參考資訊:
https://wasm.in/
http://four-f.narod.ru/
https://github.com/steward-fu/ddk
main.asm
.386p
.model flat, stdcall
option casemap:none
include c:\masm32\include\w2k\ntstatus.inc
include c:\masm32\include\w2k\ntddk.inc
include c:\masm32\include\w2k\ntoskrnl.inc
include c:\masm32\include\w2k\ntddkbd.inc
include c:\masm32\Macros\Strings.mac
includelib c:\masm32\lib\wxp\i386\ntoskrnl.lib
public DriverEntry
MyDeviceExtension struct
pNextDevice PDEVICE_OBJECT ?
MyDeviceExtension ends
.code
IrpFile proc pMyDevice : PDEVICE_OBJECT, pIrp : PIRP
IoGetCurrentIrpStackLocation pIrp
movzx eax, (IO_STACK_LOCATION ptr [eax]).MajorFunction
.if eax == IRP_MJ_CREATE
invoke DbgPrint, $CTA0("IRP_MJ_CREATE")
.elseif eax == IRP_MJ_READ
invoke DbgPrint, $CTA0("IRP_MJ_READ")
.elseif eax == IRP_MJ_WRITE
invoke DbgPrint, $CTA0("IRP_MJ_WRITE")
.elseif eax == IRP_MJ_CLOSE
invoke DbgPrint, $CTA0("IRP_MJ_CLOSE")
.endif
mov eax, pIrp
and (_IRP ptr [eax]).IoStatus.Information, 0
mov (_IRP ptr [eax]).IoStatus.Status, STATUS_SUCCESS
fastcall IofCompleteRequest, pIrp, IO_NO_INCREMENT
mov eax, STATUS_SUCCESS
ret
IrpFile endp
AddDevice proc pMyDriver : PDRIVER_OBJECT, pPhyDevice : PDEVICE_OBJECT
local pMyDevice : PDEVICE_OBJECT
local szDevName : UNICODE_STRING
local szSymName : UNICODE_STRING
invoke RtlInitUnicodeString, addr szDevName, $CTW0("\\Device\\MyDriver")
invoke RtlInitUnicodeString, addr szSymName, $CTW0("\\DosDevices\\MyDriver")
invoke IoCreateDevice, pMyDriver, sizeof MyDeviceExtension, addr szDevName, FILE_DEVICE_UNKNOWN, 0, FALSE, addr pMyDevice
.if eax == STATUS_SUCCESS
invoke IoAttachDeviceToDeviceStack, pMyDevice, pPhyDevice
.if eax != NULL
push eax
mov eax, pMyDevice
mov eax, (DEVICE_OBJECT ptr [eax]).DeviceExtension
pop (MyDeviceExtension ptr [eax]).pNextDevice
mov eax, pMyDevice
or (DEVICE_OBJECT ptr [eax]).Flags, DO_BUFFERED_IO
and (DEVICE_OBJECT ptr [eax]).Flags, not DO_DEVICE_INITIALIZING
invoke IoCreateSymbolicLink, addr szSymName, addr szDevName
.endif
.endif
ret
AddDevice endp
Unload proc pMyDriver : PDRIVER_OBJECT
ret
Unload endp
IrpPnp proc pMyDevice : PDEVICE_OBJECT, pIrp : PIRP
local pDevExt : ptr
local szSymName : UNICODE_STRING
mov eax, pMyDevice
push (DEVICE_OBJECT ptr [eax]).DeviceExtension
pop pDevExt
IoGetCurrentIrpStackLocation pIrp
movzx eax, (IO_STACK_LOCATION ptr [eax]).MinorFunction
.if eax == IRP_MN_START_DEVICE
mov eax, pIrp
mov (_IRP ptr [eax]).IoStatus.Status, STATUS_SUCCESS
.elseif eax == IRP_MN_REMOVE_DEVICE
invoke RtlInitUnicodeString, addr szSymName, $CTW0("\\DosDevices\\MyDriver")
invoke IoDeleteSymbolicLink, addr szSymName
mov eax, pIrp
mov (_IRP ptr [eax]).IoStatus.Status, STATUS_SUCCESS
mov eax, pDevExt
invoke IoDetachDevice, (MyDeviceExtension ptr [eax]).pNextDevice
invoke IoDeleteDevice, pMyDevice
fastcall IofCompleteRequest, pIrp, IO_NO_INCREMENT
ret
.endif
IoSkipCurrentIrpStackLocation pIrp
mov eax, pDevExt
invoke IoCallDriver, (MyDeviceExtension ptr [eax]).pNextDevice, pIrp
ret
IrpPnp endp
DriverEntry proc pMyDriver : PDRIVER_OBJECT, pMyRegistry : PUNICODE_STRING
mov eax, pMyDriver
mov (DRIVER_OBJECT ptr [eax]).MajorFunction[IRP_MJ_PNP * (sizeof PVOID)], offset IrpPnp
mov (DRIVER_OBJECT ptr [eax]).MajorFunction[IRP_MJ_CREATE * (sizeof PVOID)], offset IrpFile
mov (DRIVER_OBJECT ptr [eax]).MajorFunction[IRP_MJ_CLOSE * (sizeof PVOID)], offset IrpFile
mov (DRIVER_OBJECT ptr [eax]).MajorFunction[IRP_MJ_WRITE * (sizeof PVOID)], offset IrpFile
mov (DRIVER_OBJECT ptr [eax]).MajorFunction[IRP_MJ_READ * (sizeof PVOID)], offset IrpFile
mov (DRIVER_OBJECT ptr [eax]).DriverUnload, offset Unload
mov eax, (DRIVER_OBJECT ptr [eax]).DriverExtension
mov (DRIVER_EXTENSION ptr [eax]).AddDevice, AddDevice
mov eax, STATUS_SUCCESS
ret
DriverEntry endp
end
app.asm
.386p
.model flat, stdcall
option casemap:none
include c:\masm32\include\windows.inc
include c:\masm32\include\masm32.inc
include c:\masm32\include\user32.inc
include c:\masm32\include\msvcrt.inc
include c:\masm32\include\kernel32.inc
includelib c:\masm32\lib\user32.lib
includelib c:\masm32\lib\masm32.lib
includelib c:\masm32\lib\msvcrt.lib
includelib c:\masm32\lib\kernel32.lib
.const
DEV_NAME db "\\.\MyDriver",0
MSG_INFO db "I am error",0
MSG_WR db "WR: %s, %d",10,13,0
MSG_RD db "RD: %s, %d",10,13,0
.data?
hFile dd ?
dwRet dd ?
szBuffer db 255 dup(?)
.code
start:
invoke CreateFile, offset DEV_NAME, GENERIC_READ or GENERIC_WRITE, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0
mov hFile, eax
invoke StrLen, offset MSG_INFO
mov dwRet, eax
invoke crt_printf, offset MSG_WR, offset MSG_INFO, dwRet
invoke WriteFile, hFile, offset MSG_INFO, dwRet, offset dwRet, 0
invoke crt_memset, offset szBuffer, 0, 255
invoke ReadFile, hFile, offset szBuffer, 255, offset dwRet, 0
invoke crt_printf, offset MSG_RD, offset szBuffer, dwRet
invoke CloseHandle, hFile
invoke ExitProcess, 0
end start
end
完成