Loading drivers and Native applications from kernel mode, without touching registry
;below code loads the driver in memory
loaddriver:
mov dword [Stack],esp //save stack
;paramters as always are passed in reverse
push DWORD Driverbase ;it stores driver base
push DWORD ImageHandle ;it stores section handle
push dword 0
push dword 0
push dword 0
push DWORD U_STRINGloc ;it points to unicode string containing driver to load
mov edi, 0x805c03ae ;MmLoadSystemImage address function on Win XP SP0 English version,(OS and SP dependent data)
call edi
cmp eax,0 ;check whether driver loaded successfully in memory
jne drivernotloaded ; if loading failed, exit without calling entrypoint
;since driver has loaded successfully call its init function both parameters are passed 0
mov DWORD edi, [Driverbase]
mov DWORD ebx ,[edi + 0x3c] ;to get offset of optional header
mov dword ebx,[edi + ebx + 0x18 + 0x10] ; to get entry point ofset from base of code
add edi ,ebx ; add base + entry point to get entry point in memory
push 0 ;
push 0
call edi ;call entry point (Driver Entry in case of Drivers)
drivernotloaded:
mov dword esp,[ Stack] ; correct stack so as execution continues
ret
; Here data and/or variables are stored
; This is the driver to load including path name
;
db 0x5c,0x00,0x44,0x00,0x6f,0x00,0x73,0x00,0x44,0x00,0x65,0x00,0x76,0x00,0x69,0x00,0x63,0x00,0x65,0x00,0x73,0x00,0x5c,0x00
db 0x42,0x00,0x3a,0x00,0x5c,0x00,0x68,0x00,0x6f,0x00,0x6f,0x00,0x6b,0x00,0x61,0x00,0x2e,0x00,0x73,0x00,0x79,0x00,0x73,0x00,0x00,0x00
;it's used to store driver base address
Driverbase:
dd 0
;it's used to store section handle
ImageHandle:
dd 0;
;it is used to store Stack location
Stack:
dd 0
;structure used for unicode strings in memory
struc U_STRING
Length: resw 1
MaximumLength: resw 1
Buffer: resd 1
endstruc
}
//asm code ends here
相關推薦
Loading drivers and Native applications from kernel mode, without touching registry
__asm { ;below code loads the driver in memoryloaddriver: mov dword [Stack],esp //s
Node.js: Extend and Maintain Applications + large scale
ice node-js cati tran mysql- ood tin -c spa https://blog.risingstack.com/node-js-mysql-example-handling-hundred-gigabytes-of-data/ My se
[Rust] Pass a JavaScript Function to WebAssembly and Invoke it from Rust
his scrip wrap pro mis document java env load In some cases it’s useful to be able to invoke a JavaScript function inside Rust. Thi
CS 3640: Introduction to Networks and Their Applications
代寫CS 3640作業、代做Web Scraping作業、代寫HTML/CSS/web作業CS 3640: Introduction to Networks and Their Applications [Fall 2018]Assignment 4 | Web Scraping: Record and Re
[Rust] Load a WebAssembly Function Written in Rust and Invoke it from JavaScript
In this lesson we are going to setup a project from scratch by introducing the JavaScript snippet to load a WebAssembly module. We demonstrate two differen
Taxi drivers and Lyft【數學】
Taxi drivers and Lyft CodeForces - 1075B Palo Alto is an unusual city because it is an endless coordinate line. It is also known for
Debugging programs with multiple processes with windbg’s kernel mode debugger
轉載自:http://www.vallejo.cc/2015/04/debugging-programs-with-multiple.html It’s common to reverse malware (or any type of software) that creates multip
Taxi drivers and Lyft
G - Taxi drivers and Lyft Palo Alto is an unusual city because it is an endless coordinate line. It is also known for the office of Lyft Le
Lyft Level 5 Challenge 2018-Final Round(Open Div.2) B. Taxi drivers and Lyft
http://codeforces.com/contest/1075/problem/B Palo Alto is an unusual city because it is an endless coordinate line. It is also known for the of
How to read version (and other) information from Android and iOS apps using Java
How to read version (and other) information from Android and iOS apps using Java https://medium.com/@mart.schneider/how-to-read-version-and-oth
核心態(Kernel Mode)與使用者態(User Mode)
核心態: CPU可以訪問記憶體所有資料, 包括外圍裝置, 例如硬碟, 網絡卡. CPU也可以將自己從一個程式切換到另一個程式 使用者態: 只能受限的訪問記憶體, 且不允許訪問外圍裝置. 佔用CPU的能力被剝奪, CPU資源可以被其他程式獲取 為什麼要有使用者態和核心態
Inheritance setUp() and tearDown() methods from Classsetup() and Classteardown
I have a general test class in my nosetests suit and some sub-classes, inheriting from it. The config is likewise: class CGeneral_
Final Round (Open Div. 2) B. Taxi drivers and Lyft
題意:根據就近原則為taxi分配乘客(且乘客與兩輛taxi距離相同時,選擇座標位置小的taxi。最後計算每輛taxi需要搭載的乘客總數。 分析:按座標位置從小到大遍歷即可求出:每位乘客左邊 (pos(taxi)< pos(people)) 距離最近的tax
T industrial m2m ornado rages through NRW, injuring two and ripping roofs from houses
www.inhandnetworks.de After a tornado swept through the Lower Rhine region of North Rhine-WL2TP Industrie Routerestphalia on Wednes
Embedded System and Linux Applications
由於經常進行Linux下的程式設計開發,因此我選擇安裝桌面版的Ubuntu。由於Ubuntu是一個多國語言的作業系統,因而不可能自帶太多字型,預設安裝中文字型只有一種“文泉驛正黑”,這種字型清晰度不夠,視覺感較差,使得中文版的Ubuntu介面效果大打折扣,在瀏覽網頁時Fire
An AI Designed to Smell and Detect Illness from Human Health
Artificial intelligence (AI) researchers, specifically, a data science team from the Loughborough University are developing a model that has the extraordin
A comparison of Server Side Rendering in React and Angular applications
Handling API calls with SSRSince no application is complete without API calls, we will also implement a sample api call to fetch data from https://jsonplac
Notes and technical questions from interviewing as a Data Scientist in 2018
Notes and technical questions from interviewing as a Data Scientist in 2018After almost three years at Jobr/Monster, I have decided to leave to pursue a di
How to distribute your own Android library through jCenter and Maven Central from Android Studio
In Android Studio, if you wish to include any library to your application. You could just simply add a following line of dependency in mo
Toad Orgies, Underwater AC, and Other Stories From the Storm
This story is for Medium members.Continue with FacebookContinue with GoogleMedium curates expert stories from leading publishers exclusively for members (w