To insert blocks of code to protect, you have to link your driver with a dummy driver called VirtualizerDDK.sys. Notice that VirtualizerDDK.sys is only required in PROTECTION TIME; when your device driver is protected by Code Virtualizer, all the dependencies to VirtualizerDDK.sys will be removed, so you do NOT have to ship the VirtualizerDDK.sys with your protected application.
VIRTUALIZER_TIGER_BLACK_START
// your code goes here
VIRTUALIZER_TIGER_BLACK_END |
If you want to test your device driver before protecting it with Code Virtualizer, you must place the driver VirtualizerDDK.sys in the %system32%/drivers folder and must have the VirtualizerDDK.sys driver registered and started. You could use the OSR Driver Loader (www.osr.com) to load and register the VirtualizerDDK.sys. The best practice is to start the VirtualizerDDK.sys when the system starts (BOOT, SYSTEM, AUTOMATIC) so you will always have it loaded in memory for your tests.
NOTE: The VirtualizedDDK.sys driver is a dummy driver which does not consume system resources at all.
Example of real device driver with Code Virtualizer
The following example shows a real device driver inserting two sensible areas inside the DriverEntry routine.
#include <ntddk.h> #include "VirtualizerDDK.h"
NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath ) {
PDEVICE_OBJECT deviceObject; PDEVICE_EXTENSION deviceExtension; UNICODE_STRING ntDeviceName; UNICODE_STRING symbolicLinkName; NTSTATUS status;
DebugPrint(("==>DriverEntry %d\n", i));
VIRTUALIZER_LION_RED_START // area to protect starts here!
// // Create the device object // RtlInitUnicodeString( &ntDeviceName, NTDEVICE_NAME_STRING );
status = IoCreateDevice( DriverObject, // DriverObject sizeof( DEVICE_EXTENSION ), // DeviceExtensionSize &ntDeviceName, // DeviceName FILE_DEVICE_UNKNOWN, // DeviceType FILE_DEVICE_SECURE_OPEN, // DeviceCharacteristics FALSE, // Not Exclusive &deviceObject // DeviceObject );
if ( !NT_SUCCESS(status) ) { DebugPrint(("\tIoCreateDevice returned 0x%x\n", status)); return( status ); }
VIRTUALIZER_LION_RED_END // area to protect finishes here!
// // Set up dispatch entry points for the driver. // DriverObject->MajorFunction[IRP_MJ_CREATE] = DriverObject->MajorFunction[IRP_MJ_CLOSE] = EventCreateClose; DriverObject->MajorFunction[IRP_MJ_CLEANUP] = EventCleanup; DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = EventDispatchIoControl; DriverObject->DriverUnload = EventUnload;
// // Create a symbolic link for userapp to interact with the driver. // RtlInitUnicodeString( &symbolicLinkName, SYMBOLIC_NAME_STRING ); status = IoCreateSymbolicLink( &symbolicLinkName, &ntDeviceName );
if ( !NT_SUCCESS(status) ) {
IoDeleteDevice( deviceObject ); DebugPrint(("\tIoCreateSymbolicLink returned 0x%x\n", status)); return( status ); }
VIRTUALIZER_TIGER_BLACK_START // area to protect starts here!
// // Initialize the device extension. // deviceExtension = deviceObject->DeviceExtension;
InitializeListHead(&deviceExtension->EventQueueHead);
KeInitializeSpinLock(&deviceExtension->QueueLock);
deviceExtension->Self = deviceObject;
// // Establish user-buffer access method. // deviceObject->Flags |= DO_BUFFERED_IO;
DebugPrint(("<==DriverEntry\n"));
return( status );
VIRTUALIZER_TIGER_BLACK_END // area to protect finishes here! } |