參考資訊:
https://wasm.in/
http://four-f.narod.ru/
https://github.com/steward-fu/ddk
main.asm
.386p
.model flat, stdcall
option casemap:none
include c:\masm32\include\w2k\ntstatus.inc
include c:\masm32\include\w2k\ntddk.inc
include c:\masm32\include\w2k\ntoskrnl.inc
include c:\masm32\include\w2k\ntddkbd.inc
include c:\masm32\include\wxp\wdm.inc
include c:\masm32\Macros\Strings.mac
includelib c:\masm32\lib\wxp\i386\ntoskrnl.lib
public DriverEntry
MyDeviceExtension struct
pNextDevice PDEVICE_OBJECT ?
szBuffer byte 255 dup(?)
MyDeviceExtension ends
.code
IrpOpenClose proc pMyDevice : PDEVICE_OBJECT, pIrp : PIRP
IoGetCurrentIrpStackLocation pIrp
movzx eax, (IO_STACK_LOCATION ptr [eax]).MajorFunction
.if eax == IRP_MJ_CREATE
invoke DbgPrint, $CTA0("IRP_MJ_CREATE")
.elseif eax == IRP_MJ_CLOSE
invoke DbgPrint, $CTA0("IRP_MJ_CLOSE")
.endif
mov eax, pIrp
and (_IRP ptr [eax]).IoStatus.Information, 0
mov (_IRP ptr [eax]).IoStatus.Status, STATUS_SUCCESS
fastcall IofCompleteRequest, pIrp, IO_NO_INCREMENT
mov eax, STATUS_SUCCESS
ret
IrpOpenClose endp
IrpReadWrite proc uses ebx pMyDevice : PDEVICE_OBJECT, pIrp : PIRP
local pBuf : dword
local dwLen : dword
local pDevExt : ptr
and dwLen, 0
mov eax, pMyDevice
push (DEVICE_OBJECT ptr [eax]).DeviceExtension
pop pDevExt
IoGetCurrentIrpStackLocation pIrp
movzx eax, (IO_STACK_LOCATION ptr [eax]).MajorFunction
.if eax == IRP_MJ_WRITE
invoke DbgPrint, $CTA0("IRP_MJ_WRITE")
mov eax, pIrp
MmGetMdlByteCount (_IRP ptr [eax]).MdlAddress
mov dwLen, eax
mov eax, pIrp
MmGetSystemAddressForMdlSafe (_IRP ptr [eax]).MdlAddress, LowPagePriority
mov pBuf, eax
invoke DbgPrint, $CTA0("Buffer: %s, Length: %d"), pBuf, dwLen
mov eax, pDevExt
mov ebx, pBuf
invoke memcpy, addr (MyDeviceExtension ptr [eax]).szBuffer, ebx, dwLen
.elseif eax == IRP_MJ_READ
invoke DbgPrint, $CTA0("IRP_MJ_READ")
mov eax, pIrp
MmGetMdlByteCount (_IRP ptr [eax]).MdlAddress
mov dwLen, eax
mov eax, pIrp
MmGetSystemAddressForMdlSafe (_IRP ptr [eax]).MdlAddress, LowPagePriority
mov pBuf, eax
mov eax, pMyDevice
push (DEVICE_OBJECT ptr [eax]).DeviceExtension
pop pDevExt
mov eax, pDevExt
mov ebx, pBuf
invoke strcpy, ebx, addr (MyDeviceExtension ptr [eax]).szBuffer
mov eax, pDevExt
invoke strlen, addr (MyDeviceExtension ptr [eax]).szBuffer
mov dwLen, eax
.endif
mov eax, pIrp
push dwLen
pop (_IRP ptr [eax]).IoStatus.Information
mov (_IRP ptr [eax]).IoStatus.Status, STATUS_SUCCESS
fastcall IofCompleteRequest, pIrp, IO_NO_INCREMENT
mov eax, STATUS_SUCCESS
ret
IrpReadWrite endp
AddDevice proc pMyDriver : PDRIVER_OBJECT, pPhyDevice : PDEVICE_OBJECT
local pMyDevice : PDEVICE_OBJECT
local szDevName : UNICODE_STRING
local szSymName : UNICODE_STRING
invoke RtlInitUnicodeString, addr szDevName, $CTW0("\\Device\\MyDriver")
invoke RtlInitUnicodeString, addr szSymName, $CTW0("\\DosDevices\\MyDriver")
invoke IoCreateDevice, pMyDriver, sizeof MyDeviceExtension, addr szDevName, FILE_DEVICE_UNKNOWN, 0, FALSE, addr pMyDevice
.if eax == STATUS_SUCCESS
invoke IoAttachDeviceToDeviceStack, pMyDevice, pPhyDevice
.if eax != NULL
push eax
mov eax, pMyDevice
mov eax, (DEVICE_OBJECT ptr [eax]).DeviceExtension
pop (MyDeviceExtension ptr [eax]).pNextDevice
mov eax, pMyDevice
or (DEVICE_OBJECT ptr [eax]).Flags, DO_DIRECT_IO
and (DEVICE_OBJECT ptr [eax]).Flags, not DO_DEVICE_INITIALIZING
invoke IoCreateSymbolicLink, addr szSymName, addr szDevName
.endif
.endif
ret
AddDevice endp
Unload proc pMyDriver : PDRIVER_OBJECT
ret
Unload endp
IrpPnp proc pMyDevice : PDEVICE_OBJECT, pIrp : PIRP
local pDevExt : ptr
local szSymName : UNICODE_STRING
mov eax, pMyDevice
push (DEVICE_OBJECT ptr [eax]).DeviceExtension
pop pDevExt
IoGetCurrentIrpStackLocation pIrp
movzx eax, (IO_STACK_LOCATION ptr [eax]).MinorFunction
.if eax == IRP_MN_START_DEVICE
mov eax, pIrp
mov (_IRP ptr [eax]).IoStatus.Status, STATUS_SUCCESS
.elseif eax == IRP_MN_REMOVE_DEVICE
invoke RtlInitUnicodeString, addr szSymName, $CTW0("\\DosDevices\\MyDriver")
invoke IoDeleteSymbolicLink, addr szSymName
mov eax, pIrp
mov (_IRP ptr [eax]).IoStatus.Status, STATUS_SUCCESS
mov eax, pDevExt
invoke IoDetachDevice, (MyDeviceExtension ptr [eax]).pNextDevice
invoke IoDeleteDevice, pMyDevice
fastcall IofCompleteRequest, pIrp, IO_NO_INCREMENT
ret
.endif
IoSkipCurrentIrpStackLocation pIrp
mov eax, pDevExt
invoke IoCallDriver, (MyDeviceExtension ptr [eax]).pNextDevice, pIrp
ret
IrpPnp endp
DriverEntry proc pMyDriver : PDRIVER_OBJECT, pMyRegistry : PUNICODE_STRING
mov eax, pMyDriver
mov (DRIVER_OBJECT ptr [eax]).MajorFunction[IRP_MJ_PNP * (sizeof PVOID)], offset IrpPnp
mov (DRIVER_OBJECT ptr [eax]).MajorFunction[IRP_MJ_CREATE * (sizeof PVOID)], offset IrpOpenClose
mov (DRIVER_OBJECT ptr [eax]).MajorFunction[IRP_MJ_CLOSE * (sizeof PVOID)], offset IrpOpenClose
mov (DRIVER_OBJECT ptr [eax]).MajorFunction[IRP_MJ_WRITE * (sizeof PVOID)], offset IrpReadWrite
mov (DRIVER_OBJECT ptr [eax]).MajorFunction[IRP_MJ_READ * (sizeof PVOID)], offset IrpReadWrite
mov (DRIVER_OBJECT ptr [eax]).DriverUnload, offset Unload
mov eax, (DRIVER_OBJECT ptr [eax]).DriverExtension
mov (DRIVER_EXTENSION ptr [eax]).AddDevice, AddDevice
mov eax, STATUS_SUCCESS
ret
DriverEntry endp
end
完成