Masm32 Kernel Programming Save

masm32 kernel programming, drivers, tutorials, examples, and tools (credits Four-F)

Project README

masm32-kernel-programming

Dreg's repo for his own needs

masm32 kernel programming, drivers, tutorials, examples, and tools (credits Four-F)

Instructions

download/clone this repo
run masm32v11r_install.exe
click on install image (earth)
install masm32 in C:\
I recommend add to PATH environment variable following entries:
- C:\masm32\bin
- C:\masm32
copy KmdKit18\include\ content to C:\masm32\include\
copy KmdKit18\macros\ content to C:\masm32\macros\
copy KmdKit18\lib\ content to C:\masm32\lib\

Basic example

copy beeper.asm to C:\
copy beeper.bat to C:\
run beeper.bat

At this moment a .sys is created in C:\

How to load/unload a driver

w2k_load.exe - best way

load driver:

w2k_load.exe C:\beeper.sys

w2k_load.exe or osrloader.exe gives an error loading beeper.sys, just ignore it.

This error is generated by driver code itself when it finish its own execution (with this trick you dont need unload it)

mov eax, STATUS_DEVICE_CONFIGURATION_ERROR
ret

So, if beep.sys is correctly loaded in kernel you should listen a beep in your speakers (driver code generates a beep)

When you need unload a driver use:

w2k_load.exe PATH_SYS_FILE /unload

I modified w2k_load.exe by Sven B. Schreiber to work for windows 2000 to windows 10 (manifest...)

osrloader

unzip osrloaderv30.zip and use this GUI program:

Select a .sys file (driver path)
Register service
Start service

How to view debug msg without windbg

for older windows just use DbgView.exe attached in this repo. Btw, I modified it (manifest...)

For modern windows use the last dbgview.exe form sysinternal web site, and check this for troubleshooting:

Next steps

Read .pdf files in this repo and look examples at KmdKit18/examples directory

WARNING: ALL source ASM code are inside .bat files (batch + asm code mixed in the same file)

Example with advanced\FindShadowTable\FindShadowTable.bat

;@echo off
;goto make

ASM DRIVER CODE GOES HERE

:make
set drv=FindShadowTable
\masm32\bin\ml /nologo /c /coff %drv%.bat
\masm32\bin\link /nologo /driver /base:0x10000 /align:32 /out:%drv%.sys /subsystem:native %drv%.obj
del %drv%.obj
echo.
pause

This file contains BATCH code which generates a .sys and also contains the own driver source code, So, yes, very tricky, the build script and source code are together

advanced/FindShadowTable

This is an example how to find ServiceDescriptorTableShadow.

It just scans threads whith ID 80h-400h trying to find a thread which KTHREAD.ServiceTable not equal to KeServiceDescriptorTable. If such a thread is found its KTHREAD.ServiceTable holds ServiceDescriptorTableShadow address.

Watch driver's debug output with the DbgView (www.sysinternals.com) or use SoftICE.

Tested under: Windows 2000, XP and Server 2003.

advanced/KbdSpy

This is an example of a simple legacy (non PnP) PS/2-keyboard filter driver. WARNING: You will fail to attach it to USB-keyboard stack.

Tested under: Windows 2000, XP and Server 2003.

advanced/MouSpy

Four-F, [email protected] macro files is from my package cocomac.

This is an example of a simple legacy (non PnP) PS/2-mouse filter driver. WARNING: You will fail to attach it to USB-mouse stack.

Tested under: Windows 2000, XP and Server 2003.

advanced/SecureDevices

This is an example how to apply particular security settings to named device object by calling IoCreateDeviceSecure instead of IoCreateDevice.

Since IoCreateDeviceSecure routine is not a part of the operating system, we link wdmsec.lib, which contains all needed routines.

The wdmsec.lib library you will find here is not one shipped with the DDK. I had to rebuild it to reduce its size, removing not needed members.

basic/FileWorks

This is an example how to create, write to, read from and delete the file.

Use KmdManager to register/unregister and start it. Watch its debug output with the DbgView (www.sysinternals.com) or use SoftICE.

Tested under: Windows 2000, XP and Server 2003.

basic/HiddenDriver

This is an example how to pack the driver into resources.

Tested under: Windows 2000, XP and Server 2003.

basic/IsSafeBootMode

The way you know whether the system is running in safe mode or not.

Use KmdManager to register/unregister and start it. Watch its debug output with the DbgView (www.sysinternals.com) or use SoftICE.

Tested under: Windows 2000, XP and Server 2003.

basic/MemoryWorks/LookasideList

This is an example how to use lookaside list and doubly linked list to manage the memory blocks allocated from lookaside list.

Use KmdManager to register/unregister and start/stop it. Watch its debug output with the DbgView (www.sysinternals.com) or use SoftICE.

Tested under: Windows 2000, XP and Server 2003.

basic/MemoryWorks/seh

This is an example how to handle exceptions with SEH. But remember. YOU CAN'T HANDLE ALL EXCEPTIONS WITH SEH IN KERNEL MODE !

Use KmdManager to register/unregister and start/stop it. Watch its debug output with the DbgView (www.sysinternals.com) or use SoftICE.

Tested under: Windows 2000, XP and Server 2003.

basic/MemoryWorks/SharedSection

This is an example how to use named section object to share memory between user mode process and kernel mode driver.

Tested under: Windows 2000, XP and Server 2003.

basic/MemoryWorks/SharingMemory

This is an example of one possible way to share the memory buffer between user and kernel mode.

Tested under: Windows 2000, XP and Server 2003.

basic/MemoryWorks/SystemModules

This is an example how to allocate memory in kernel mode. To not allocate it useless we fill it with some system info.

Use KmdManager to register/unregister and start/stop it. Watch its debug output with the DbgView (www.sysinternals.com) or use SoftICE.

Tested under: Windows 2000, XP and Server 2003.

basic/RegistryWorks

This is an example how to create, set, read and delete the registry key. Use KmdManager to register/unregister and start it. Watch its debug output with the DbgView (www.sysinternals.com) or use SoftICE.

Tested under: Windows 2000, XP and Server 2003.

basic/Sections

This is an example how to put code in different PE-sections.

basic/Synchronization/MutualExclusion

This is an example how to implement mutual exclusive access to the resource.

Use KmdManager to register/unregister and start/stop it. Watch its debug output with the DbgView (www.sysinternals.com) or use SoftICE.

basic/Synchronization/SharedEvent - ProcessMon

[basic/Synchronization/SharedEvent - ProcessMon](KmdKit18/examples/basic/Synchronization/SharedEvent - ProcessMon)

This is an example how to notify the user mode about some sort of event has happened.

Tested under: Windows 2000, XP and Server 2003.

basic/Synchronization/TimerWorks

This is an example how to create, set, wait for and cancel the timer. Use KmdManager to register/unregister and start/stop it. Watch its debug output with the DbgView (www.sysinternals.com) or use SoftICE.

Tested under: Windows 2000, XP and Server 2003.