flat assembler
Message board for the users of flat assembler.

Index > Windows > FASM Driver Programming

Author
Thread Post new topic Reply to topic
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Hello everyone, I just started programming drivers in Windows. The reason is that, I have big interest about it. I have written this simple driver (which crashes kernel because of my fault..) I tried to control it from user-mode but I don't know how. I have some little questions also.
1) How to control it from user-mode ?
2) will this "section '.idata' import data readable ..' work here? because I saw example somewhere, which was manual IAT creation..
for example, I have created driver that will DbgPrint string, which will be received from user-mode.
Here's code what I've tried but no luck at all.
Code:
format PE native 4.0 at 10000h
include 'win32ax.inc'
entry DriverEntry
section '' data readable writeable
hello db "Test!",0
uDevice du "\Devices\MyDevice"
section '.code' code readable writeable executable notpageable
proc DriverEntry pDriverObject,usRegistryPath
locals
status  dd ?
pDeviceObject   dd ?
endl
invoke DbgPrint,hello
mov [status],1
lea eax,[pDeviceObject]
xor ecx,ecx
invoke IoCreateDevice,[pDriverObject],ecx,uDevice,0,ecx,ecx,eax
mov eax,[status]
ret
endp
section '.idata' import data readable
library ntoskrnl,'ntoskrnl.exe'
import ntoskrnl,DbgPrint,'DbgPrint',\
                IoCreateDevice,'IoCreateDevice'
section '.reloc' data fixups readable discardable     

Thank you.
And also, I apologize for my English, I'm really tired right now.. Can't even think normally. Sad
Post 07 Nov 2011, 23:11
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17716
Location: In your JS exploiting you and your system
revolution
There are already a number of fully working driver examples on this board. Use the search.
Post 08 Nov 2011, 01:18
View user's profile Send private message Visit poster's website Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
BSOD, Oh NOEZ
Post 08 Nov 2011, 02:18
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
I tried already but I can't find any good example to start. I just need simple understanding, how to communicate kernel-mode and user-mode to each other. Thank you.
Post 08 Nov 2011, 08:54
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17716
Location: In your JS exploiting you and your system
revolution
Did you see this topic? http://board.flatassembler.net/topic.php?t=3434

r0pc010107.zip is an excellent example showing precisely what you are asking for. And it is source code (not an explanation) which is always what you seem to want.

And it only took me 30 seconds to find it with the search function.
Post 08 Nov 2011, 09:10
View user's profile Send private message Visit poster's website Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Yes, I have that source already but I can't figure out what is going on there.. I'll try to understand it more focused. If I'll have questions, I'll write them here. Thanks.
Post 08 Nov 2011, 15:29
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
OK, first trouble.
when I'm compiling r0pc, KMD.inc (translated to fasm syntax by AMD64) it gives me a lot of errors there. Anyone have it full working ? Thanks.
--
P.S I don't said that I don't need explanation why, just trying to not annoy people here. If someone will write explanation too, I'll be more thankful of course.
Post 08 Nov 2011, 16:22
View user's profile Send private message Reply with quote
AL-CHEMIST



Joined: 16 Nov 2009
Posts: 2
Location: Russia,Vladimir,Suzdal
AL-CHEMIST
Overflowz wrote:
when I'm compiling r0pc it gives me a lot of errors

Try new version of r0pc
http://maalchemist.narod.ru/RZ/RZv01.01.00.05.ZIP
Post 09 Nov 2011, 06:26
View user's profile Send private message Visit poster's website Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Thank you, AL-CHEMIST Wink I'm going to study on it now.
--
EDIT:
Anyway, simple method that I mentioned at first post, would be nice to start, because I don't understand a lot from this example. Sad
Post 09 Nov 2011, 08:25
View user's profile Send private message Reply with quote
hihelp



Joined: 15 Dec 2011
Posts: 17
hihelp
You should use UnicodeString
Post 15 Dec 2011, 20:44
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.