📄 ramdisk.cod
字号:
0012b 8d 44 40 01 lea eax, DWORD PTR [eax+eax*2+1]
0012f 99 cdq
00130 2b c2 sub eax, edx
00132 d1 f8 sar eax, 1
00134 05 ff 01 00 00 add eax, 511 ; 000001ffH
00139 99 cdq
0013a f7 fb idiv ebx
0013c c7 44 24 14 0c
00 00 00 mov DWORD PTR _fatType$[esp+12], 12 ; 0000000cH
; 988 : fatEntries -= fatSectorCnt;
00144 2b c8 sub ecx, eax
; 989 : fatSectorCnt = (((fatEntries * 3 + 1) / 2) + 511) / 512;
00146 0f b7 c1 movzx eax, cx
00149 8d 44 40 01 lea eax, DWORD PTR [eax+eax*2+1]
0014d 99 cdq
0014e 2b c2 sub eax, edx
00150 d1 f8 sar eax, 1
00152 05 ff 01 00 00 add eax, 511 ; 000001ffH
$L14676:
00157 99 cdq
00158 b9 00 02 00 00 mov ecx, 512 ; 00000200H
0015d f7 f9 idiv ecx
; 990 : }
; 991 :
; 992 : bootSector->bsFATsecs = fatSectorCnt;
; 993 : bootSector->bsSecPerTrack = (USHORT)devExt->DiskGeometry.SectorsPerTrack;
; 994 : bootSector->bsHeads = (USHORT)devExt->DiskGeometry.TracksPerCylinder;
; 995 : bootSector->bsBootSignature = 0x29;
; 996 : bootSector->bsVolumeID = 0x12345678;
; 997 : strncpy(bootSector->bsLabel, "RamDisk ", 11);
0015f 6a 0b push 11 ; 0000000bH
00161 68 00 00 00 00 push OFFSET FLAT:$SG14555
00166 8b d8 mov ebx, eax
00168 66 89 5e 16 mov WORD PTR [esi+22], bx
0016c 66 8b 45 40 mov ax, WORD PTR [ebp+64]
00170 66 89 46 18 mov WORD PTR [esi+24], ax
00174 66 8b 45 3c mov ax, WORD PTR [ebp+60]
00178 66 89 46 1a mov WORD PTR [esi+26], ax
0017c 8d 46 2b lea eax, DWORD PTR [esi+43]
0017f 50 push eax
00180 c6 46 26 29 mov BYTE PTR [esi+38], 41 ; 00000029H
00184 c7 46 27 78 56
34 12 mov DWORD PTR [esi+39], 305419896 ; 12345678H
0018b ff d7 call edi
; 998 : strncpy(bootSector->bsFileSystemType, "FAT1? ", 8);
0018d 6a 08 push 8
0018f 8d 46 36 lea eax, DWORD PTR [esi+54]
00192 68 00 00 00 00 push OFFSET FLAT:$SG14556
00197 50 push eax
00198 ff d7 call edi
0019a 83 c4 18 add esp, 24 ; 00000018H
; 999 : bootSector->bsFileSystemType[4] = ( fatType == 16 ) ? '6' : '2';
0019d 66 83 7c 24 14
10 cmp WORD PTR _fatType$[esp+12], 16 ; 00000010H
; 1000 :
; 1001 : bootSector->bsSig2[0] = 0x55;
001a3 c6 86 fe 01 00
00 55 mov BYTE PTR [esi+510], 85 ; 00000055H
001aa 0f 94 c0 sete al
; 1002 : bootSector->bsSig2[1] = 0xAA;
001ad c6 86 ff 01 00
00 aa mov BYTE PTR [esi+511], 170 ; 000000aaH
001b4 8d 04 85 32 00
00 00 lea eax, DWORD PTR [eax*4+50]
001bb 88 46 3a mov BYTE PTR [esi+58], al
; 1003 :
; 1004 : //
; 1005 : // The FAT is located immediately following the boot sector.
