Thread: Ill bcome crazy with damn driver!
View Single Post
  #7  
Old 06-24-2004, 16:17
DaGoN DaGoN is offline
Friend
  
Join Date: Jan 2004
Posts: 45
Rept. Given: 15
Rept. Rcvd 6 Times in 4 Posts
Thanks Given: 25
Thanks Rcvd at 18 Times in 7 Posts
DaGoN Reputation: 6
LordPe reduce the file size and optimize it but the result is always the same: It doesnt work.
Lordpe result: Validate Pe image... done.

Try it, its strange, seem that there is a check from the system before driver start.

my test
bc *
bpx IoAllocateDriverObjectExtension
start service
softice break
bpx @esp (bpx on caller)
bd 00
x
sofice break here:
Quote:
::::::::::::::: ENTRY POINT :::::::::::::::::::::
INIT:00018500 push ebp
INIT:00018501 mov ebp, esp
INIT:00018503 push esi
INIT:00018504 mov esi, [ebp+arg_0]
INIT:00018507 lea eax, [ebp+arg_0]
INIT:0001850A push eax
INIT:0001850B push 10h
INIT:0001850D push offset start
INIT:00018512 push esi
INIT:00018513 call ds:IoAllocateDriverObjectExtension
INIT:00018519 test eax, eax <---- good all works fine (ramdisk process)
INIT:0001851B jl loc_185DA
INIT:00018521 mov ecx, [ebp+arg_0]
INIT:00018524 push edi
INIT:00018525 mov edi, [ebp+arg_4]
INIT:00018528 mov ax, [edi]
INIT:0001852B mov [ecx], ax
INIT:0001852E mov ax, [edi+2]
...
...
i change a char
bc *
bpx IoAllocateDriverObjectExtension
i restart the service
softice doesnt break anymore

DaGoN
Reply With Quote