flat assembler
Message board for the users of flat assembler.

Index > Windows > comunication via IOCTL_CODE problem

Author
Thread Post new topic Reply to topic
marcinzabrze12



Joined: 07 Aug 2011
Posts: 61
marcinzabrze12 11 Sep 2012, 14:22
here i try to do comunication via IOCTL_CODE with driver.
What is wrong in this code can someone explain ?
1. I register and run driver with use manager - all ok.
2. I try run program.exe - some error my Vbox crash and restart without BSOD
DO NOT USE THIS CODE IT WAS CATASTROPHE


Description:
Download
Filename: ApiScanner.rar
Filesize: 173.97 KB
Downloaded: 246 Time(s)



Last edited by marcinzabrze12 on 16 Sep 2012, 04:00; edited 1 time in total
Post 11 Sep 2012, 14:22
View user's profile Send private message Send e-mail Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2909
Location: 0x77760000
typedef 11 Sep 2012, 17:22
Line 129
Code:
    invoke       DbgPrint
    


What are you printing here?

This is not user mode. Anything that tickles the OS in ring0 will trip it. Wink
Also, drivers are hard to debug without the KD. Get the KD and use to to debug it.

But it has to load (Rolling Eyes) first to be debugged.
Post 11 Sep 2012, 17:22
View user's profile Send private message Reply with quote
marcinzabrze12



Joined: 07 Aug 2011
Posts: 61
marcinzabrze12 12 Sep 2012, 21:29
1. What it KD ?
2.
Quote:
invoke DbgPrint PstringZ

it a stringZ to display in DbgView.exe. - may get thise same arguments
like printf function.

Look at thise example code - ApiScannerOld (without IOCTL Evil or Very Mad )
Its hooked ZwCreateFile, ZwClose, ZwDeleteFile and display they
parameters in DbgPrint.exe via "DbgPrint".

i always use "DbgPrint" in kernel-drivers and iknow that other people used
too.
It always worked correctly in my code
.


Description:
Download
Filename: ApiScannerOld.rar
Filesize: 228.3 KB
Downloaded: 242 Time(s)

Post 12 Sep 2012, 21:29
View user's profile Send private message Send e-mail Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20430
Location: In your JS exploiting you and your system
revolution 12 Sep 2012, 22:51
marcinzabrze12 wrote:
1. What it KD ?
Kernel-mode Debugger.

Anyone developing a kernel-mode driver will find it harder to fix bugs without a good kernel-mode debugger.
Post 12 Sep 2012, 22:51
View user's profile Send private message Visit poster's website Reply with quote
marcinzabrze12



Joined: 07 Aug 2011
Posts: 61
marcinzabrze12 13 Sep 2012, 18:15
I do not want visual studio - is ther some KD without VS ?
or may someone give a example code with IOCTL comunication in FASM - I will be thankful?
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
ok i done it myself. Following project have comunication in-out via IOCTL. For brightness the code i was modyfing file NT Structures.inc from DDK.INC so included this file to project and added some macrodefinition: IoGetCurrentIrpStackLocation , CTL_CODE ... every are enclosure in DDK.MACROS file.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Description:
Download
Filename: sysrgt20h.rar
Filesize: 188.33 KB
Downloaded: 251 Time(s)

Post 13 Sep 2012, 18:15
View user's profile Send private message Send e-mail Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.