flat assembler
Message board for the users of flat assembler.
Index
> Windows > device driver |
Author |
|
revolution 13 Jul 2018, 19:29
User code can't execute privileged instructions.
If you want to write a kernel mode driver then there are two ways to get it running: 1) Set your boot mode to allow for unsigned drivers and install it, or 2) Set up an account with MS and have your driver signed, then you can run it in normal boot mode. This option costs money, and is not something you can do quickly, it takes time. |
|||
13 Jul 2018, 19:29 |
|
Ali.Z 13 Jul 2018, 20:03
what if i used "PsCreateSystemThread" will it work?
option 1, i need to disable it from boot manager? by pressing F8 while booting? |
|||
13 Jul 2018, 20:03 |
|
revolution 13 Jul 2018, 20:10
The security of the system won't allow you to get a system thread from user code. You will need to have code already running in kernel mode (CPL=0), and this means a driver will be required.
I'm not sure about how to enable the unsigned driver mode, maybe F8 will have the option. But once you are in that mode you will still need to install the driver so that it runs at boot time. |
|||
13 Jul 2018, 20:10 |
|
Ali.Z 13 Jul 2018, 20:16
okay thanks, one last thing is:
what do you mean with driver installation? (i never heard about this) |
|||
13 Jul 2018, 20:16 |
|
revolution 13 Jul 2018, 20:32
Ali.A wrote: okay thanks, one last thing is: |
|||
13 Jul 2018, 20:32 |
|
Ali.Z 13 Jul 2018, 20:39
alright, ill dig into regedit later.
|
|||
13 Jul 2018, 20:39 |
|
Ali.Z 20 Jul 2018, 02:16
note im in win7 x86_x64
okay, Where Windows Searches for Drivers Code: HKEY_LOCAL_MACHINE Software Microsoft Windows CurrentVersion under current version there is: - Device Installer - DriverSearching -> Plugin can you take a look at this? anyhow, i been researching for couple days .. and found its not possible to an executable to DIRECTLY communicate with drivers. there is something called "callback" function. but i failed understanding what do callback means, and how to do something similar. |
|||
20 Jul 2018, 02:16 |
|
Feryno 20 Jul 2018, 08:18
you must install and start your driver in some way:
- manually using commands sc ... net start ... - or using your own program which calls ring3 api (Sc...) you are trying WriteFile to your driver so it must handle IRP_MJ_WRITE which is missing, your driver executes only main routine on starting it your driver lacks registering its name so you cannot even open it (OpenFile) your driver lacks unload proc so you can start it only once and then you need to reboot OS to start it again because you have x64 win, you must compile your driver as x64 (you can't run 32 bit driver in x64 win, but you can use 32 bit ring3 programs to register/start/open/write etc to your 64 bit driver) plenty of things, so download a sample from fasm examples page... http://flatassembler.net/examples.php (the last one - on the bottom of page) |
|||
20 Jul 2018, 08:18 |
|
Ali.Z 20 Jul 2018, 08:57
Feryno wrote: because you have x64 win, you must compile your driver as x64 (you can't run 32 bit driver in x64 win, but you can use 32 bit ring3 programs to register/start/open/write etc to your 64 bit driver) what?, really didnt know this at all!. i dont wanna learn x86_x64 programming, i guess i have to switch to x86 OS. thanks anyway. _________________ Asm For Wise Humans |
|||
20 Jul 2018, 08:57 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.