Index
> Windows > How to compile simple windows driver in FASM ?Goto page 1, 2 Next |
| Author |
|
|
revolution
Have a look at the FAQ and look for the driver section.
There are also a few other topics on here that have driver code. You can use Google to search this board with the "site:board.flatassembler.net" parameter. |
|||
09 Jun 2013, 12:09 |
|
|
xDOBORAx
ok thanks but where can i find .inc with definitions of constants ?
_________________  |
|||
|
09 Jun 2013, 12:16 |
|
|
revolution
The MSDN site has the constants. I'm not sure if someone has made a fasm .inc file or not, but the C includes are relatively straight forward to convert.
|
|||
|
09 Jun 2013, 12:21 |
|
|
xDOBORAx
well this code gives me error:
Code: format PE native section '.flat' code executable readable writable notpageable jmp _main hello1: db 'Hello World !',0 ;on_exit: db 'Driver Terminated',0 _main: push hello1 call DbgPrint section '.idata' import data readable writeable library ntdll,'ntdll.dll' ; illegal instruction import ntdll\ DbgPrint,'DbgPrint' _________________ |
|||
|
09 Jun 2013, 13:25 |
|
|
revolution
Try with:
Code: call [DbgPrint] |
|||
|
09 Jun 2013, 13:27 |
|
|
xDOBORAx
just did as you said but get same error at line 17: illegal instruction
library ntdll,'ntdll.dll' thanks in advance _________________ |
|||
|
09 Jun 2013, 13:30 |
|
|
revolution
You will need to include the macro package if you haven't already done that:
Code: include 'win32ax.inc' Code: .end Have a look in the examples folder in the fasm download to see how to make a basic PE file. |
|||
|
09 Jun 2013, 13:35 |
|
|
xDOBORAx
thanks it fixed error with import but another error appeared
my current code: Code: format PE native include 'win32ax.inc' section '.flat' code executable readable writable notpageable jmp _main hello1: db 'Hello World !',0 ;on_exit: db 'Driver Terminated',0 _main: push hello1 call [DbgPrint] ret 1 section '.idata' import data readable writeable library ntdll,'ntdll.dll' ; !!! error : extra characters on line : import ntdll\ DbgPrint,'DbgPrint' .end by the way how to receive parameters like in C equivalent ? Code: NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject,PUNICODE_STRING pRegistryPath) |
|||
|
09 Jun 2013, 13:41 |
|
|
revolution
Have a look at the proc macro. With that you can define the incoming parameters (see the DLL example code).
You also need to define your entry point. This is done with the .end macro (see the PE example code). BTW: "ret 1" is not going to work. More likely something like "ret 8" if there are two incoming parameters. But the proc macro can take care of the for you if you want use it. |
|||
|
09 Jun 2013, 13:48 |
|
|
revolution
I just realised you don't have a reloc section. And you also need to designate a driver as a DLL.
edit: I searched and found this topic: http://board.flatassembler.net/topic.php?t=14286 |
|||
|
09 Jun 2013, 13:58 |
|
|
xDOBORAx
this is my final code. when i try run it with OSR Driver Loader i get error
"The specified procedure could not be fount" Code: format PE native include 'win32ax.inc' entry DriverEntry section '.flat' code executable readable writable notpageable hello1: db 'Hello World !',0 proc DriverEntry push hello1 call [DbgPrint] ret endp section '.idata' import data readable writeable library ntdll,'ntdll.dll' import ntdll,\ DbgPrint,'DbgPrint' section '.reloc' fixups data readable discardable |
|||
|
09 Jun 2013, 14:18 |
|
|
revolution
Where is your .end line?
And the DLL declaration? |
|||
|
09 Jun 2013, 14:20 |
|
|
xDOBORAx
what do you mean in dll declaration ?
.end were causing error btw can you give me link to example please ? |
|||
|
09 Jun 2013, 14:28 |
|
|
revolution
|
|||
|
09 Jun 2013, 14:32 |
|
|
xDOBORAx
thanks but i have no such include "\DDK\INCLUDE\DDK\ntstatus.inc" in fasm directory where to get it ?
|
|||
|
09 Jun 2013, 14:44 |
|
|
baldr
xDOBORAx wrote: thanks but i have no such include "\DDK\INCLUDE\DDK\ntstatus.inc" in fasm directory where to get it ?  |
|||
|
09 Jun 2013, 16:08 |
|
|
xDOBORAx
of course im not thats why im asking questions.
where should i get proper incs ?  |
|||
|
09 Jun 2013, 17:41 |
|
|
typedef
lol. Looking at what's making you "fall" right now makes me doubt that once you see the meat of the actual driver you will proceed.
I'm not trying to beat you down but you will fail. You don't even know the structure of the file, how it's loaded, privileges and all that. It's already hard enough coding a driver in C. This is just insane I'll tell you that. You're better off just using the C SDK. or if you are feeling adventurous make a a program that'll convert DLLs into ring0 drivers. That's as easy as it can get. Here's a good setup for you: Pelles-C IDE (http://www.pellesc.de/index.php?page=download) WDK (http://msdn.microsoft.com/en-us/library/windows/hardware/gg487428.aspx) Even better WDK 8 is integrated with Visual Studio. 
**Finally these M$ Fuckers did what developers asked.** |
|||
|
10 Jun 2013, 06:42 |
|
|
Feryno
Hi, if your driver is 32 bit you need kmd.inc
http://board.flatassembler.net/topic.php?t=6541 if it is x64 I can send you KMD64.inc let me know then kmd will be sufficient for some time, but when your driver becomes larger project you will probably need to download some gigabytes from ms to obtain header files (WDK or visual studio as typedef wrote) and then convert some data into fasm syntax if you need only few constants/structures then better to search MSDN than download and install gigabytes... |
|||
|
10 Jun 2013, 08:03 |
|
| Goto page 1, 2 Next < Last Thread | Next Thread > |
Forum Rules:
|