對於驅動程式的安裝工具,司徒目前使用NuMega公司製作的EzDriverInstaller,將main.sys和main.inf放在同一個目錄並執行EzDriverInstaller,選擇File => Open...(開啟main.inf檔案),接著按Add New Device就可以在DbgView上面看到輸出訊息
Device Manager
Device Object
參考資訊:
https://wasm.in/
http://four-f.narod.ru/
https://github.com/steward-fu/ddk
使用Assembly語言寫驅動程式是一件相當挑戰的事情,畢竟討論資源相對稀少,加上Assembly語言的可讀性比C/C++差以及Microsoft提供的Include及範例程式都是以C/C++語言為主,因此,比較少人想要使用Assembly語言開發驅動程式,雖然比較乏味、難度也比較高,不過若能排除這個困難,使用組合語言寫出一支WDM驅動程式,細心品味Assembly語言的優雅,那將是一件意義非凡的事情,Microsoft Assembly語言經過多次改進,目前已經可以支援高階語法,如:If、While、Struct等語法,越來越高階,所以不該再把Assembly語言,想像是落後的語言,想對每個細節的瞭解,Assembly語言還是最佳的選擇,司徒接著就介紹如何使用Assembly語言寫一支Hello, world!驅動程式,畢竟Hello, world!還是最經典以及簡單的入門首選
main.asm
.386p
.model flat, stdcall
option casemap:none
include c:\masm32\include\w2k\ntddk.inc
include c:\masm32\include\w2k\ntstatus.inc
include c:\masm32\include\w2k\ntoskrnl.inc
include c:\masm32\include\w2k\ntddkbd.inc
include c:\masm32\Macros\Strings.mac
public DriverEntry
.data
pNextDevice PDEVICE_OBJECT 0
.code
AddDevice proc pMyDriver : PDRIVER_OBJECT, pPhyDevice : PDEVICE_OBJECT
local pMyDevice : PDEVICE_OBJECT
local szDevName : UNICODE_STRING
invoke DbgPrint, $CTA0("Hello, world\:")
invoke RtlInitUnicodeString, addr szDevName, $CTW0("\\Device\\MyDriver")
invoke IoCreateDevice, pMyDriver, 0, addr szDevName, FILE_DEVICE_UNKNOWN, 0, FALSE, addr pMyDevice
invoke IoAttachDeviceToDeviceStack, pMyDevice, pPhyDevice
mov pNextDevice, eax
mov eax, pMyDevice
or (DEVICE_OBJECT ptr [eax]).Flags, DO_BUFFERED_IO
and (DEVICE_OBJECT ptr [eax]).Flags, not DO_DEVICE_INITIALIZING
mov eax, STATUS_SUCCESS
ret
AddDevice endp
Unload proc pMyDriver : PDRIVER_OBJECT
ret
Unload endp
IrpPnp proc pMyDevice : PDEVICE_OBJECT, pIrp : PIRP
IoGetCurrentIrpStackLocation pIrp
movzx eax, (IO_STACK_LOCATION ptr [eax]).MinorFunction
.if eax == IRP_MN_REMOVE_DEVICE
invoke IoDetachDevice, pNextDevice
invoke IoDeleteDevice, pMyDevice
fastcall IofCompleteRequest, pIrp, IO_NO_INCREMENT
ret
.endif
IoSkipCurrentIrpStackLocation pIrp
invoke IoCallDriver, pNextDevice, pIrp
ret
IrpPnp endp
DriverEntry proc pMyDriver : PDRIVER_OBJECT, pMyRegistry : PUNICODE_STRING
mov eax, pMyDriver
mov (DRIVER_OBJECT ptr [eax]).MajorFunction[IRP_MJ_PNP * (sizeof PVOID)], offset IrpPnp
mov (DRIVER_OBJECT ptr [eax]).DriverUnload, offset Unload
mov eax, (DRIVER_OBJECT ptr [eax]).DriverExtension
mov (DRIVER_EXTENSION ptr [eax]).AddDevice, AddDevice
mov eax, STATUS_SUCCESS
ret
DriverEntry endp
end
L60~66:只有做Callback設定的動作,需要設定AddDevice、PNP、DriverUnload這三個Callback
L22~36:產生一個Device Object,用來管理新加入的裝置(純軟體虛擬裝置也算),接著初使化相關旗標
L44~56:主要處理移除Device Object的動作,其餘Irp不處理,直接往下傳遞
main.inf
[Version] Signature=$CHICAGO$ Class=Unknown Provider=%MFGNAME% DriverVer=8/21/2019,1.0.0.0 [Manufacturer] %MFGNAME%=DeviceList [DeviceList] %DESCRIPTION%=DriverInstall, *MyDriver [DestinationDirs] DefaultDestDir=10,System32\Drivers [SourceDisksFiles] main.sys=1,,, [SourceDisksNames] 1=%INSTDISK%,,, [DriverInstall.NT] CopyFiles=DriverCopyFiles [DriverCopyFiles] main.sys,,,2 [DriverInstall.NT.Services] AddService=FILEIO,2,DriverService [DriverService] ServiceType=1 StartType=3 ErrorControl=1 ServiceBinary=%10%\system32\drivers\main.sys [DriverInstall.NT.HW] AddReg=DriverHwAddReg [DriverHwAddReg] HKR,,SampleInfo,,"" [DriverInstall] AddReg=DriverAddReg CopyFiles=DriverCopyFiles [DriverAddReg] HKR,,DevLoader,,*ntkern HKR,,NTMPDriver,,main.sys [DriverInstall.HW] AddReg=DriverHwAddReg [Strings] MFGNAME="MyDriver" INSTDISK="MyDriver Disc" DESCRIPTION="MyDriver"
編譯
"c:\masm32\bin\ml.exe" /c /coff /Cp /Zi /Zd main.asm "c:\masm32\bin\link.exe" main.obj /driver /base:0x10000 /debug /debugtype:cv /pdb:main.pdb /subsystem:native /entry:DriverEntry "c:\masm32\lib\wxp\i386\ntoskrnl.lib" /out:main.sys
在開始安裝驅動程式之前,需要先下載除錯工具,讓驅動程式的Debug訊息可以顯示在除錯工具上面,目前最佳的Debug輸出訊息工具是DbgView,該公司目前已經被Microsoft併購,所以可以從Microsoft網站下載,下載完後執行DbgView並將Capture => Capture Kernel選項打勾,接著重啟DbgView
對於驅動程式的安裝工具,司徒目前使用NuMega公司製作的EzDriverInstaller,將main.sys和main.inf放在同一個目錄並執行EzDriverInstaller,選擇File => Open...(開啟main.inf檔案),接著按Add New Device就可以在DbgView上面看到輸出訊息
Device Manager
Device Object