kernel_1_1

first.c

#pragma once

#ifdef __cplusplus
extern "C" {
#endif

#include <ntddk.h>

#ifdef __cplusplus
}
#endif

DRIVER_INITIALIZE DriverEntry;
DRIVER_UNLOAD DriverUnload;

#pragma code_seg("INIT")
EXTERN_C NTSTATUS DriverEntry( IN PDRIVER_OBJECT pDriverObject,
                      IN PUNICODE_STRING pRegisterPath )
{
    DbgPrint("first: Hello World!\r\n");

    pDriverObject->DriverUnload = DriverUnload;
    return STATUS_SUCCESS;
}

#pragma code_seg("PAGE")
VOID DriverUnload( PDRIVER_OBJECT DriverObject )
{
    DbgPrint("first: Our driver is unloading...\r\n");
}

makefile

#
# DO NOT EDIT THIS FILE!!!  Edit .\sources. if you want to add a new source
# file to this component.  This file merely indirects to the real make file
# that is shared by all the driver components of the Windows NT DDK
#

!INCLUDE $(NTMAKEENV)\makefile.def

sources

TARGETNAME=first
TARGETTYPE=DRIVER
TARGETPATH=obj
SOURCES=..\first.c

我推荐你用CMD编译 当然你可以使用IDE

VisualStdio 6.0 sp6的Project Setting设置如下

C/C++ Tab

/nologo /Gz /MLd /W3 /WX /Z7 /Od
/D WIN32=100 /D _X86_=1 /D WINVER=0x500 /D DBG=1 
/Fo"Check" /Fd"Check" /FD /c 

Link Tab

ntoskrnl.lib /nologo /base:"0x10000" /stack:0x400000,0x1000
/entry:"DriverEntry" /subsystem:console /incremental:no
/pdb:"Check/first.pdb" /pdbtype:sept
/subsystem:native /driver
/SECTION:INIT, D /RELEASE /IGNORE:4078

你需要一个软件用来安装NT式驱动 Open之后点选GO/STOP就好

名称 Debug Monitor

版权 Compuware Corporation - NuMega Lab

它是 DriverStudio 的一个组件,　　需要 dbgmsgcfg.dll 支持运行

还需要一个软件用来显示内核信息 因为内核并不会有控制台或消息框

名称 Dbgview

特别注意 Capture -> Capture Kernel 必须勾选

你可以在 Device Manager 的 Non-Plug and Play Drivers(隐cang)

看到你的这个设备 当然 非即插即用设备是隐cang的　　// 程序猿要回避zheng_zhi...

所以 View -> 显示隐cang的设备 必须勾选