📄 vxd-e9.html

📁 介绍vxd驱动编写的入门和实际代码,让你对硬件驱动和window下的汇编有个初步认识
💻 HTML
📖 第 1 页 / 共 2 页
字号:
上一页 12
<br><b><tt><font color="#66FF99">&nbsp; pop esi</font></tt></b>
<br><b><tt><font color="#66FF99">&nbsp; mov edx,esi</font></tt></b>
<br><b><tt><font color="#66FF99">&nbsp; assume edx:ptr DIOCParams</font></tt></b>
<br><b><tt><font color="#66FF99">&nbsp; mov edi,[edx].lpvOutBuffer</font></tt></b>
<br><b><tt><font color="#66FF99">&nbsp; mov esi,OFFSET32 MediaID.midVolLabel</font></tt></b>
<br><b><tt><font color="#66FF99">&nbsp; mov ecx,11</font></tt></b>
<br><b><tt><font color="#66FF99">&nbsp; rep movsb</font></tt></b>
<br><b><tt><font color="#66FF99">&nbsp; mov byte ptr [edi],0</font></tt></b>
<br><b><tt><font color="#66FF99">&nbsp; mov ecx,[edx].lpcbBytesReturned</font></tt></b>
<br><b><tt><font color="#66FF99">&nbsp; mov dword ptr [edx],11</font></tt></b>
<br><b><tt>EndI:</tt></b>
<br><b><tt>&nbsp;.endif</tt></b>
<br><b><tt>&nbsp;xor eax,eax</tt></b>
<br><b><tt>&nbsp;ret</tt></b>
<br><b><tt>EndProc OnDeviceIoControl</tt></b>
<br><b><tt>VXD_PAGEABLE_CODE_ENDS</tt></b><b><tt></tt></b>
<p><b><tt>VXD_PAGEABLE_DATA_SEG</tt></b>
<br><b><tt><font color="#66FF99">&nbsp;MID struct</font></tt></b>
<br><b><tt><font color="#66FF99">&nbsp; midInfoLevel dw 0</font></tt></b>
<br><b><tt><font color="#66FF99">&nbsp; midSerialNum dd ?</font></tt></b>
<br><b><tt><font color="#66FF99">&nbsp; midVolLabel db 11 dup(?)</font></tt></b>
<br><b><tt><font color="#66FF99">&nbsp; midFileSysType db 8 dup(?)</font></tt></b>
<br><b><tt><font color="#66FF99">&nbsp;MID ends</font></tt></b>
<br><b><tt><font color="#66FF99">&nbsp;MediaID MID &lt;></font></tt></b>
<br><b><tt><font color="#66FF99">&nbsp;Handle dd ?</font></tt></b>
<br><b><tt><font color="#66FF99">&nbsp;AllocSize dd ?</font></tt></b>
<br><b><tt>VXD_PAGEABLE_DATA_ENDS</tt></b><b><tt></tt></b>
<p><b><tt>end</tt></b><b><tt></tt></b>
<p><b><tt>;------------------------------------------------------------</tt></b>
<br><b><tt>;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
Label.asm</tt></b>
<br><b><tt>; The win32 VxD loader.</tt></b>
<br><b><tt>;------------------------------------------------------------</tt></b>
<br><b><tt>.386</tt></b>
<br><b><tt>.model flat,stdcall</tt></b>
<br><b><tt>option casemap:none</tt></b><b><tt></tt></b>
<p><b><tt>include \masm32\include\windows.inc</tt></b>
<br><b><tt>include \masm32\include\user32.inc</tt></b>
<br><b><tt>include \masm32\include\kernel32.inc</tt></b>
<br><b><tt>includelib \masm32\lib\user32.lib</tt></b>
<br><b><tt>includelib \masm32\lib\kernel32.lib</tt></b><b><tt></tt></b>
<p><b><tt>DlgProc PROTO :DWORD,:DWORD,:DWORD,:DWORD</tt></b>
<br><b><tt>.data</tt></b>
<br><b><tt>Failure db "Cannot load VxDLabel.VXD",0</tt></b>
<br><b><tt>AppName db "Get Disk Label",0</tt></b>
<br><b><tt>VxDName db "\\.\vxdLabel.vxd",0</tt></b>
<br><b><tt>OutputTemplate db "Volume Label of Drive C",0</tt></b><b><tt></tt></b>
<p><b><tt>.data?</tt></b>
<br><b><tt>hInstance HINSTANCE ?</tt></b>
<br><b><tt>hVxD dd ?</tt></b>
<br><b><tt>DiskLabel db 12 dup(?)</tt></b>
<br><b><tt>BytesReturned dd ?</tt></b><b><tt></tt></b>
<p><b><tt>.const</tt></b>
<br><b><tt>IDD_VXDRUN&nbsp;&nbsp;&nbsp; equ 101</tt></b>
<br><b><tt>IDC_LOAD&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; equ 1000</tt></b><b><tt></tt></b>
<p><b><tt>.code</tt></b>
