flat assembler
Message board for the users of flat assembler.
Index
> Windows > ERROR_BAD_DRIVER? |
Author |
|
revolution 19 May 2012, 02:27
Where is your reloc section?
|
|||
19 May 2012, 02:27 |
|
Igor1024 19 May 2012, 04:15
Ohh... Exactly... I've absolutely forgot that this base address can be busy, thanks for fast reply.
|
|||
19 May 2012, 04:15 |
|
Igor1024 26 May 2012, 11:13
Sorry that I continue that topic, but I've got one problem - the code is executed not at DriverEntry, but at Drvierentry+1, so it fails.
Let's take the simpliest code: Code: format PE DLL native 4.0 at 0x10000 entry DriverEntry include '%fasminc%\win32ax.inc' include '%fasminc%\DDK\INCLUDE\DDK\ntstatus.inc' section '.text' code readable executable notpageable proc DriverEntry int 3;db 0xcc mov eax,STATUS_DEVICE_CONFIGURATION_ERROR ret endp section '.reloc' fixups data readable discardable Register and run the driver at VM with Windbg connected and get management not at int 3 instruction, but at 'add edi,dword ptr [eax-3FFFFE7Eh]' located at DriverEntry+1 (just disasm it by this offset). I looked at PE header->EntryPoint - it points to DriverEntry, so I have no ideas about that trouble anymore. If put db 0xcc instead of int 3 it works perfectly, but what's wrong with int 3? |
|||
26 May 2012, 11:13 |
|
mindcooler 26 May 2012, 13:55
$cc is int3, it's not the same as int 3.
|
|||
26 May 2012, 13:55 |
|
typedef 26 May 2012, 14:35
also, what is the convention used in these drivers. I have made Drivers in C but never knew if they used __stdcall or __cdecl since I never made one using FASM.
Can you upload the DDK Assembly includes please. Thanks. |
|||
26 May 2012, 14:35 |
|
revolution 26 May 2012, 14:48
typedef: There is already lots of driver code uploaded to this board. Do a search.
|
|||
26 May 2012, 14:48 |
|
Igor1024 26 May 2012, 22:58
mindcooler, yep, I've compared opcodes and they are different...
But what's the difference between their functionality? |
|||
26 May 2012, 22:58 |
|
mindcooler 27 May 2012, 12:54
int3 is the special one-byte implicit software debugging interrupt, I don't know what the int imm 3 does in any operating system.
|
|||
27 May 2012, 12:54 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.