; 1006 : //
; 1007 : firstFatSector = (PUCHAR)(bootSector + 1);
; 1008 : firstFatSector[0] = (UCHAR) devExt->DiskGeometry.MediaType;
001be 8a 4d 38 mov cl, BYTE PTR [ebp+56]
001c1 8d 86 00 02 00
00 lea eax, DWORD PTR [esi+512]
; 1009 : firstFatSector[1] = 0xFF;
001c7 80 48 01 ff or BYTE PTR [eax+1], 255 ; 000000ffH
; 1010 : firstFatSector[2] = 0xFF;
001cb 80 48 02 ff or BYTE PTR [eax+2], 255 ; 000000ffH
; 1011 :
; 1012 : if (fatType == 16) {
001cf 66 83 7c 24 14
10 cmp WORD PTR _fatType$[esp+12], 16 ; 00000010H
001d5 88 08 mov BYTE PTR [eax], cl
001d7 75 04 jne SHORT $L14559
; 1013 : firstFatSector[3] = 0xFF;
001d9 80 48 03 ff or BYTE PTR [eax+3], 255 ; 000000ffH
$L14559:
; 1014 : }
; 1015 :
; 1016 : //
; 1017 : // The Root Directory follows the FAT
; 1018 : //
; 1019 : rootDir = (PDIR_ENTRY)(bootSector + 1 + fatSectorCnt);
001dd 0f b7 c3 movzx eax, bx
001e0 40 inc eax
001e1 c1 e0 09 shl eax, 9
001e4 03 c6 add eax, esi
; 1020 : strcpy(rootDir->deName, "RAMDisk ");
001e6 8b f8 mov edi, eax
001e8 be 00 00 00 00 mov esi, OFFSET FLAT:$SG14561
001ed a5 movsd
001ee a5 movsd
001ef a4 movsb
; 1021 : strcpy(rootDir->deExtension, " ");
001f0 8b 0d 00 00 00
00 mov ecx, DWORD PTR $SG14562
001f6 5f pop edi
001f7 5e pop esi
001f8 89 48 08 mov DWORD PTR [eax+8], ecx
001fb 5d pop ebp
; 1022 : rootDir->deAttributes = DIR_ATTR_VOLUME;
001fc c6 40 0b 08 mov BYTE PTR [eax+11], 8
; 1023 :
; 1024 : return status;
00200 33 c0 xor eax, eax
00202 5b pop ebx
; 1025 : } // end RamDiskFormatDisk()
00203 c2 04 00 ret 4
_RamDiskFormatDisk@4 ENDP
PAGE ENDS
PUBLIC _DriverEntry@8
PUBLIC _RamDiskUnload@4
EXTRN __imp__ExAllocatePoolWithTag@12:NEAR
EXTRN __imp__IoAllocateDriverObjectExtension@16:NEAR
EXTRN _RamDiskAddDevice@8:NEAR
EXTRN _RamDiskDispatchPnp@8:NEAR
EXTRN _RamDiskDispatchPower@8:NEAR
EXTRN _RamDiskDispatchSystemControl@8:NEAR
; Function compile flags: /Ogsy
; COMDAT _DriverEntry@8
INIT SEGMENT
_driverExtension$ = 8
_DriverObject$ = 8
_RegistryPath$ = 12
_DriverEntry@8 PROC NEAR ; COMDAT
; 95 : {
00000 55 push ebp
00001 8b ec mov ebp, esp
00003 56 push esi
; 96 : PRAMDISK_DRIVER_EXTENSION driverExtension;
; 97 : NTSTATUS status;
; 98 :
; 99 : #if DBG
; 100 : CHAR VersionHerald[] = "Windows 2000 Ramdisk Driver - Version %s built on %s\n";
; 101 : CHAR VersionNumber[] = "1.0";
; 102 : CHAR VersionTimestamp[] = __DATE__ " " __TIME__;
; 103 :
; 104 : DBGPRINT( DBG_COMP_INIT, DBG_LEVEL_NOTIFY, ( VersionHerald, VersionNumber, VersionTimestamp) );
; 105 : #endif
; 106 :
; 107 : DBGPRINT( DBG_COMP_INIT, DBG_LEVEL_VERBOSE, ("DriverEntry - IN\n") );
; 108 :
; 109 :
; 110 : //
; 111 : // Create extension for the driverobject to store driver specific
; 112 : // information. Device specific information should be stored in
; 113 : // Device Extension
; 114 :
; 115 : status = IoAllocateDriverObjectExtension(DriverObject,
; 116 : RAMDISK_DRIVER_EXTENSION_KEY,
; 117 : sizeof(RAMDISK_DRIVER_EXTENSION),
; 118 : &driverExtension);
00004 8b 75 08 mov esi, DWORD PTR _DriverObject$[ebp]
00007 8d 45 08 lea eax, DWORD PTR _driverExtension$[ebp]
0000a 50 push eax
0000b 6a 0c push 12 ; 0000000cH
0000d 68 00 00 00 00 push OFFSET FLAT:_DriverEntry@8
00012 56 push esi
00013 ff 15 00 00 00
00 call DWORD PTR __imp__IoAllocateDriverObjectExtension@16
; 119 :
; 120 : if(!NT_SUCCESS(status)) {
00019 85 c0 test eax, eax
; 121 : DBGPRINT( DBG_COMP_INIT, DBG_LEVEL_ERROR,
; 122 : ("Ramdisk driver extension could not be allocated %lx \n", status ) );
; 123 : return status;
0001b 0f 8c a5 00 00
00 jl $L14274
; 124 : }
; 125 :
; 126 : //
; 127 : // Copy the registry path into the driver extension so we can use it later
; 128 : //
; 129 :
; 130 : driverExtension->RegistryPath.Length = RegistryPath->Length;
00021 8b 4d 08 mov ecx, DWORD PTR _driverExtension$[ebp]
00024 57 push edi
00025 8b 7d 0c mov edi, DWORD PTR _RegistryPath$[ebp]
00028 66 8b 07 mov ax, WORD PTR [edi]
0002b 66 89 01 mov WORD PTR [ecx], ax
; 131 : driverExtension->RegistryPath.MaximumLength = RegistryPath->MaximumLength +
; 132 : sizeof(UNICODE_NULL);
0002e 66 8b 47 02 mov ax, WORD PTR [edi+2]
00032 8b 4d 08 mov ecx, DWORD PTR _driverExtension$[ebp]
00035 66 05 02 00 add ax, 2
00039 66 89 41 02 mov WORD PTR [ecx+2], ax
; 133 :
; 134 : driverExtension->RegistryPath.Buffer =
; 135 : ExAllocatePoolWithTag(PagedPool,
; 136 : driverExtension->RegistryPath.MaximumLength,
; 137 : RAMDISK_TAG_GENERAL);
0003d 8b 45 08 mov eax, DWORD PTR _driverExtension$[ebp]
00040 0f b7 40 02 movzx eax, WORD PTR [eax+2]
00044 68 52 61 6d 31 push 829251922 ; 316d6152H
00049 50 push eax
0004a 6a 01 push 1
0004c ff 15 00 00 00
00 call DWORD PTR __imp__ExAllocatePoolWithTag@12
00052 8b 4d 08 mov ecx, DWORD PTR _driverExtension$[ebp]
00055 89 41 04 mov DWORD PTR [ecx+4], eax
; 138 :
; 139 : if(driverExtension->RegistryPath.Buffer == NULL) {
00058 8b 45 08 mov eax, DWORD PTR _driverExtension$[ebp]
0005b 83 78 04 00 cmp DWORD PTR [eax+4], 0
0005f 75 07 jne SHORT $L14285
; 140 : status = STATUS_INSUFFICIENT_RESOURCES;
; 141 : return status;
00061 b8 9a 00 00 c0 mov eax, -1073741670 ; c000009aH
00066 eb 5d jmp SHORT $L14680
$L14285:
; 142 : }
; 143 :
; 144 : RtlCopyUnicodeString( &(driverExtension->RegistryPath), RegistryPath);
00068 57 push edi
00069 50 push eax
0006a ff 15 00 00 00
00 call DWORD PTR __imp__RtlCopyUnicodeString@8
; 145 : driverExtension->DeviceInitialized = FALSE;
00070 8b 45 08 mov eax, DWORD PTR _driverExtension$[ebp]
00073 83 60 08 00 and DWORD PTR [eax+8], 0
; 146 :
; 147 : #if DBG
; 148 : // Query registry paramters
; 149 :
; 150 : RamDiskQueryDebugRegParameters( RegistryPath );
; 151 :
; 152 : // Break if required
; 153 : if ( BreakOnEntry ) {
; 154 : KdBreakPoint();
; 155 : }
; 156 : #endif
; 157 :
; 158 : //
; 159 : // Create dispatch points for Create, Close, Unload, Pnp, Power & WMI
; 160 : //
; 161 :
; 162 : DriverObject->MajorFunction[IRP_MJ_CREATE] = RamDiskCreateClose;
00077 b8 00 00 00 00 mov eax, OFFSET FLAT:_RamDiskCreateClose@8
0007c 89 46 38 mov DWORD PTR [esi+56], eax
; 163 : DriverObject->MajorFunction[IRP_MJ_CLOSE] = RamDiskCreateClose;
0007f 89 46 40 mov DWORD PTR [esi+64], eax
; 164 : DriverObject->MajorFunction[IRP_MJ_READ] = RamDiskReadWrite;
00082 b8 00 00 00 00 mov eax, OFFSET FLAT:_RamDiskReadWrite@8
00087 89 46 44 mov DWORD PTR [esi+68], eax
; 165 : DriverObject->MajorFunction[IRP_MJ_WRITE] = RamDiskReadWrite;
0008a 89 46 48 mov DWORD PTR [esi+72], eax
; 166 : DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = RamDiskIOCtl;
; 167 : DriverObject->MajorFunction[IRP_MJ_PNP] = RamDiskDispatchPnp;
; 168 : DriverObject->MajorFunction[IRP_MJ_POWER] = RamDiskDispatchPower;
; 169 : DriverObject->MajorFunction[IRP_MJ_SYSTEM_CONTROL] = RamDiskDispatchSystemControl;
; 170 : DriverObject->DriverExtension->AddDevice = RamDiskAddDevice;
0008d 8b 46 18 mov eax, DWORD PTR [esi+24]
00090 c7 46 70 00 00
00 00 mov DWORD PTR [esi+112], OFFSET FLAT:_RamDiskIOCtl@8
00097 c7 86 a4 00 00
00 00 00 00 00 mov DWORD PTR [esi+164], OFFSET FLAT:_RamDiskDispatchPnp@8
000a1 c7 86 90 00 00
00 00 00 00 00 mov DWORD PTR [esi+144], OFFSET FLAT:_RamDiskDispatchPower@8
000ab c7 86 94 00 00
00 00 00 00 00 mov DWORD PTR [esi+148], OFFSET FLAT:_RamDiskDispatchSystemControl@8
000b5 c7 40 04 00 00
00 00 mov DWORD PTR [eax+4], OFFSET FLAT:_RamDiskAddDevice@8
; 171 : DriverObject->DriverUnload = RamDiskUnload;
000bc c7 46 34 00 00
00 00 mov DWORD PTR [esi+52], OFFSET FLAT:_RamDiskUnload@4
; 172 :
; 173 : DBGPRINT( DBG_COMP_INIT, DBG_LEVEL_VERBOSE, ("DriverEntry - OUT.\n") );
; 174 : return STATUS_SUCCESS;
000c3 33 c0 xor eax, eax
$L14680:
000c5 5f pop edi
$L14274:
000c6 5e pop esi
; 175 : } // End of DriverEntry()
000c7 5d pop ebp
000c8 c2 08 00 ret 8
_DriverEntry@8 ENDP
INIT ENDS
EXTRN __imp__ExFreePoolWithTag@8:NEAR
EXTRN __imp__IoGetDriverObjectExtension@8:NEAR
; Function compile flags: /Ogsy
; COMDAT _RamDiskUnload@4
PAGE SEGMENT
_DriverObject$ = 8
_RamDiskUnload@4 PROC NEAR ; COMDAT
; 255 : PRAMDISK_DRIVER_EXTENSION driverExtension;
; 256 :
; 257 : DBGPRINT( DBG_COMP_INIT, DBG_LEVEL_INFO, ("Driver Unload\n") );
; 258 : ASSERT(DriverObject->DeviceObject == NULL);
; 259 : driverExtension = IoGetDriverObjectExtension(DriverObject,
; 260 : RAMDISK_DRIVER_EXTENSION_KEY);
00000 68 00 00 00 00 push⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -