Index
> Windows > Drivers for 98/2000Goto page Previous 1, 2, 3, 4, 5 Next |
| Author |
|
|
LocoDelAssembly 04 Aug 2006, 02:02
Win98SE/Me supports WDM drivers too. Not sure if Win98 supports WDM but Win98SE for sure.
Regards |
|||
04 Aug 2006, 02:02 |
|
|
vid 04 Aug 2006, 05:41
what's difference between KMD and WDM? I thought they are same thing
|
|||
|
04 Aug 2006, 05:41 |
|
|
vid 04 Aug 2006, 11:59
also, this could go to examples, it's only PE-native FASM app i have seen
|
|||
|
04 Aug 2006, 11:59 |
|
|
okasvi 04 Aug 2006, 12:35
|
|||
|
04 Aug 2006, 12:35 |
|
|
Tomasz Grysztar 04 Aug 2006, 13:31
The examples section already contains the Win64 drivers package by Feryno.
Well, it still lacks the Win32 drivers package, though |
|||
|
04 Aug 2006, 13:31 |
|
|
Madis731 05 Aug 2006, 22:33
Hmm, equates is a nice idea - then you can use them only if you want...I can live with that
 (actually I'm not even sure if I ever have to use them) |
|||
|
05 Aug 2006, 22:33 |
|
|
vid 07 Aug 2006, 06:54
comrade: thanks
|
|||
|
07 Aug 2006, 06:54 |
|
|
edfed 21 Nov 2007, 03:45
simple_hard_question:
;esi=win98 & globally all OSes ;edi=soundblaster audigy & xfi series mov driver(drv,inf,etc), how_to_do_it? ret thanks for positive reply! |
|||
|
21 Nov 2007, 03:45 |
|
|
LocoDelAssembly 21 Nov 2007, 04:21
http://www.alsa-project.org/main/index.php/Matrix:Vendor-Creative_Labs
But seems that you have to wait or contribute by reversing Windows drivers because as stated there, there are no publicly available specs. Well, for many versions of Audigy you can start looking at driver sources, but of the xfi ones you are just out of luck. |
|||
|
21 Nov 2007, 04:21 |
|
|
MoXter 03 Dec 2007, 09:36
And what about examples? I want to write a KMD but i dont know how:(
I have examples only for win64... |
|||
|
03 Dec 2007, 09:36 |
|
|
BiMode 05 Dec 2007, 15:08
edfed: try kX project here [http://kxproject.lugosoft.com/index.php?skip=1]
|
|||
|
05 Dec 2007, 15:08 |
|
|
386 11 Nov 2023, 17:57
Tomasz Grysztar wrote: This is how the import sections should be done to be the same as in the original .sys files you're talking about: Hi! I need help. I have imports from several modules like hal, ntoskrnl etc. I tried hard, but I can't make it work with several modules. Could you provide a sample code for several modules, please? Last edited by 386 on 11 Nov 2023, 21:59; edited 1 time in total |
|||
|
11 Nov 2023, 17:57 |
|
|
386 11 Nov 2023, 21:37
I've made additional researches and found out that reference code doesn't work for me in .flat mode (in PE with only one section), at least on WinXP SP3.
So I swapped dd rva ImportLookup with dd rva ImportAddress and moved imp_ to data 12 directory. Here is the code which does not hang my system and seems to work fine: Code: data 12 ImportLookup: imp_VidDisplayString dd rva szVidDisplayString dd 0 end data data import dd rva ImportAddress dd 0 dd 0 dd rva szbootvid dd rva ImportLookup times 5 dd 0 ImportAddress: dd rva szVidDisplayString szVidDisplayString dw 0 db 'VidDisplayString',0 szbootvid db 'BOOTVID.dll',0 end data |
|||
|
11 Nov 2023, 21:37 |
|
|
386 12 Nov 2023, 14:25
Today I've opened produced .sys file in CFF Explorer and found some garbage in imports.
