February 5th, learn Driver

xiaoxiao2021-03-06 41

In fact, it is not to learn to drive, mainly in Ring 0, is made by driving. I found a few driver e-books, giving myself, http://www.driverdevelop.com/forum / Here, there are many masters of Windows drive. Several, 9x VXDs, and KMD under NT, and now WDM, KMD is used when NT4, with compilation, I found it online English Tutorial, you need to use KMD Develop Kits, but in the article with Masm7 compiled, don't understand what is related, now I haven't figured out what WDM is, how can I be WDM, some are not There is a change in Windows IDT, put the program // ********************************* ********************** // addmyint //// Write by sinister // // ************** ************************************************

#include "ntddk.h"

#pragma pack (1)

/ / Define IDTR TYPEDEF STRUCT TAGIDTR {// Segment Binary SHORT LIMIT; // Segment Bişpto Unsigned Int Base;} Idtr, * PIDTR

// definition of IDT typedef struct tagIDTENTRY {unsigned short OffsetLow; unsigned short Selector; unsigned char Reserved; unsigned char Type: 4; unsigned char Always0: 1; unsigned char Dpl: 2; unsigned char Present: 1; unsigned short OffsetHigh;} IDTENTRY * PidtenTry;

#pragma pack ()

// Added interrupt #define myint 0x76

Extern void _cdecl myintfunc (); char IDTBUFFER [6];

IDTENTRY OLDIDT; PIDTR IDTR = (PIDTR) IDTBUFFER;

Static NTSTATUS MYDRVDISPATCH (in PDevice_Object DeviceObject, in Pirp IRP); Void Driverunload (in PDRiver_Object PDRIVEROBJECT);

// Our interrupt handler

Void_cdecl myintfunc () {DBGPRINT ("WSS-Call Myint IS OK / N); _ASM IRETD; / / Interrupt Return}

NTSTATUS ADDMYINT () {pIDTENTRY IDT; // Get idtr_ASM {sidt idtbuffer} idt = (pidten) idtr-> base; // Get the IDT base address // Save the original IDT RTLCopyMemory (& OldiDt, & IDt [Myint], Sizeof (OldIDT)); // Prohibition of interrupt _ASM CLI // Set the IDT to add our interrupt ID [myint] .Offsetlow = (unsigned short) MyintFunc; // Take the interrupt processing function lower 16-bit IDT [Myint] .Selector = 8; // Set the internal core selection sub-IDT [Myint] .ReServed = 0; // System Reserved IDT [Myint] .Type = 0xE; // Set 0xE Representation is interrupt gate ID [Myint] .always0 = 0; // The system reserves must be 0 IDt [myint] .dpl = 3; // Descriptor permission, set to allow Ring 3 process call IDT [myint] .present = 1; // The presence bit is set to 1 means a valid IDT [Myint]. OFFSETHIGH = (unsigned int) (unsigned int) Myintfunc >> 16); // Take the interrupt processing function high 16-bit // open interrupt _ASM sti return status_success;} // Delete interrupt

Void removemyint () {pidtenTry IDt; idt = (pidten) idtr-> base; _ASM CLI // Restore IDT RTLCopyMemory (& IDT [Myint], & OldIDT, SIZEOF (OldIDT)); _ASM STI}

// drive inlet NTSTATUS DriverEntry (IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath) {UNICODE_STRING nameString, linkString; PDEVICE_OBJECT deviceObject; NTSTATUS status; WCHAR wBuffer [200]; nameString.Buffer = wBuffer; nameString.MaximumLength = 200; // unload drive DriverObject -> DriverUnload = DriverUnload; // build equipment RtlInitUnicodeString (& nameString, L "// device // WSSINT"); status = IoCreateDevice (DriverObject, 0, & nameString, FILE_DEVICE_UNKNOWN, 0, TRUE, & deviceObject); if (NT_SUCCESS (status! )) return status; RtlInitUnicodeString (& linkString, L "// ?? // WSSINT"); // make visible WIN32 application status = IoCreateSymbolicLink (& linkString, & nameString);! if (NT_SUCCESS (status)) {IoDeleteDevice (DriverObject- > DeviceObject); return status;} // Add blackout AddMyInt (); DriverObject-> MajorFunction [IRP_MJ_CREATE] = MydrvDispatch; DriverObject-> MajorFunction [IRP_MJ_CLOSE] = MydrvDispatch; return STATUS_SUCCESS;} static NTSTATUS MydrvDispatch (IN PDEVICE_OBJECT DeviceObject, IN PI RP Irp) {NTSTATUS status; UNREFERENCED_PARAMETER (DeviceObject); Irp-> IoStatus.Status = STATUS_SUCCESS; Irp-> IoStatus.Information = 0L; status = STATUS_SUCCESS; IoCompleteRequest (Irp, 0); return status;}