<br><b><tt>start:</tt></b>
<br><b><tt>&nbsp;invoke GetModuleHandle, NULL</tt></b>
<br><b><tt>&nbsp;mov&nbsp;&nbsp;&nbsp; hInstance,eax</tt></b>
<br><b><tt>&nbsp;invoke DialogBoxParam, hInstance, IDD_VXDRUN ,NULL,addr
DlgProc,NULL</tt></b>
<br><b><tt>&nbsp;invoke ExitProcess,eax</tt></b><b><tt></tt></b>
<p><b><tt>DlgProc proc hDlg:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM</tt></b>
<br><b><tt>&nbsp;.IF uMsg==WM_INITDIALOG</tt></b>
<br><b><tt>&nbsp; invoke CreateFile,addr VxDName,0,0,0,0,FILE_FLAG_DELETE_ON_CLOSE,0</tt></b>
<br><b><tt>&nbsp; .if eax==INVALID_HANDLE_VALUE</tt></b>
<br><b><tt>&nbsp;&nbsp; invoke MessageBox,hDlg,addr Failure,addr AppName,MB_OK+MB_ICONERROR</tt></b>
<br><b><tt>&nbsp;&nbsp; mov hVxD,0</tt></b>
<br><b><tt>&nbsp;&nbsp; invoke EndDialog,hDlg,NULL</tt></b>
<br><b><tt>&nbsp; .else</tt></b>
<br><b><tt>&nbsp;&nbsp; mov hVxD,eax</tt></b>
<br><b><tt>&nbsp; .endif</tt></b>
<br><b><tt>&nbsp;.elseif uMsg==WM_CLOSE</tt></b>
<br><b><tt>&nbsp; .if hVxD!=0</tt></b>
<br><b><tt>&nbsp;&nbsp; invoke CloseHandle,hVxD</tt></b>
<br><b><tt>&nbsp; .endif</tt></b>
<br><b><tt>&nbsp; invoke EndDialog,hDlg,0</tt></b>
<br><b><tt>&nbsp;.ELSEIF uMsg==WM_COMMAND</tt></b>
<br><b><tt>&nbsp; mov eax,wParam</tt></b>
<br><b><tt>&nbsp; mov edx,wParam</tt></b>
<br><b><tt>&nbsp; shr edx,16</tt></b>
<br><b><tt>&nbsp; .if dx==BN_CLICKED</tt></b>
<br><b><tt>&nbsp;&nbsp; .IF ax==IDC_LOAD</tt></b>
<br><b><tt><font color="#66FF99">&nbsp;&nbsp;&nbsp;&nbsp; invoke DeviceIoControl,hVxD,1,NULL,0,addr
DiskLabel,12,addr BytesReturned,NULL</font></tt></b>
<br><b><tt><font color="#66FF99">&nbsp;&nbsp;&nbsp;&nbsp; invoke MessageBox,hDlg,addr
DiskLabel,addr OutputTemplate,MB_OK+MB_ICONINFORMATION</font></tt></b>
<br><b><tt>&nbsp;&nbsp; .endif</tt></b>
<br><b><tt>&nbsp; .endif</tt></b>
<br><b><tt>&nbsp;.ELSE</tt></b>
<br><b><tt>&nbsp; mov eax,FALSE</tt></b>
<br><b><tt>&nbsp; ret</tt></b>
<br><b><tt>&nbsp;.ENDIF</tt></b>
<br><b><tt>&nbsp;mov eax,TRUE</tt></b>
<br><b><tt>&nbsp;ret</tt></b>
<br><b><tt>DlgProc endp</tt></b>
<br><b><tt>end start</tt></b></blockquote>

<h3>
<font face="Tahoma"><font color="#FF99FF"><font size=+1>Analysis</font></font></font></h3>
<font face="Tahoma"><font size=-1>We will examine label.asm which is the
win32 application which loads the VxD first.</font></font>
<blockquote><b><tt><font color="#66FF99">invoke DeviceIoControl,hVxD,1,NULL,0,addr
DiskLabel,12,\</font></tt></b>
<br><b><tt><font color="#66FF99">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
addr BytesReturned,NULL</font></tt></b></blockquote>
<font face="Tahoma"><font size=-1><font color="#FFFFFF">It calls DeviceIoControl
with device code equal to 1, no input buffer, a pointer to an output buffer
and its size. </font><b><font color="#FFFF99">DiskLabel</font></b><font color="#FFFFFF">
is the buffer set aside for receiving the volume label returned by the
VxD. The number of bytes actually returned will be stored in </font><b><font color="#FFFF99">BytesReturned</font></b><font color="#FFFFFF">
variable. This example demonstrates how to pass data to and receive data
from a VxD: you pass input/output buffers to the VxD and the VxD reads
from/write to the submitted buffers.</font></font></font>
<br><font face="Tahoma"><font color="#FFFFFF"><font size=-1>We will examine
the VxD code next.</font></font></font>
