flat assembler
Message board for the users of flat assembler.

Index > Windows > A very simple 64-bit driver

Author
Thread Post new topic Reply to topic
EasyCode



Joined: 26 Jul 2015
Posts: 133
EasyCode
This is a very simple FASM 64-bit driver example and it is NOT DIGITALLY
SIGNED.

After unzipping the attached file, please carefully read the "Readme.txt" file.

WARNING: The driver DOES NOT WORK on Windows 10. I already reported that
to Tomasz so that he can fix the problem.


Description:
Download
Filename: FSDrv64.zip
Filesize: 43.95 KB
Downloaded: 202 Time(s)

Post 19 Aug 2015, 19:28
View user's profile Send private message Reply with quote
Foxxy



Joined: 14 Jul 2014
Posts: 42
Location: Somewhere over the rainbow...
Foxxy
Could you edit your post/readme to reflect exactly what the driver is supposed to do? Thank you. Smile
Post 20 Aug 2015, 02:53
View user's profile Send private message Reply with quote
EasyCode



Joined: 26 Jul 2015
Posts: 133
EasyCode
Hi,

The driver just makes a "beep" when loading and another "beep" when downloading. The only purpose of this simple example is showing how to build a 64-bit driver (the basic structure). Anyway, here is the Readme.txt file:

This is a very simple FASM 64-bit driver example and it is NOT DIGITALLY
SIGNED. NON-SIGNED drivers do not work if the 64-bit Windows is started
normally.

To run a NON-SIGNED driver on any Windows 64-bit operating system, you
have to press F8 at boot. Then, in the boot menu, select the "Disable
driver signature enforcement" option.

Once you started Windows with "Disable driver signature enforcement",
double-click on the test program ("FSDrv64Test.exe").

WARNING: The driver DOES NOT WORK on Windows 10. I already reported that
to Tomasz so that he can fix the problem.

Regards.
Post 20 Aug 2015, 06:48
View user's profile Send private message Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 454
Location: Czech republic, Slovak republic
Feryno
Win 10 x64 refused to load my drivers. Removing relocs helped. Luckily they contain address independent code and use RIP-relative addressing everywhere so relocs are not necessary.
Post 24 Aug 2015, 07:08
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
EasyCode



Joined: 26 Jul 2015
Posts: 133
EasyCode
Hi Feryno,

Could you please tell me what you exactly mean? Maybe with a few lines of code. Thanks.

Regards.
Post 24 Aug 2015, 12:42
View user's profile Send private message Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 454
Location: Czech republic, Slovak republic
Feryno
delete or comment out this line in your asm file:
section '.reloc' fixups data readable discardable
That helped me at w10 x64. I also have modified version of fasm to compile drivers, which change 1 or 2 bits in PE32+ header. If removing relocs does not help you let me know, you will need to modify then something else in driver header.
Post 25 Aug 2015, 08:01
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
EasyCode



Joined: 26 Jul 2015
Posts: 133
EasyCode
Hi Feryno,

Thank you very much for your help!

No, removing "section '.reloc' fixups data readable discardable" does not solve the problem. The attached simple driver does not work in WIN10, while the same driver compiled with other assemblers (GOASM, MASM, POASM, etc.) works perfectly well. So I think the FASM assembler should be revised.

Regards.
Post 25 Aug 2015, 12:03
View user's profile Send private message Reply with quote
catafest



Joined: 05 Aug 2010
Posts: 120
catafest
Can you tell me why you need to used this? :

native 5.02 at 10000H
Post 26 Aug 2015, 08:24
View user's profile Send private message Visit poster's website Yahoo Messenger Reply with quote
EasyCode



Joined: 26 Jul 2015
Posts: 133
EasyCode
Well, I don't know exactly, I saw it in some examples and I thought it was the right way to build a 64-bit driver.

