This repository contains a Visual Studio template project for building an NDIS filter driver. The project isn't meant to show you how to build a driver, but rather demonstrate how Visual Studio can be used to create a custom preprocessed header that Ghidra can use to extract all the NDIS related data types.

For background, check out the supporting blog posts.

• Everyday Ghidra: Ghidra Data Types— When to Create Custom GDTs — Part 1

The article discusses how to create custom data types in Ghidra, a software reverse engineering tool, using Windows header files. It explains the process of creating custom Ghidra Data Types (GDTs) from Windows headers, which can help in analyzing and understanding binary files more effectively. The article covers topics such as understanding the structure of Windows headers, parsing them to extract relevant information, and integrating the custom data types into Ghidra's analysis environment.

• Everyday Ghidra: Ghidra Data Types - Creating Custom GDTs From Windows Headers - Part 2

The article provides a step-by-step guide on how to create custom Ghidra Data Type (GDT) files from Windows headers. It explains the importance of data types in reverse engineering and how Ghidra's default decompilation of the Windows tcpip.sys file fell short due to missing data types. The author then demonstrates how to leverage Visual Studio's preprocessor to generate a preprocessed header file, which can then be used to create a custom GDT file containing NDIS-related data types.

graph TD;
  A[Set Up Your Environment]
  B[Prepare the Headers]
  C[Preprocess the Headers]
  D[Clean Up the Preprocessed Headers]
  E[Generate the GDT File]
  F[Using the GDT File]

  A -->|Install Visual Studio| A1[Ensure Visual Studio is Configured]
  B -->|Collect Windows Headers| B1[Create Combined Header File]
  C -->|Use Visual Studio to Preprocess Headers| C1[Remove Macros and Preprocessor Directives]
  D -->|Additional Cleanup| D1[Remove Inline Assembly]
  E -->|Open Ghidra| E1[Create New Project]
  E1 -->|Import Binary File| E2[Open Data Type Manager]
  E2 -->|Parse Cleaned Header File| E3[Save Data Types to GDT File]
  F -->|Open Data Type Manager in Another Project| F1[Open File Archive]
  F1 -->|Choose GDT File| F2[Data Types Available in Project]

1. Install the Windows Driver Development Kit (DDK):

   • Download the Windows Driver Kit (WDK) from the official Microsoft website: Download WDK

2. Install Visual Studio 2022:

   • Download Visual Studio 2022 from the official Microsoft website: Download Visual Studio 2022

1. Using the included project, open ndis-headers.sln with Visual Studio 2022.
2. Right-click on the file ndis-headers.c and click Compile.
3. Take the resulting preprocessed file found at ndis-headers\x64\Debug\ndis-headers.i and included in the repo at ndis-headers.i and clean up the file using this Cyberchef recipe.
4. Save the result to ndis-headers-clean.h or use the example ndis-headers-clean.h
5. Use this new header to create a new NDIS gdt file using Ghidra's C-Parser. Open the Codebrowser and click File -> Parse C Source...
6. Save the file to ndis_64.gdt or use the reference one here ndis_64.gdt.

All of the steps and more are detailed in the blog posts linked above.