Writing Drivers in Delphi
Driver development has always been the privilege of C/C++ and Assembler programmers. If someone needs to write a device driver in Delphi, he has to settle for “adapter” drivers that would allow their user-mode program some ability to interface with kernel-mode functions. There are also “wizards” that (supposedly) allow one to create a driver without much driver-development knowledge. Both of these are often commercial software.
For some tasks one could also use a service (which can be written in Delphi). Well, either that or learn to program C/C++. With older Delphi versions you could still use the Microsoft linker included in DDK to link the object files produced by the Delphi compiler to get a valid .sys file, but newer Delphi versions have a different .obj file format. Is there any hope? Well, yes there is!
The main reasons why you can’t usually create drivers in Delphi are such :
- It’s compiler/linker can’t produce .sys files.
- The object file format incompatibility mentioned above.
- DDK isn’t generally available in languages other than C/C++.
- Some essential units (RTL) aren’t intended for use in kernel-mode and might crash a driver (and the whole system along with it).
The solution I recently discovered is the Delphi Driver Development Kit v0.0.4 (local mirror) that addresses most of these issues and lets you create kernel-mode drivers even in Delphi 7! It includes translated DDK headers, an utility to convert Delphi OBJ files to a format compatible with the Microsoft linker and some other things. And the best thing is it’s free! I compiled and run one of the samples on my Windows XP machine using Delphi 7 and it worked OK 🙂
DDDK 0.0.4 was created by The Hacker Defender Project team. Take a look at their site, they also have some other interesting programs and articles there.
Update 04.07.2007 : Looks like “The Hacker Defender Project” is down. You can still get the DDK at http://w-shadow.com/files/DDDK004.zip
Related posts :
Subscribe via RSS
Get Updates by Email
THX!
HDTeam
The DDDK004.zip contains a virus according to my Norton 2008!!! DO NOT USE.
And it’s clean according to my NOD32. Norton probably just got something caught in its heuristic filters.
Thanks, that seems interesting.
Just wanted to point out that also Avira AntiVir believes that DCC32.exe contains a virus/trojan horse (“TR/Agent.257941”). I guess this file was patched. Would you maybe know what changes were made to the compiler?
Cheers, phs
Nope, I don’t know the specifics. And the original webpage has been down for a long time, so good luck finding an explanation anywhere. Ah well.
I’ve found the same, and also omf2d.exe contains the Virus WORM/Generic 27127 (AVIRA).
But, fortunally, DDDK04 is not necessary to create drivers with Delphi! The only reason, to use omf2d.exe is, because since Delphi4(?) the resulting obj-Files are not compatible with MS-Linker to produce the sys-File. Use Delphi3 dcc32.exe instead!
See this link:
http://forum.sysinternals.com/forum_posts.asp?TID=5324&PN=2
To link the obj-files you can use the linker and the ntoskrnl.lib from the Win-Sever2003-DDK you can get under
http://www.microsoft.com/whdc/devtools/ddk/default.mspx
The only difficulty is to translate the DDK-headers to Delphi…
Have fun
Thomas
but then compile.debug.bat didn’t make the .sys file
coul’d you help me !!!!!!!!!!!!!!!!!!
I don’t think I can, sorry. I haven’t dealt with this topic for ages.
please i want to make driver in by delphi7 , i’m try so mutch but no way
i want help
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
The original DDDK004.zip is cached on the Internet Archive (Wayback Machine).. perhaps these ones don’t trip virus scanners.. I don’t know as I haven’t tested them yet. Use at own risk.
http://web.archive.org/web/*/http://hxdef.org/download/DDDK004.zip
OK guys, I think everyone can relax. I analyzed the ‘infected’ DCC32.exe, omf2d.exe and link.exe files in this archive.
It turns out they are compressed EXE files (a look with hex editor showed ‘UPack’ by Dwing was the packer used). I found a trial of a program called ‘PE Explorer’ (google it) which can unpack such EXE files; so I unpacked them and scanned the unpacked versions and Avira says they’re clean.
DCC32.exe (unpacked): v15.0, circa 2002 (what version of Delphi IDE? Who knows)
omf2d.exe (unpacked):
C:\Documents and Settings\asdf\Desktop\DDDK004\unpacked>.\omf2d.exe /?
OMF2D 1.02 converts 32bit OMF to Delphi linkable OMF
Copyright (C) 2003 Radim Picha, http://www.anticracking.sk/EliCZ
OMF2D: Cannot open input file!
.. I suppose the antivirus companies nowadays just flag *any* PE executable packed with Dwing UPack as malware since a lot of virus/trojan writers use the lib to keep their malware small. But it really doesn’t, in itself, constitute a danger. I’d say this is a legit package, but someone really needs to re-dist it without packed EXEs so people don’t freak out. I guess I’ll post it somewhere in a fixed form 🙂
Hope that helps,
-Arghblarg
what the conclusion?
it is safe or not?
I’d say it is safe.
it is safe, this kit is now actively used by many chinese programmers, just search http://www.baidu.com for DDDK004.zip, u can find many links on many forums.
Virus inside. FAIL.
Over-eager antivirus software, likewise fail.
Hi All,
It is really a packer matter. I Packed it and it is totally clean.
thanks allot for White Shadow
I’d like to use DDDK to create a kernel-mode driver to use with an user-mode application to make audio capture. Is it possible?
[]s,
Rubem Rocha
Manaus, AM – Brazil
Sorry, no idea. I certainly haven’t tried it myself.
Yes I found the http://www.osronline.com web site and found some info in C++
on this same subject. Does that help any one.
Lex Dean