技术宅的结界

 找回密码
 立即注册→加入我们

QQ登录

只需一步,快速开始

搜索
热搜: 下载 VB C 实现 编写
查看: 732|回复: 1
收起左侧

简单的虚拟设备驱动 ramdisk masm32源码

[复制链接]

25

主题

86

帖子

1153

积分

用户组: 版主

UID
1821
精华
6
威望
57 点
宅币
887 个
贡献
36 次
宅之契约
0 份
在线时间
203 小时
注册时间
2016-7-12
发表于 2016-7-15 12:46:26 | 显示全部楼层 |阅读模式

欢迎访问技术宅的结界,请注册或者登录吧。

您需要 登录 才可以下载或查看,没有帐号?立即注册→加入我们

x
其余部分看附件 有bug
[Asm] 纯文本查看 复制代码
.code


DispatchAddDevice proc uses esi edi ebx pDriverObject:PDRIVER_OBJECT,TargetDevice:PDEVICE_OBJECT
	LOCAL DestinationString:UNICODE_STRING
	LOCAL SourceString:UNICODE_STRING
	LOCAL pDrvExt:DWORD
	LOCAL pDevObj:DWORD
	LOCAL DevExt:_DEVICE_EXTENSION_u
	
	
	$DbgPrint $CTA0("DispatchAddDevice\n")
	
	
	invoke IoGetDriverObjectExtension,pDriverObject,offset DriverEntry
	
	mov pDrvExt,eax

	
	.if DWORD ptr (_DRIVER_EXTENSION_u ptr [eax]).DeviceInitialized == TRUE

		mov edi,STATUS_DEVICE_ALREADY_ATTACHED	;0C0000038h
		jmp done0
	.endif
	
	lea esi,DevExt
	assume esi:ptr _DEVICE_EXTENSION_u
	
	invoke RtlZeroMemory,esi,SizeOf _DEVICE_EXTENSION_u
	

	invoke ExAllocatePoolWithTag,PagedPool,20,"2maR"
	mov [esi].DiskRegInfo.DriveLetter.Buffer,eax
	.if !eax
		mov edi,STATUS_INSUFFICIENT_RESOURCES	;0C000009Ah
		jmp done1
	.endif	
		
	mov [esi].DiskRegInfo.DriveLetter.MaximumLength,20

		
	invoke _QueryDiskRegParameters,pDrvExt,addr [esi].DiskRegInfo	
	
	
	invoke RtlInitUnicodeString,addr DestinationString,$CTW0("\\Device\\HarddiskVolumeRD")
	
	
	mov eax,[esi].DiskRegInfo.MediaType	;1~4
	


	.if eax==2	
		mov eax,0
		mov ecx,FILE_DEVICE_DISK	;7	
;	.elseif eax==1
;		mov eax,0
;		mov ecx,FILE_DEVICE_VIRTUAL_DISK ;24h
	.elseif eax==3
		mov eax,1	;FILE_REMOVABLE_MEDIA
		mov ecx,FILE_DEVICE_DISK	;7
	.elseif eax==4
		mov eax,5	;FILE_FLOPPY_DISKETTE or FILE_REMOVABLE_MEDIA
		mov ecx,FILE_DEVICE_DISK	;7
	.else
		mov edi,STATUS_INSUFFICIENT_RESOURCES	;0C000009Ah
		jmp done0				
	.endif
	
	or eax,FILE_DEVICE_SECURE_OPEN	;100h
	
	lea edx,pDevObj
	invoke IoCreateDevice,pDriverObject,\
						  SizeOf _DEVICE_EXTENSION_u,\		;DevExt size
						  addr DestinationString,\
						  ecx,\
						  eax,\
						  0,\
						  edx	  
						  
	.if eax < SDWORD ptr 0
		mov edi,eax
		invoke ExFreePoolWithTag,[esi].DiskRegInfo.DriveLetter.Buffer,0
		jmp done0
	.endif
		
		
	mov ebx,pDevObj
	assume ebx:ptr DEVICE_OBJECT
	
	
	mov esi,[ebx].DeviceExtension
	
	invoke RtlMoveMemory,esi,addr DevExt,sizeof _DEVICE_EXTENSION_u
	
	
	mov eax,TargetDevice
	
	mov [esi].TagDev,eax
	mov [esi].DeviceObject,ebx
	
	and dword ptr [esi].DevState,0
	
	invoke IoInitializeRemoveLockEx,addr [esi].RemoveLock,\
									"lmaR",\
									1,\
									0Ah,\
									SizeOf IO_REMOVE_LOCK

