flat assembler
Message board for the users of flat assembler.

Index > Windows > Kernel mode driver Coding

Author
Thread Post new topic Reply to topic
smoke



Joined: 16 Jan 2006
Posts: 42
smoke
i am trying to code some device drivers and im kinda stuck ... i have a few questions Smile
this is what i have for now:
Code:
format PE native 4.0 at 10000h
entry DriverEntry

; include windowz 32 header
include 'win32a.inc'

struct UNICODE_STRING
 Length          dw ?
 MaximumLength   dw ?
 Buffer          dd ?                    ; offset
ends

section '.text' code readable executable

proc DriverEntry, DriverObject, RegPath

start:
         pusha

         invoke     RtlInitUnicodeString, driver_us, driver_name
         invoke     IoCreateDevice,dword [DriverObject], NULL, driver_name, FILE_DEVICE_UNKNOWN, NULL, NULL, driver_object
endp



section '.data' data readable writable

driver_object       dd ?

driver_us           UNICODE_STRING
driver_name     du  "\Device\kmd",0

symlink         du  "\??\kmd0",0
sym_us              UNICODE_STRING


section '.idata' import data readable writable

  library ntoskrnl,                    'ntoskrnl.exe'


  import  ntoskrnl,\
          IoCreateDevice,              'IoCreateDevice',\
          RtlInitUnicodeString,        'RtlInitUnicodeString'
                                                                          
    


is the stuff in the data section defined correctly or am i missing something ? and why is that 'at 10000h' needed when declaring the format ? if everything is okay with the code , and if i make a loader for this driver could this code actually work ?
im really a beginner in coding KMD's and people arent talking much about coding KMD's on this forum .. so its kinda hard.

thanks in advance,
smoke
Post 04 Jan 2007, 21:22
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
Using a non-default base for drivers is a good idea, you want to try to avoid getting relocated if you can (dirty pages, etc.).

Been a while since I messed with driver coding and heading for bed soon, so I'm not going to check your code further. But some tips:

#1 - close down all processes you don't need while testing
#2 - sync.exe from sysinternals to keep a BSOD from trashing your system too much.
#3 - dedicated testing machine or vmware.
Post 04 Jan 2007, 21:43
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.