Published on September 22, 2021
While I am definitely not the first to write about writing kernel drivers for Microsoft Windows in Rust, I feel there are still a number of gaps that have to be addressed to make this more approachable. That is why I will be covering how to write kernel drivers in Rust for Microsoft Windows in a series of articles that together hopefully end up being a more complete guide.
Before we can even get started developing Windows drivers in Rust, we first have to install a number of prerequisites, namely:
- Microsoft Visual Studio
- Windows SDK
- Windows Driver Kit
- LLVM and Clang (for bindgen)
- Microsoft Windows running in Testing Mode (to load self-signed Windows drivers)
- Sysinternals DebugView
Setting up Visual Studio
Download Build Tools for Visual Studio on the Windows box, and run the installer. When the installer presents you with workloads to select, you can select "Desktop development with C++" as that will pretty much install everything you will need. Then click the button on the bottom-right of the installer to download and install Visual Studio Build Tools. This may take a while to install, so this is probably a good moment to brew yourself a cup of coffee.
If for some reason, you want to modify the workloads or individual components later on, you can:
- Select the Start button in the bottom-left, and then Settings to open your settings
Apps & Featuresin the search bar to find the Apps & Features setting. Scroll down to the Microsoft Visual Studio Installer.
- Select Microsoft Visual Studio Installer and then click on the Modify button.
- This should open the same installer as before, allowing you to change your workloads/individual components.
If you prefer a more complete installation of Visual Studio instead, you can download and install Visual Studo 2019 Community Edition rather than the Build Tools for Visual Studio.
Windows Driver Kit
To install the Windows Driver Kit, we need a matching version of the Windows SDK first.
Unfortunately, Visual Studio does not ship the most recent version of the Windows SDK yet, so we have to install it separately.
Download the Windows SDK ISO and right-click the file and select Mount.
Then once the ISO has been mounted, you can run
WinSDKSetup.exe to install the Windows SDK.
Now that we have the right version of the Windows SDK installed, we can proceed to download and install the Windows WDK. You should now have version 10.22000.1 of the Windows SDK and the WDK.
While we won't need LLVM until we look at generating bindings for the Windows Driver API in Windows Drivers in Rust: Generating Bindings, it would be nice to have it already installed for when we get to using bindgen, as it depends on libclang to generate Rust bindings from the C/C++ headers.
The available releases for LLVM can be found on their download page.
At the time of writing the most recent release of LLVM is 12.0.1, which is what we will be using.
We will be downloading the Windows installer to install LLVM, which is named
Download and run the installer to install LLVM and Clang.
While MSYS2, WSL and Microsoft Visual Studio also provide their own versions of LLVM and Clang, these are not necessarily suitable for our needs. For instance, bindgen will not be able to parse the Windows Driver headers using the MSYS2 version at all due to compatibility reasons. Similarly, Microsoft Visual Studio seems to provide a 32-bit version of libclang.dll, while we need a 64-bit version.
Open PowerShell in Administrator mode and run the following to allow Microsoft Windows to self-signed Windows driver:
Bcdedit.exe -set TESTSIGNING ON
After running the command above, you have to reboot your system and Microsoft Windows should boot up in testing mode. If the changes are successful, the bottom-right corner should indicate that Microsoft Windows is now running in Test Mode.
In case you want to revert the change, you can run the following command in PowerShell running as an administrator:
Bcdedit.exe -set TESTSIGNING OFF
In order to see debug messages from our drivers, we will need a tool called DebugView from Sysinternals. Download DebugView to your system. It can simply be run in administrator mode to start capturing the debug messages.
In the next article we will be looking at actually setting up our driver, such that we end up with a minimal driver that can print debug messages.
If you like my work or if my work has been useful to you in any way, then feel free to donate me a cup of coffee. Any donation is much appreciated!