flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > Windows > hook keyboard ISR
Author
Thread Post new topic Reply to topic
Apolo



Joined: 18 Mar 2017
Posts: 23
Apolo
I am trying to hook keyboard ISR but I can't open device because
CreateFile returns 0000007Bh ERROR_INVALID_NAME. Whre is my eeror?

Code:
invoke DefineDosDevice,[raw],filename1,devicename
        lea     rcx,[filename2]
        invoke  CreateFileA,rcx,GENERIC_ALL,FILE_SHARE_WRITE or 

        FILE_SHARE_READ,0,3,0,0
        ret

        section '.data' data writeable readable

        devicename      db '\\Device\\KeyboardClass0',0
        filename1       db 'keyboard',0
        filename2       db '\\.\keyboard',0
        raw
Post 06 Apr 2017, 12:37
View user's profile Send private message Reply with quote
Apolo



Joined: 18 Mar 2017
Posts: 23
Apolo
Aaarrggghhh!
Why nobody answer?
Post 07 Apr 2017, 08:30
View user's profile Send private message Reply with quote
zhak



Joined: 12 Apr 2005
Posts: 501
Location: Belarus
zhak
Your devicename path is wrong -- no escaping needed.
Code:
devicename      db '\Device\KeyboardClass0',0


I'm not 100% sure, but devices may not accept all file attributes. Maybe windows coders can shed more light on that.

What is the value of [raw] you pass to the function?

Anyway, try the following code, should open the device. At least it opens it for me on Win7 x64
Code:
include 'include\win64ax.inc'

.code 

start:
        invoke DefineDosDevice, 1, filename1, devicename
        lea     rcx, [filename2]
        invoke  CreateFile, rcx, GENERIC_WRITE, 0, 0, OPEN_EXISTING, 0, 0
        mov [hKbd], rax
        invoke ExitProcess, 0

.end start 

.data 
devicename      db '\Device\KeyboardClass0',0
filename1       db 'kbd',0
filename2       db '\\.\kbd',0
hKbd             dq ?
Post 07 Apr 2017, 15:25
View user's profile Send private message Reply with quote
Apolo



Joined: 18 Mar 2017
Posts: 23
Apolo
Zach, thanks for answer me, the first problem solved but now I CreateFile get: ERROR_ACCESS_DENIED when I try to open keyboard device. Why it happen???
Post 07 Apr 2017, 16:13
View user's profile Send private message Reply with quote
Apolo



Joined: 18 Mar 2017
Posts: 23
Apolo
Now i need the number of
Code:
IOCTL_INTERNAL_I8042_HOOK_KEYBOARD
constant. What is this number?
Post 10 Apr 2017, 10:57
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 18471
Location: In your JS exploiting you and your system
revolution
Apolo wrote:
Now i need the number of
Code:
IOCTL_INTERNAL_I8042_HOOK_KEYBOARD
constant. What is this number?
Visit my website. It has all the answers you are looking for. Click on the "WWW" icon in this post.
Post 10 Apr 2017, 11:44
View user's profile Send private message Visit poster's website Reply with quote
system error



Joined: 01 Sep 2013
Posts: 670
system error
revolution wrote:
Visit my website. It has all the answers you are looking for. Click on the "WWW" icon in this post.


Your website provides the best answers!
Congratulations from the bottom of my heart.
Post 10 Apr 2017, 13:40
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.