驱动程序的编译和连接

  • 发布于:2023-11-21
  • 136 人围观

Kmdkit推荐的方法是把汇编源程序写成批处理bat文件,以天杀的ring0.sys为例
把下面的代码存成ring0.bat

;@echo off
;goto make
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.586P;保护模式
.modelflat,stdcall
optioncasemap:none
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
includemasm32includew2k tddk.inc
;中断相关数据结构
IDT_REGSTRUCT
limitWORD?
baseDWORD?
IDT_REGENDS

;中断描述符
INT_DESCRIPTORSTRUCT
offs0_15WORD?
selWORD?
paramcntBYTE?
attrsBYTE?
offs16_31WORD?
INT_DESCRIPTORENDS

;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;代码段
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
szBufferdb16dup(0)
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
MyIntFuncproc
pushedx
calleax
iretd
MyIntFuncendp

;====================================================================
AddMyIntprocusesedi
local@IDT

sidtszBuffer
movedi,(IDT_REGptr[szBuffer]).base
addedi,21h*8

;使用Int21中断,该中断在Win2k下没有使用
;cli
moveax,offsetMyIntFunc
mov[edi],ax
shreax,16
mov[edi+6],ax;设置入口地址
mov[edi+2],cs;设置段地址
;设置Ring3可以访问
movWORDptr[edi+4],0EE00h
;sti

ret
AddMyIntendp
;====================================================================
WdmUnloadprocDriverObject:DWORD
local@IDT

sidtszBuffer
movedi,(IDT_REGptr[szBuffer]).base
addedi,21h*8
xoreax,eax
mov[edi],ax
mov[edi+6],ax;设置入口地址
mov[edi+2],ax;设置段地址
movWORDptr[edi+4],ax

ret
WdmUnloadendp
;====================================================================
DriverEntryprocDriverObj:DWORD,RegistryPath:DWORD


moveax,DriverObj
assumeeax:ptrDRIVER_OBJECT
mov[eax].DriverUnload,offsetWdmUnload
assumeeax:nothing
invokeAddMyInt

xoreax,eax
ret
DriverEntryendp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

万企互联
标签: