressed EXE files (a look with hex editor showed ‘UPack’ by Dwing was the packer used). I found a trial of a program called ‘PE Explorer’ (google it) which can unpack such EXE files; so I unpacked them and scanned the unpacked versions and Avira says they’re clean.

    DCC32.exe (unpacked): v15.0, circa 2002 (what version of Delphi IDE? Who knows)

    omf2d.exe (unpacked):
    C:\Documents and Settings\asdf\Desktop\DDDK004\unpacked>.\omf2d.exe /?

    OMF2D 1.02 converts 32bit OMF to Delphi linkable OMF
    Copyright (C) 2003 Radim Picha, http://www.anticracking.sk/EliCZ
    OMF2D: Cannot open input file!

    .. I suppose the antivirus companies nowadays just flag *any* PE executable packed with Dwing UPack as malware since a lot of virus/trojan writers use the lib to keep their malware small. But it really doesn’t, in itself, constitute a danger. I’d say this is a legit package, but someone really needs to re-dist it without packed EXEs so people don’t freak out. I guess I’ll post it somewhere in a fixed form :)

    Hope that helps,
    -Arghblarg

  12. dodo says:

    what the conclusion?
    it is safe or not?

  13. White Shadow says:

    I’d say it is safe.

  14. avar says:

    it is safe, this kit is now actively used by many chinese programmers, just search http://www.baidu.com for DDDK004.zip, u can find many links on many forums.

  15. qqqq1 says:

    Virus inside. FAIL.

  16. White Shadow says:

    Over-eager antivirus software, likewise fail.

  17. Ehab says:

    Hi All,

    It is really a packer matter. I Packed it and it is totally clean.

    thanks allot for White Shadow

  18. Rubem Rocha says:

    I’d like to use DDDK to create a kernel-mode driver to use with an user-mode application to make audio capture. Is it possible?

    []s,

    Rubem Rocha
    Manaus, AM – Brazil

  19. White Shadow says:

    Sorry, no idea. I certainly haven’t tried it myself.

  20. lexdean says:

    Yes I found the http://www.osronline.com web site and found some info in C++
    on this same subject. Does that help any one.

    Lex Dean

Leave a Reply