	or [ebx].Flags,DO_POWER_PAGABLE OR DO_DIRECT_IO; 2010h
	
	invoke KeInitializeSpinLock,addr [esi].Spinlock
	
	
	mov eax,[esi].DiskRegInfo.NumDevicePage
	.if !eax
		mov edi,STATUS_INSUFFICIENT_RESOURCES;0C000009Ah
		jmp done1
	.endif	
	
	mov [esi].MaxNumMDL,eax
	
	mov ecx,eax
	shl ecx,6		
	mov [esi].Cylinders,ecx
	
	mov ecx,[esi].DiskRegInfo.DisksizeM
	shl ecx,6	;1024*1024/512/32
	mov [esi].Tracks,ecx
	
	shl eax,2	;eax*4
	
	$DbgPrint $CTA0("Initialize Disk Space %d\n")
	invoke ExAllocatePoolWithTag,NonPagedPool,eax,"3maR"
	mov [esi].MDL,eax
	.if !eax
		invoke DeviceContextCleanup,ebx
		mov edi,STATUS_INSUFFICIENT_RESOURCES	;0C000009Ah
		jmp done1
	.endif
			
	mov ecx,[esi].MaxNumMDL
	shl ecx,2
	
	invoke RtlZeroMemory,eax,ecx
			
	invoke DeviceAllocMdl,esi	
	.if (eax < [esi].MaxNumMDL)
		mov edi,STATUS_INSUFFICIENT_RESOURCES;0C000009Ah
		jmp done1
	.endif	
	
	
	invoke DeviceLockPresentPage,esi,0	
	.if !eax
		mov edi,STATUS_INSUFFICIENT_RESOURCES;0C000009Ah
		jmp done1
	.endif
			
	invoke FormatDisk,ebx
		
	invoke ExAllocatePoolWithTag,PagedPool,2Eh,"4maR"
	mov [esi].SymbolicLinkName.Buffer,eax
	.if !eax
		mov edi,STATUS_INSUFFICIENT_RESOURCES;0C000009Ah
		jmp done1
	.endif
	
	.if [esi].DiskRegInfo.DriveLetter._Length
		invoke RtlInitUnicodeString,addr SourceString,$CTW0("\\DosDevices\\") 
		
		
		lea edi,[esi].SymbolicLinkName
		assume edi:PTR UNICODE_STRING
		
		mov ax,SourceString._Length
		mov [edi]._Length,ax
		mov [edi].MaximumLength,2Eh
		
		assume edi:nothing
		
		invoke RtlCopyUnicodeString,edi,addr SourceString
		invoke RtlAppendUnicodeStringToString,edi,addr [esi].DiskRegInfo.DriveLetter
		invoke IoCreateSymbolicLink,edi,addr DestinationString
		
		mov edi,eax
		.if eax < SDWORD ptr 0
			jmp done1
		.endif
		or dword ptr [esi].flag,1
	.endif
	
	invoke IoAttachDeviceToDeviceStack,pDevObj,TargetDevice
	mov [esi].LoDeviceObject,eax
	.if !eax
		mov edi,STATUS_NO_SUCH_DEVICE	;0C000000Eh
		jmp done1
	.endif
	
	mov eax,pDrvExt
	
	mov (_DRIVER_EXTENSION_u ptr [eax]).DeviceInitialized,TRUE	
	
	and [ebx].Flags,7Fh
	
	mov edi,STATUS_SUCCESS
	jmp done0
	
	assume esi:nothing
done1:	
	invoke DeviceContextCleanup,pDevObj		

done0:	
	$DbgPrint $CTA0("DeviceInitialize %08X\n"),edi
	mov eax,edi
	
;done:	
	ret
DispatchAddDevice endp

25

主题

86

帖子

1153

积分

用户组: 版主

UID
1821
精华
6
威望
57 点
宅币
887 个
贡献
36 次
宅之契约
0 份
在线时间
203 小时
注册时间
2016-7-12
 楼主| 发表于 2016-7-15 20:30:01 | 显示全部楼层
本帖最后由 Ayala 于 2018-7-31 20:20 编辑

原来附件没上传成功!

ramdisk.rar

612.18 KB, 下载次数: 2

本版积分规则

QQ|申请友链|Archiver|手机版|小黑屋|技术宅的结界 ( 滇ICP备16008837号|网站地图

GMT+8, 2018-11-18 05:53 , Processed in 0.079855 second(s), 15 queries , Gzip On, Memcache On.

Powered by Discuz! X3.2

© 2001-2013 Comsenz Inc.

快速回复 返回顶部 返回列表