I'm new to FASM.
Post 26 Aug 2015, 10:51
View user's profile Send private message Reply with quote
Tomasz Grysztar



Joined: 16 Jun 2003
Posts: 7750
Location: Kraków, Poland
Tomasz Grysztar
EasyCode wrote:
No, removing "section '.reloc' fixups data readable discardable" does not solve the problem. The attached simple driver does not work in WIN10, while the same driver compiled with other assemblers (GOASM, MASM, POASM, etc.) works perfectly well. So I think the FASM assembler should be revised.
If you have a working driver created with some other tool, you can try to create its replica with fasm, by setting the same flags, attributes, sections names and order, etc. With fasm's built-in PE formatter you can quite well customize the structure of the PE file you produce but this also means that you need to write source that specifies all the required options, and drivers have been known to be sensitive to such tweaking.

And perhaps you may find out that there is some flag or attribute that fasm does not include as an option to set - but then you can report such problem to me and I may add some new keywords, like I did with WDM.

If you don't want or need to control everything manually, then the better option for you is to use "format MS COFF" and then use a linker of your choice to generate PE file (probably the best choice would be the linker from DDK).

Feryno wrote:
I also have modified version of fasm to compile drivers, which change 1 or 2 bits in PE32+ header.
Perhaps those 1 or 2 bits should become additional options for fasm's "format PE"? What are they?
Post 26 Aug 2015, 18:04
View user's profile Send private message Visit poster's website Reply with quote
EasyCode



Joined: 26 Jul 2015
Posts: 133
EasyCode
Hi Tomasz,

Thanks for you reply!

I will do what you suggest and let you know the results. Just for your information, the simple driver I attached in this post only fails in the new Windows 10. It works fine on WIN7/8.

Regards!
Post 26 Aug 2015, 18:34
View user's profile Send private message Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 454
Location: Czech republic, Slovak republic
Feryno
Tomasz Grysztar wrote:
Perhaps those 1 or 2 bits should become additional options for fasm's "format PE"? What are they?

formats.inc
Code:
orignal:        mov     dword [edx+16h],20B002Fh        ; flags and magic value
modified:       mov     dword [edx+16h],20B002Eh        ; flags and magic value
orignal:        mov     byte [edx+5Eh+1],1
modified:       mov     byte [edx+5Eh+1],0    
the above modification was necessary to compile x64 driver which was able to load
under win 10 x64 even such driver failed to load, but removing relocs section helped and then loaded OK
Post 27 Aug 2015, 12:31
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
l_inc



Joined: 23 Oct 2009
Posts: 881
l_inc
Feryno
Omg, relocations again. You guys aren't fans of simple solutions. Is it just more fun to modify the compiler than to use the standard means that the compiler already provides? All you need to do is this:
Code:
section '.reloc' data readable discardable
    data fixups
    end data
    rb 4    

or this:
Code:
section '.reloc' fixups data readable discardable
    if $=$$
        dd 0,8          ; if there are no fixups, generate dummy entry
    end if    

The latter one is even included in the fasm examples.

_________________
Faith is a superposition of knowledge and fallacy
Post 27 Aug 2015, 12:54
View user's profile Send private message Reply with quote
EasyCode



Joined: 26 Jul 2015
Posts: 133
EasyCode
Hi l_inc,

Well, the driver finally WORKS PERFECTLY WELL on WIN7, WIN8 and WIN10, just by adding the code you suggested:

Code:
section '.reloc' fixups data readable discardable
    if $=$$
        dd 0,8          ; if there are no fixups, generate dummy entry
    end if    



Thank you very much for your help. Also thank you very much everybody.

Please forgive my ignorance about this known issue and its solution.

I attach the modified version working fine on all 64-bit Windows.

Regards!


Description:
Download
Filename: FSDrv64.zip
Filesize: 43.96 KB
Downloaded: 173 Time(s)

Post 27 Aug 2015, 17:50
View user's profile Send private message Reply with quote
Feryno



Joined: 23 Mar 2005
Posts: 454
Location: Czech republic, Slovak republic
Feryno
l_inc thank for different solution !
Post 28 Aug 2015, 07:46
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
Kevin_Zheng



Joined: 04 Jul 2003
Posts: 125
Location: China
Kevin_Zheng
I feel interesting for this question: why WIN10 needs one dll to add one empty relocation entry in the relocation section? WIN10 maybe change this behavior in the future?

Thanks.

Kenneth Zheng

_________________
Pure Assembly Language Funs
Post 02 Sep 2015, 23:20
View user's profile Send private message MSN Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.