VOID DriverUnload (IN PDRIVER_OBJECT pDriverObject) {UNICODE_STRING nameString; RemoveMyInt (); RtlInitUnicodeString (& nameString, L "// ?? // WSSINT"); // delete WIN32 visible IoDeleteSymbolicLink (& nameString); // remove the device IoDeleteDevice (pDriverObject-> DeviceObject); Return;}

Client: TestAddint.cint main (int Argc, char * argv []) {_ asm {int 76h} return 0;} is a framework that runs the program in Ring 0, and compiles DDK, install DDK and VC, I am, the Win2K DDK, this thing is different from Symbols, 2000 DDK still in XP, I am XP SP2 I will not, I just saw it, compile, compile Haven't seen it yet, put the program in a directory, refer to the Sources file in other drivers, you also get one more, content: targetname = uutgergetPath = objtargettype = drivermsc_warning_level = / w3

Sources = mydriver1.csources = The needed files are listed, and a Makefile file is required with / separation, which is very depressed, it seems that the Makefile file in each driver is the same, there is one sentence, but may not Can't compile, ## do not edit this file !!! Edit ./sources. If you want to add a new source # file to this component. This file merely indirects to the real make file # That Shared by All the Components OF NT OS / 2 #! include $ (ntmakeenv) /makefile.def, in this driver, put these three files in a directory, find the file of DDK's environment settings, at the beginning There is CHECKED BUILD Enviremont, and then cut to the directory where the drive is located, then build, you can,, I have uu.sys ,,,,, it is installed in Objchk / i386, I haven't been installed. Press:> The driverentry of the program is an entry point, there must be, there is ocreatdrivce (), in this program, the MSDN says this function appears in Driverence or AddDrivce,

IOCREATEDEVICE

The IocreateDevice Routine Creates A Device Object for Use by a driver.

NTSTATUS

IOCREATEVICE

In PDRIVER_OBJECT DriverObject,

In Ulong DeviceExtensionsion,

In Punicode_String DeviceName Optional,

In Device_Type DeviceType,

In Ulong DeviceCharacteristics,

In Boolean Exclusive,

OUT PDEVICE_OBJECT * DEVICEOBJECT

);

Parameters

DriverObject

Pointer to the driver object for the caller. Each driver receives a pointer to its driver object in a parameter to its DriverEntry routine. WDM function and filter drivers also receive a driver object pointer in their AddDevice routines.

Deviceextensionsionsize

Specifies the driver-determined number of bytes to be allocated for the device extension of the device object. The internal structure of the device extension is driver-defined. For more information about device extensions, see Device Extensions.DeviceName

Optionally points to a buffer containing a zero-terminated Unicode string that names the device object. The string must be a full path name. WDM filter and function drivers do not name their device objects. For more information, see Named Device Objects.

DeviceType

Specifies one of the system-defined FILE_DEVICE_XXX constants that indicate the type of device (such as FILE_DEVICE_DISK, FILE_DEVICE_KEYBOARD, etc.) or a vendor-defined value for a new type of device. For more information, see Specifying Device Types.

DeviceCharacteristics

Specifies one or more system-defined constants, ORed together, that provide additional information about the driver's device. For a list of possible device characteristics, see DEVICE_OBJECT. For more information on how to specify device characteristics, see Specifying Device Characteristics. Most drivers specify File_Device_secure_open for this parameter.

Exclusive

Reserved for system use. Drivers set this parameter to false.

DeviceObject

Return Value

IOCREATEVICE RETURns Status_suCcess On Success, or The Appropriate NTSTATUS ERROR CODE ON FAILURE. A Partial List of The Failure Codes Returned by this function incn:

STATUS_INSUFFICIENT_RESOURCESSTATUS_OBJECT_NAME_EXISTSTATUS_OBJECT_NAME_COLLISION

Headers

DECLARED IN WDM.H and NTDDK.H. Include WDM.H or NTDDK.H.

Comments A Device Object and Returns a Pointer Is Responsible for Deleting The Object When It Is No Longer Needed by Calling Iodeletevice.

IoCreateDevice can only be used to create an unnamed device object, or a named device object for which a security descriptor is set by an INF file. Otherwise, drivers must use IoCreateDeviceSecure to create named device objects. For more information, see Creating a Device Object ........................ ..

Be careful to specify the DeviceType and DeviceCharacteristics values in the correct parameters. Both parameters use system-defined FILE_XXX constants and some driver writers specify the values in the wrong parameters by mistake.

Device Objects for Disks, Tapes, CD-ROMS, AND RAM Disks Are Given A Volume Parameter Block (VPB) That Irs Initialized to Indicate That The Volume Has Never Been Mounted on The Device.

IF a Driver's Call to IocreateDevice Returns An Error, The Driver Should Release Any Resources That ITOcated for That Device.

Callers of IocreateDevice Must Be Running At Irql

9cbs

New Post(0)