ztsice.asm

WINXP下的ICE驱动程序源码,驱动程序练习

;==============================================================================
;
;  作者：一块三毛钱
;  邮箱：zhongts@163.com
;  日期：2005.4.30
;
;  简单的 SoftICE 扩展
;
;  v0.0.1 (2005.4.30)
;
;      [+] 实现了两个简单的命令 zts_pestruct 和 zts_string
;      [+] 支持 DS3.2 版本的 SoftICE
;      [+] 第一个版本，实现了动态加载和卸载
;
;==============================================================================

.386
.model flat,stdcall
option casemap:none

include ZtsICE.inc
include softice.asm
include ExtCmd.asm

.code

DriverEntry proc pDriverObject:PDRIVER_OBJECT, pusRegistryPath:PUNICODE_STRING
	LOCAL	_status : NTSTATUS
	
	invoke	DbgPrint, $CTA0("___________________________DriverEntry\n")
	mov	_status, STATUS_DEVICE_CONFIGURATION_ERROR

	mov	eax, pDriverObject
	assume	eax:ptr DRIVER_OBJECT
	mov	[eax].DriverUnload, offset _DriverUnload
	assume	eax:nothing
	
;	int	3
	invoke	_si_Init
	.if eax
		lea	eax, DriverEntry
		and	eax, 0fffff000h
		.while TRUE
			cmp	word ptr [eax], 'ZM'
			.break .if ZERO?
			sub	eax, 4096
		.endw
		invoke	_si_LoadKDE, eax
		mov	_status, STATUS_SUCCESS
	.endif
	
	mov eax, _status
	ret
DriverEntry endp

_DriverUnload proc pDriverObject:PDRIVER_OBJECT
	invoke	DbgPrint, $CTA0("___________________________bye bye ...\n")
;	int	3
	invoke	_si_ClearBangFuncsArray
	ret
_DriverUnload endp

WinDbgExtensionDllInit proc uses edi esi, lpExtensionApis:DWORD, MajorVersion:DWORD, MinorVersion:DWORD
	mov	esi, lpExtensionApis
	mov	edi, offset ExtensionApis
	mov	ecx, 12
	rep movsd
	
	invoke	DbgPrint, $CTA0("___________________________WinDbgExtensionDllInit\n")
	
	ret
WinDbgExtensionDllInit endp

ExtensionApiVersion proc
	mov	eax, offset ExtensionApis
	ret
ExtensionApiVersion endp

CheckVersion proc
	ret
CheckVersion endp

end DriverEntry