<blockquote><b><tt><font color="#66FF99">VMMCall Get_Sys_VM_Handle</font></tt></b>
<br><b><tt><font color="#66FF99">mov Handle,ebx</font></tt></b>
<br><b><tt><font color="#66FF99">assume ebx:ptr cb_s</font></tt></b>
<br><b><tt><font color="#66FF99">mov ebp,[ebx+CB_Client_Pointer]</font></tt></b></blockquote>
<font face="Tahoma"><font color="#FFFFFF"><font size=-1>When the VxD receives
W32_DeviceIoControl message, it calls Get_Sys_VM_Handle to obtain the system
VM handle and store it into a variable named Handle. It next extracts the
pointer to the client register structure from the VM control block into
ebp.</font></font></font>
<blockquote><b><tt><font color="#66FF99">mov ecx,sizeof MID</font></tt></b>
<br><b><tt><font color="#66FF99">stc</font></tt></b>
<br><b><tt><font color="#66FF99">push esi</font></tt></b>
<br><b><tt><font color="#66FF99">mov esi,OFFSET32 MediaID</font></tt></b>
<br><b><tt><font color="#66FF99">push ds</font></tt></b>
<br><b><tt><font color="#66FF99">pop fs</font></tt></b>
<br><b><tt><font color="#66FF99">VxDCall V86MMGR_Allocate_Buffer</font></tt></b>
<br><b><tt><font color="#66FF99">pop esi</font></tt></b>
<br><b><tt><font color="#66FF99">jc EndI</font></tt></b>
<br><b><tt><font color="#66FF99">mov AllocSize,ecx</font></tt></b></blockquote>
<font face="Tahoma"><font size=-1><font color="#FFFFFF">Next, it prepares
the parameters to be passed to </font><b><font color="#FFFF99">V86MMGR_Allocate_Buffer</font></b><font color="#FFFFFF">.
We must initialize the allocated buffer, hence the stc instruction. We
put the offset of MediaID into esi and the selector into fs then call </font><b><font color="#FFFF99">V86MMGR_Allocate_Buffer</font></b><font color="#FFFFFF">.
You'll recall that esi contains the pointer to </font><b><font color="#FFFF99">DIOCParams</font></b><font color="#FFFFFF">
so we must preserve it by push esi and pop esi.</font></font></font>
<blockquote><b><tt><font color="#66FF99">Push_Client_State</font></tt></b>
<br><b><tt><font color="#66FF99">VMMCall Begin_Nest_V86_Exec</font></tt></b>
<br><b><tt><font color="#66FF99">assume ebp:ptr Client_Byte_Reg_Struc</font></tt></b>
<br><b><tt><font color="#66FF99">mov [ebp].Client_ch,8</font></tt></b>
<br><b><tt><font color="#66FF99">mov [ebp].Client_cl,66h</font></tt></b>
<br><b><tt><font color="#66FF99">assume ebp:ptr Client_word_reg_struc</font></tt></b>
<br><b><tt><font color="#66FF99">mov edx,edi</font></tt></b>
<br><b><tt><font color="#66FF99">mov [ebp].Client_bx,3 ; drive C</font></tt></b>
<br><b><tt><font color="#66FF99">mov [ebp].Client_ax,440dh</font></tt></b></blockquote>
<font face="Tahoma"><font size=-1><font color="#FFFFFF">We prepare the
values in the client register structure for the int 21h, 440Dh minor code
66h. Specifying that we want to get the media ID of drive C. We also copy
the value in edi into edx (edi contains the V86 address of the memory block
allocated by </font><b><font color="#FFFF99">V86MMGR_Allocate_Buffer</font></b><font color="#FFFFFF">).</font></font></font>
<blockquote><b><tt><font color="#66FF99">mov [ebp].Client_dx,dx</font></tt></b>
<br><b><tt><font color="#66FF99">shr edx,16</font></tt></b>
<br><b><tt><font color="#66FF99">mov [ebp].Client_ds,dx</font></tt></b></blockquote>
<font face="Tahoma"><font color="#FFFFFF"><font size=-1>Since int 21h,
440Dh, minor code 66h expects pointer to an MID structure in ds:dx, we
must break the segment:offset pair in edx into two parts and put them into
the corresponding register images.</font></font></font>
<blockquote><b><tt><font color="#66FF99">mov eax,21h</font></tt></b>
<br><b><tt><font color="#66FF99">VMMCall Exec_Int</font></tt></b>
<br><b><tt><font color="#66FF99">VMMCall End_Nest_Exec</font></tt></b>
<br><b><tt><font color="#66FF99">Pop_Client_State</font></tt></b></blockquote>
<font face="Tahoma"><font size=-1><font color="#FFFFFF">When everything
is ready, we call </font><b><font color="#FFFF99">Exec_Int</font></b><font color="#FFFFFF">
to simulate the interrupt.</font></font></font>
<blockquote><b><tt><font color="#66FF99">mov ecx,AllocSize</font></tt></b>
<br><b><tt><font color="#66FF99">stc</font></tt></b>
<br><b><tt><font color="#66FF99">mov ebx,Handle</font></tt></b>
<br><b><tt><font color="#66FF99">push esi</font></tt></b>
<br><b><tt><font color="#66FF99">mov esi,OFFSET32 MediaID</font></tt></b>
<br><b><tt><font color="#66FF99">push ds</font></tt></b>
<br><b><tt><font color="#66FF99">pop fs</font></tt></b>
<br><b><tt><font color="#66FF99">VxDCall V86MMGR_Free_Buffer</font></tt></b>
<br><b><tt><font color="#66FF99">pop esi</font></tt></b></blockquote>
<font face="Tahoma"><font size=-1><font color="#FFFFFF">After Exec_Int
returns, the allocated buffer is filled by the information we want. The
next step is to retrieve that information. We achieve that goal by calling
</font><b><font color="#FFFF99">V86MMGR_Free_Buffer</font></b><font color="#FFFFFF">.
This service frees the memory block allocated by </font><b><font color="#FFFF99">V86MMGR_Allocate_Memory</font></b><font color="#FFFFFF">
and copies the data in the allocated memory block to the specified ring-0
memory block. Like </font><b><font color="#FFFF99">V86MMGR_Allocate_Memory</font></b><font color="#FFFFFF">,
if you want the copy operation, you must set the carry flag prior to calling
the service.</font></font></font>
<blockquote><b><tt><font color="#66FF99">mov edx,esi</font></tt></b>
<br><b><tt><font color="#66FF99">assume edx:ptr DIOCParams</font></tt></b>
<br><b><tt><font color="#66FF99">mov edi,[edx].lpvOutBuffer</font></tt></b>
<br><b><tt><font color="#66FF99">mov esi,OFFSET32 MediaID.midVolLabel</font></tt></b>
<br><b><tt><font color="#66FF99">mov ecx,11</font></tt></b>
<br><b><tt><font color="#66FF99">rep movsb</font></tt></b>
<br><b><tt><font color="#66FF99">mov byte ptr [edi],0</font></tt></b>
<br><b><tt><font color="#66FF99">mov ecx,[edx].lpcbBytesReturned</font></tt></b>
<br><b><tt><font color="#66FF99">mov dword ptr [edx],11</font></tt></b></blockquote>
<font face="Tahoma"><font size=-1><font color="#FFFFFF">After we have the
information in the ring-0 buffer, we copy the volume label to the buffer
provided by the win32 application. We can access the buffer by using </font><b><font color="#FFFF99">lpvOutBuffer</font></b><font color="#FFFFFF">
member of </font><b><font color="#FFFF99">DIOCParams</font></b><font color="#FFFFFF">.</font></font></font>
<br>
<hr WIDTH="100%">
<center><b>[<a href="http://win32asm.cjb.net">Iczelion's Win32 Assembly
Homepage</a>]</b></center>

</body>
</html>
上一页 12
💿 文件大小 147 K
👤 上传用户 z3021440
📂 所属分类其他书籍
🏷️ 相关标签

#window #vxd #驱动 #编写
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -