I recently read the book "Windows Kernel Programming" by Pavel Yosifovich. In Chapter 9 - "Object and Registry Notifications" there is a project called "The Process Protector Driver", after I finish the book I try to create this project from 0 and add my upgrades. Every time I was trying to run my driver I got the same error:
Failed to register callbacks (status=C0000022)
I thought there is something wrong with my code so I decide to copy the code from the book and try it.. but I got the same error.
I load the Driver in VirtualBox Windows 10 32-bit like this (In CMD as Administrator):
sc create protect type= kernel binPath= C:\Users\Test\Desktop\ProcessProtectorDriver.sys
sc start protect
(left side is the DbgView tool from sysinternals)
After a few searches about this I think my Driver need to be signed, so I try to disable driver signature verification like this:
bcdedit /set testsigning on
About the project:
- I add the /INTEGRITYCHECK to Configuration Properties -> C/C++ -> Command Line (from the book)
- I try the Driver in Debug mode
but I got the same error..
The Process Protector Driver Project Code:
Driver: https://github.com/zodiacon/windowskernelprogrammingbook/tree/master/chapter09/ProcessProtect
Client: https://github.com/zodiacon/windowskernelprogrammingbook/tree/master/chapter09/Protect
