📄 vxdbody.asm

📁 使用汇编写VXD的一个例子
💻 ASM
字号:
.386p
	.xlist
	include	vmm.inc
	include vwin32.inc
.list

;============================================================================
;                         S O M E   E Q U 
;============================================================================

VXDBODYName              EQU     <'VXDBODY VXD      '> ;Must be 16 chars
VXDBODYRev               EQU     00H

VXDBODY_MAJOR_VERSION    EQU     1
VXDBODY_MINOR_VERSION    EQU     0


ErrorCode               EQU 0FFFFFFFFh

;============================================================================
; 			  P U B L I C   D A T A
;============================================================================

VXD_LOCKED_DATA_SEG

FLAGS   dd 0
SYS_VM  dd 0
LDT     dd 0


VXD_LOCKED_DATA_ENDS


;===================================
;D E V I C E   D E C L A R A T I O N
;===================================

VXD_LOCKED_CODE_SEG

DECLARE_VIRTUAL_DEVICE VXDBODY,  \
        VXDBODY_MAJOR_VERSION,   \
        VXDBODY_MINOR_VERSION,   \
        VXDBODY_Control, ,       \
	UNDEFINED_INIT_ORDER


;=================
;M A I N   C O D E
;=================


public VXDBODY_Control
VXDBODY_Control PROC NEAR

        Control_Dispatch SYS_DYNAMIC_DEVICE_INIT,       VXDBODY_Device_Init
        Control_Dispatch SYS_DYNAMIC_DEVICE_EXIT,       VXDBODY_Device_Exit
        Control_Dispatch W32_DEVICEIOCONTROL,           VXDBODY_ioctl
	clc
	ret

VXDBODY_Control ENDP


Public VXDBODY_ioctl
BeginProc VXDBODY_ioctl

	mov	ecx,[esi].dwIoControlCode	; get ioctl code
        cmp     ecx,1
        je      Function1
        cmp     ecx,2
        je      Function2
        jmp     RetSuccess

Function1:
        ;Here everything you want
        ;No more Ring3 limitations
        jmp     RetSuccess

Function2:
        ;Here other function
        ;and so on.
        jmp     RetSuccess 

RetSuccess:
        xor     eax, eax     ;return zero = success
	clc
	ret
RetFail:
        mov     eax,ErrorCode
        stc
        ret


EndProc VXDBODY_ioctl


BeginProc Our_Int_Handler

        pushad
        mov     eax,[ebp.Client_EAX]
        cmp     ax,2A00h                ;Get_System_Time DOS function?
        jne     Let_DOS_Work
        
        xor     eax,eax
        mov     FLAGS,eax

        VxDCall VWIN32_GetCurrentProcessHandle
        mov     eax,[eax+38h]
        or      al,7
        mov     LDT,eax    

        VmmCall Get_Sys_VM_Handle
        mov     SYS_VM,ebx

        VmmCall _SelectorMapFlat <SYS_VM,LDT,FLAGS>

        add     eax,0F2h        ;Now eax points to the caller name
        mov     ebx,[eax]
        cmp     ebx,'ideH'      ;Hedit is inverted
        jne     Let_DOS_Work
        mov     bl,[eax+4]
        cmp     bl,'t'
        jne     Let_DOS_Work

        mov     [ebp.Client_AX],1      ;Day of week
        mov     [ebp.Client_CX],1088   ;Year
        mov     [ebp.Client_DX],0101h  ;Day and Month 

Is_Hedit:
        popad
        clc     ;consume the interrupt
        ret

Let_DOS_Work:
        popad
   	stc   ; don't consume the interrupt
   	ret

EndProc Our_Int_Handler



Public VXDBODY_Device_Exit
BeginProc VXDBODY_Device_Exit

        mov     eax, 21h
        mov     esi, OFFSET32 Our_Int_Handler
        VMMCall UnHook_V86_Int_Chain
	clc
	ret

EndProc VXDBODY_Device_Exit

VXD_LOCKED_CODE_ENDS




VXD_ICODE_SEG

BeginProc VXDBODY_Device_Init

        mov     eax, 21h
        mov     esi, OFFSET32 Our_Int_Handler
   	VMMCall Hook_V86_Int_Chain
	clc
	ret

EndProc VXDBODY_Device_Init

VXD_ICODE_ENDS


end
💿 文件大小 18 K
👤 上传用户 KuFly
📂 所属分类驱动编程
🏷️ 相关标签

#VXD #汇编
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -