flat assembler
Message board for the users of flat assembler.

Index > Windows > Why Win32 driver can not be loaded?

Author
Thread Post new topic Reply to topic
chris



Joined: 05 Jan 2006
Posts: 62
Location: China->US->China->?
chris
Hi, All

I wrote a win32 test driver with fasm, but it seems can not be loaded,
the error code is 0xc0000018,

and DbgView has the following information:

SYSLDR: LdrRelocateImageWithBias() failed 0xc0000018
SYSLDR: OldBase : 00010000
SYSLDR: NewBase : FA600000
SYSLDR: Diff : 0x0
SYSLDR: NextOffset : 00000000
SYSLDR: *NextOffset : 0x0
SYSLDR: SizeOfBlock : 0xfa600000

I don't know why. Can anyone help me about this. My test code is:

Code:
format PE native 5.0 at 10000h
entry DriverEntry

STATUS_DEVICE_CONFIGURATION_ERROR = 0xC0000182

section '.text' code discardable writable readable executable

        _string db 'Hello from the kernel',0

        DriverEntry:

                push _string
                call [DbgPrint]
                add esp, 4
                mov eax, STATUS_DEVICE_CONFIGURATION_ERROR
                ret

section '.rdata' readable notpageable

data 12  

  ImportLookup:  
   DbgPrint             dd rva szDbgPrint
                        dd 0

end data

section 'INIT' data import readable notpageable
        dd rva ImportAddress;   dd rva ImportLookup
        dd 0
        dd 0
        dd rva szNtoskrnl
        dd rva ImportLookup;    dd rva ImportAddress
        times 5 dd 0

ImportAddress:
            dd rva szDbgPrint
            dd 0

szDbgPrint  dw 0
            db 'DbgPrint',0

szNtoskrnl db 'ntoskrnl.exe',0
    


I followed the Win64 driver sample and change the dq to dd where I think necessary, is there anything wrong? Thanks in advance

Chris
Post 06 Jan 2006, 14:17
View user's profile Send private message Reply with quote
velox



Joined: 06 Jan 2006
Posts: 14
velox
i think you need a '.reloc' section
Post 06 Jan 2006, 17:25
View user's profile Send private message Reply with quote
Reverend



Joined: 24 Aug 2004
Posts: 408
Location: Poland
Reverend
I guess driver cannot be loaded at 10000h. System tries to relocate it, but has no info about it (no .reloc) and crashes
Post 06 Jan 2006, 23:12
View user's profile Send private message Visit poster's website Reply with quote
okasvi



Joined: 18 Aug 2005
Posts: 382
Location: Finland
okasvi
Drivers for 98/2000 - http://board.flatassembler.net/topic.php?t=256&postdays=0&postorder=asc&start=50

found from "Windows Frequently Asked Questions (FAQ)" thread Wink


code example by Tomasz Grysztar worked just fine by few small tweaks to make it compile with latest fasm...

_________________
When We Ride On Our Enemies
support reverse smileys |:
Post 07 Jan 2006, 04:05
View user's profile Send private message MSN Messenger Reply with quote
chris



Joined: 05 Jan 2006
Posts: 62
Location: China->US->China->?
chris
okasvi wrote:
Drivers for 98/2000 - http://board.flatassembler.net/topic.php?t=256&postdays=0&postorder=asc&start=50

found from "Windows Frequently Asked Questions (FAQ)" thread Wink


code example by Tomasz Grysztar worked just fine by few small tweaks to make it compile with latest fasm...


thanks, okasvi. it works now!
Post 07 Jan 2006, 13:07
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.