So I've made additional changes to the reference code. I've added dd 0 after dd rva szVidDisplayString (like in data 12 directory). dw 0 works too, but, I think, only because szVidDisplayString dw 0 is there... Code: data 12 ImportLookup: imp_VidDisplayString dd rva szVidDisplayString dd 0 end data data import dd rva ImportAddress dd 0 dd 0 dd rva szbootvid dd rva ImportLookup times 5 dd 0 ImportAddress: dd rva szVidDisplayString dd 0 szVidDisplayString dw 0 db 'VidDisplayString',0 szbootvid db 'BOOTVID.dll',0 end data
|
||||||||||
|
12 Nov 2023, 14:25 |
|
|||||||||
|
386 12 Nov 2023, 15:23
Corrected the previous post.
|
|||
|
12 Nov 2023, 15:23 |
|
|
386 13 Nov 2023, 13:06
Need to say that I was very surprised when I swapped ImportAddress with ImportLookup and it started to work properly.
Today I found out that it is so by design: data 12 directory contains Import Address Table (IAT), not an Import Lookup Table (ILT). So I've made a right thing when I swapped them. But... I swapped them I the wrong place. It works because Windows doesn't care about the names of the labels. But people do care. So the final version (I hope) of single-DLL single-function import in flat Kernel Mode Driver (KMD) with only 1 section is: Code: data 12 ImportAddress: imp_VidDisplayString dd rva szVidDisplayString dd 0 end data data import dd rva ImportLookup dd 0 dd 0 dd rva szbootvid dd rva ImportAddress times 5 dd 0 ImportLookup: dd rva szVidDisplayString dd 0 szVidDisplayString dw 0 db 'VidDisplayString',0 szbootvid db 'BOOTVID.dll',0 end data |
|||
|
13 Nov 2023, 13:06 |
|
|
386 13 Nov 2023, 13:57
And here is single-DLL two functions import:
Code: data 12 ImportAddress: imp_VidDisplayString dd rva szVidDisplayString imp_VidResetDisplay dd rva szVidResetDisplay dd 0 end data data import dd rva ImportLookup dd 0 dd 0 dd rva szbootvid dd rva ImportAddress times 5 dd 0 ImportLookup: dd rva szVidDisplayString dd rva szVidResetDisplay dd 0 szVidDisplayString dw 0 db 'VidDisplayString',0 szVidResetDisplay dw 0 db 'VidResetDisplay',0 szbootvid db 'BOOTVID.dll',0 end data |
|||
|
13 Nov 2023, 13:57 |
|
|
386 13 Nov 2023, 14:47
During studying PE-COFF File Format Specification and inspecting original driver from Windows XP SP3, I found that there is no need to put any dd rva szVidDisplayString etc. in Import Lookup Table and these lines could be removed:
Code: data 12 ImportAddress: imp_VidDisplayString dd rva szVidDisplayString imp_VidResetDisplay dd rva szVidResetDisplay dd 0 end data data import dd rva ImportLookup dd 0 dd 0 dd rva szbootvid dd rva ImportAddress times 5 dd 0 ImportLookup: szVidDisplayString dw 0 db 'VidDisplayString',0 szVidResetDisplay dw 0 db 'VidResetDisplay',0 szbootvid db 'BOOTVID.dll',0 end data |
|||
|
13 Nov 2023, 14:47 |
|
|
Feryno 13 Nov 2023, 18:23
A driver is allowed to call only ntoskrnl.exe / hal.dll - OS kernel searches these 2 kernel components, if a driver wants to call anything not present in these 2 components, then the driver is not loaded at all. It looks like VidDisplayString and VidResetDisplay must be then called from ntoskrnl or hal. I looked into these 2 binaries in XP RTM and VidDisplayString + VidResetDisplay are present in ntoskrnl.exe. Hal contains HalDisplayString, InbvDisplayString, InbvResetDisplay.
Could you check with a kernel debugger whether they are called into ntoskrnl and not into bootvid.dll? If you want your driver to cooperate with any other driver then the only one way is by using _IRP |
|||
|
13 Nov 2023, 18:23 |
|
| Goto page Previous 1, 2, 3, 4, 5 Next < Last Thread | Next Thread > |
Forum Rules:
|